# support-fegmigrate.pages.dev — SUSPICIOUS > support-fegmigrate.pages.dev is a live crypto drainer mimicking a migration portal. It’s already flagged by just 1 of 95 VirusTotal scanners. ## Summary PhishDestroy has identified support-fegmigrate.pages.dev as an active crypto-draining phishing page hosted under Cloudflare Pages. When visited, the site masquerades as a legitimate “FEG migration tool” to trick users into connecting cryptocurrency wallets and authorizing malicious token-transfer approvals. Wallet infections typically result in near-instant draining of tokens via ERC-20, BEP-20, and Polygon drainer scripts embedded in the page’s JavaScript payload. Because the domain leverages Cloudflare’s edge network and a Google Trust Services–issued TLS certificate, users cannot rely on HTTPS indicators alone, reinforcing the need for independent verification before any wallet interaction. This domain is freshly weaponized: it arrived on-scene on 2024-05-08, registered through Cloudflare, Inc. VirusTotal confirms detection by only 1 out of 95 participating security engines, leaving most endpoint scanners blind. The IP behind support-fegmigrate.pages.dev is 172.66.44.84, a Cloudflare IP associated with Pages deployments. The page is already flagged across three community and vendor blocklists, including ScamSniffer, Enkrypt, and OISD, underscoring its harmful reputation within threat-intel feeds. If you visited or entered any wallet connection requests on support-fegmigrate.pages.dev, immediately revoke unauthorized permissions through your wallet’s “connected apps” or “recent activity” panel. Disconnect the site and check for outgoing token transfers under 0.001 ETH or stablecoin equivalents. Consider moving remaining funds to a new wallet generated offline. Report the domain to PhishDestroy for collective defense and share its hash (seed f3646b) to help others avoid the same trap. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: Cloudflare, Inc. - IP: 172.66.44.84 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 3 hits Lists: ["ScamSniffer", "Enkrypt", "OISD"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/b8982206-1388-4897-857a-dea2acd8e00d - PhishDestroy: https://phishdestroy.io/domain/support-fegmigrate.pages.dev/ - LLM endpoint: https://phishdestroy.io/domain/support-fegmigrate.pages.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/support-fegmigrate.pages.dev/ Last updated: 2026-03-30