# aoerodrome.finance — MALICIOUS — Crypto Drainer (Ice Phishing)

> aoerodrome.finance is a crypto phishing site flagged for draining wallets. Avoid interacting; site is now offline to protect users.

## Summary
PhishDestroy identifies aoerodrome.finance as a medium-risk crypto drainer domain, recently taken offline after appearing on multiple security blocklists. This site posed a financial threat by targeting cryptocurrency users, aiming to steal digital assets through fraudulent means. Despite its offline status, the domain's history highlights the ongoing risks associated with crypto phishing scams.

This phishing operation utilized the Ice Phishing drainer kit, a malicious tool designed to trick victims into revealing private keys or wallet credentials. By masquerading as a legitimate financial service, it lured users to input sensitive information, which attackers then exploited to drain cryptocurrency accounts. The domain resolved to IP 198.18.2.232 and was detected in threat intelligence platforms like AlienVault OTX, signaling active monitoring by cybersecurity communities.

Users should remain vigilant and avoid visiting suspicious cryptocurrency-related domains. If exposed to such a phishing attempt, immediately cease all transactions and change wallet credentials using secure devices. Employ strong, unique passwords and enable two-factor authentication where possible. Regularly consult trusted security sources like PhishDestroy.io to stay informed about emerging threats and maintain safe crypto practices.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Ice Phishing)
- Site status: dead (HTTP 403)
- Drainer type: Ice Phishing

## Domain Intelligence
- Registrar: Tucows Domains Inc.
- IP: 188.114.96.3
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["ns1.renewyourname.net", "ns2.renewyourname.net"]
- SSL Issuer: GoDaddy.com, Inc. / Go Daddy Secure Certificate Authority - G2

## Detection Status
- VirusTotal: 7 vendors flagged
  Vendors: ["alphaMountain.ai", "CRDF", "CyRadar", "Fortinet", "Kaspersky", "Trustwave", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 5 hits
  Lists: ["PhishDestroy", "ScamSniffer", "Polkadot", "Enkrypt", "Codeesura"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0198861c-2832-731e-9183-12249f2e95af.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/96eb5f68-954c-4345-85a7-ddbd7df131e1
- Wayback Machine: https://web.archive.org/web/https://aoerodrome.finance
- PhishDestroy: https://phishdestroy.io/domain/aoerodrome.finance/
- LLM endpoint: https://phishdestroy.io/domain/aoerodrome.finance/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/aoerodrome.finance/
Last updated: 2026-03-19