# aerodrome-snapshot.xyz — SUSPICIOUS > Warning: aerodrome-snapshot.xyz is a crypto drainer phishing site with 0/95 VirusTotal detections. Verify if this domain is safe on PhishDestroy now. ## Summary PhishDestroy identifies aerodrome-snapshot.xyz as a high-risk crypto drainer phishing domain posing as a legitimate service. This domain was flagged due to its recent registration, suspicious SSL certificate, and lack of detection on VirusTotal. Users should avoid interacting with this site to prevent financial loss. PhishDestroy's analysis reveals that aerodrome-snapshot.xyz resolves to IP 188.114.96.3, a known malicious hosting infrastructure. The domain was created on March 29, 2026, a suspiciously recent date that suggests opportunistic registration. VirusTotal currently reports 0/95 detections, meaning traditional antivirus tools have not yet flagged this domain. The domain is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar often exploited by threat actors for bulletproof hosting. Additionally, the use of a Let's Encrypt SSL certificate further legitimizes the appearance of this fraudulent site. This domain specifically targets cryptocurrency users by impersonating Aerodrome Finance or a related DeFi protocol. The threat level is marked as 'active' and 'under_investigation' due to the evolving nature of crypto drainer campaigns. If you have visited aerodrome-snapshot.xyz, immediately revoke any wallet permissions and transfer funds to a secure wallet. Run a malware scan on your device and monitor for unauthorized transactions. Report this domain to PhishDestroy to help prevent others from falling victim to this scam. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-29 23:31:35 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/03ab698a-c30c-4ba6-afda-1719aea61b49 - PhishDestroy: https://phishdestroy.io/domain/aerodrome-snapshot.xyz/ - LLM endpoint: https://phishdestroy.io/domain/aerodrome-snapshot.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/aerodrome-snapshot.xyz/ Last updated: 2026-03-30