# aaveqrcode.top — SUSPICIOUS

> The domain aaveqrcode[.]top has been identified as a phishing site targeting Aave users. This fraudulent website attempts to steal cryptocurrency wallet credentials and seed phrases. Our analysis detected 3 risk indicators. Stay protected with PhishDestroy threat intelligence.

## Summary
Threat Overview
The domain aaveqrcode[.]top has been identified as a phishing website designed to impersonate Aave. This malicious site targets cryptocurrency users by creating a convincing replica of the legitimate Aave platform.
Attack Vector
The phishing site attempts to trick users into connecting their wallets or entering their seed phrases and private keys. Once captured, the attackers use these credentials to drain victims' cryptocurrency holdings.
Risk Indicators

- Domain registered on a suspicious TLD (top)
- Contains brand keywords associated with Aave
- Domain length: 14 characters
- Uses a TLD frequently associated with malicious domains
- Vt Detected
- Drainer Detected

Recommendations
Always access Aave through the official website. Never enter your seed phrase or private keys on any website. Use hardware wallets for additional security.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: alive (HTTP 530)
- Target brand: Aave
- Page title: AAVE QRcode

## Domain Intelligence
- Registered: 2026-03-12 21:07:01
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- Country: HK
- IP: 188.114.97.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: cesar.ns.cloudflare.com teresa.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 1 vendors flagged
  Vendors: ["Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019ce376-37f0-700a-ba67-e2a1ae4f4b7d.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/1d27e920-d5a7-4ea7-a139-cab68f3de39e
- PhishDestroy: https://phishdestroy.io/domain/aaveqrcode.top/
- LLM endpoint: https://phishdestroy.io/domain/aaveqrcode.top/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/aaveqrcode.top/
Last updated: 2026-03-16