# get-aerodrome.xyz — SUSPICIOUS > PhishDestroy identifies get-aerodrome.xyz as a generic phishing domain resolved to IP 172.67.165.135; users should avoid entering credentials or personal data. ## Summary PhishDestroy detects active generic phishing operations on get-aerodrome.xyz. The domain was registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and resolves to IP 172.67.165.135, a hosting address flagged for abuse in multiple threat feeds. Domain creation on March 30, 2026, combined with a Let’s Encrypt SSL certificate, suggests an attempt to appear legitimate to unsuspecting visitors. As of this analysis, VirusTotal reports 0/95 detections, indicating the domain has not yet been widely blacklisted, leaving users vulnerable to credential harvesting and fraudulent transactions. The absence of detections highlights the need for proactive monitoring and rapid takedown interventions to prevent escalation. This domain exhibits multiple red flags across key threat intelligence indicators. VirusTotal scored the domain 0/95 detections as of seed 5aeea4, indicating no antivirus engines currently flag it despite behavioral anomalies consistent with phishing. The domain was registered by NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar frequently abused for bulletproof hosting and disposable domains. The IP 172.67.165.135 is hosted on Cloudflare infrastructure, a common choice among threat actors to obfuscate origin and evade blocking. The domain was created on March 30, 2026, less than 48 hours prior to analysis, suggesting a newly launched campaign with minimal reputation history. No presence on major blocklists or threat intelligence platforms was detected at the time of evaluation, reinforcing the importance of real-time domain reputation monitoring and preemptive blocking strategies. To mitigate risk from get-aerodrome.xyz and similar emerging phishing domains, users should immediately block the domain and associated IP 172.67.165.135 via DNS filtering or host file entries. Organizations are advised to deploy browser and email security policies that flag newly registered domains with minimal reputation scores. Security teams should monitor Certificate Transparency logs for newly issued SSL certificates linked to this domain and revoke trust via browser or endpoint policies. Immediate takedown requests should be submitted to hosting providers and registrars using the abuse contacts derived from WHOIS data. Users who may have already interacted with the domain must assume credential compromise and initiate password resets and multi-factor authentication enrollment without delay. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-30 19:48:02 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 172.67.165.135 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/26a0ebb6-b838-4377-b63c-e6cdc14dd44f - PhishDestroy: https://phishdestroy.io/domain/get-aerodrome.xyz/ - LLM endpoint: https://phishdestroy.io/domain/get-aerodrome.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/get-aerodrome.xyz/ Last updated: 2026-03-30