# migration-anyoneio.pages.dev — MALICIOUS > Learn why migration-anyoneio.pages.dev is a crypto drainer phishing site flagged by 10/95 VirusTotal scanners. Immediate risk to crypto wallets. Do not interact. ## Summary PhishDestroy identifies migration-anyoneio.pages.dev as an active crypto drainer phishing domain designed to steal cryptocurrency assets from unsuspecting users. This malicious site leverages deceptive branding under the guise of a migration service to trick visitors into connecting their crypto wallets, where smart contract-based drainers automatically siphon funds upon authorization. The domain operates under Cloudflare's pages.dev subdomain structure, which is commonly abused by threat actors to host fraudulent pages with minimal friction. This domain was flagged by 10 out of 95 VirusTotal security vendors, indicating a significant but not universal detection rate. Cloudflare, Inc. is listed as the domain registrar, and the site resolves to IP address 188.114.96.3, which hosts multiple phishing campaigns. The Google Trust Services SSL certificate provides a false sense of legitimacy, masking the domain's true malicious intent. Such infrastructure is typical of opportunistic phishing operators who exploit free hosting and trusted certificate authorities to evade early detection. If you visited migration-anyoneio.pages.dev or connected a crypto wallet, disconnect the wallet immediately using your wallet's emergency disconnect feature. Revoke any unauthorized token approvals via reputable tools like revoke.cash or etherscan.io. Do not interact further with the site. Report the domain to your wallet provider and consider transferring remaining funds to a new wallet. Use antivirus tools to scan your device for malware, as crypto drainers often bundle keyloggers or trojans. Always verify URLs manually and use hardware wallets for high-value transactions. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 188.114.96.3 ## Detection Status - VirusTotal: 10 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/83055701-8c36-4460-ac30-2fea3950687d - PhishDestroy: https://phishdestroy.io/domain/migration-anyoneio.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/migration-anyoneio.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/migration-anyoneio.pages.dev/ Last updated: 2026-03-28