# app-aero.xyz — SUSPICIOUS

> PhishDestroy identifies app-aero.xyz as a live crypto phishing domain distributing fake wallet apps. Blocked by MetaMask and SEAL after just 1 day online.

## Summary
PhishDestroy assesses app-aero.xyz as an ACTIVE cryptocurrency phishing domain engaged in generic credential theft attempts. The site masquerades as a legitimate application, luring users into surrendering sensitive wallet credentials under the guise of routine authentication or software updates.  This domain was flagged by PhishDestroy after it appeared on 2 security blocklists and was independently blocked by MetaMask and SEAL. VirusTotal currently shows 0 detections out of 95 engines. The domain resolves to IP 104.21.77.60 and uses a Google Trust Services SSL certificate. It was registered on March 11, 2025 through Sav.com, LLC, indicating a very recent and likely opportunistic campaign.  Given the domain’s recent registration, low detection rate, and active blocking by major security platforms, users should treat app-aero.xyz as hostile and avoid interaction entirely. If accidentally accessed, users should immediately disconnect from the site, clear browser cache and cookies, and inspect wallet extensions for unauthorized permissions. Report the domain to your security team and consider revoking any exposed credentials or tokens. Organizations are advised to block the domain at DNS and firewall levels and update browser policies to include the IP and certificate issuer as indicators of compromise.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Page title: app-aero.xyz

## Domain Intelligence
- Registered: 2025-03-11 13:50:46
- Registrar: Sav.com, LLC
- IP: 104.21.77.60

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["SEAL", "MetaMask"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/f598951b-ceed-4c90-971f-42bb9c2b5174
- PhishDestroy: https://phishdestroy.io/domain/app-aero.xyz/
- LLM endpoint: https://phishdestroy.io/domain/app-aero.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/app-aero.xyz/
Last updated: 2026-03-24