# live-aerodrome.xyz — MALICIOUS > live-aerodrome.xyz is a generic phishing domain that mimics legitimate sites. 5/95 security vendors flag this domain—users should avoid it entirely. ## Summary PhishDestroy identifies live-aerodrome.xyz as a recently activated generic phishing domain designed to deceive users into surrendering sensitive credentials or payment data. The domain does not impersonate a specific brand, indicating a broad, opportunistic campaign targeting unsuspecting visitors. Threat intelligence suggests the use of a drainer kit to automate data exfiltration once victims interact with fraudulent forms or payment portals hosted on the site. This domain resolves to IP address 172.67.162.120 and was registered on March 31, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED. VirusTotal analysis confirms a detection rate of 5/95 security vendors, reflecting limited but concerning recognition of malicious intent. The domain employs a Let's Encrypt SSL certificate to enhance perceived legitimacy, while Google Safe Browsing (GSB) has not yet flagged it, and blocklist counts remain unverified at this time. These technical indicators collectively suggest a newly deployed but rapidly evolving threat infrastructure. As of this report, live-aerodrome.xyz remains active and poses an elevated risk to users who may encounter it through phishing emails, social media links, or malvertising. Immediate takedown requests have been escalated to the hosting provider and registrar. Users are strongly advised to avoid interaction with this domain, report any exposure to security teams, and verify URLs before entering sensitive information. While current defensive coverage is growing, the absence of widespread blocking underscores the need for heightened vigilance. The domain's recent creation and low initial detection rate indicate a potentially expanding campaign—prompt action is essential to mitigate exposure. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-31 01:24:10 - Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED - IP: 172.67.162.120 ## Detection Status - VirusTotal: 5 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/a1c7a9f9-e4e9-4250-aece-6356c5f66417 - PhishDestroy: https://phishdestroy.io/domain/live-aerodrome.xyz/ - LLM endpoint: https://phishdestroy.io/domain/live-aerodrome.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/live-aerodrome.xyz/ Last updated: 2026-03-31