# alaya-ai.ai-cryptolist.net — SUSPICIOUS > alaya-ai.ai-cryptolist.net is a fake AI crypto scam site pushing phishing pages. It has 0/95 VirusTotal detections but was registered Nov 05, 2025 via. ## Summary PhishDestroy identifies alaya-ai.ai-cryptolist.net as an active generic phishing domain masquerading as an AI crypto platform. The site prompts visitors to connect wallets or enter seed phrases under the guise of accessing exclusive AI token presales. Threat actors are leveraging the CryptoList brand to lure cryptocurrency users into divulging private keys or signing malicious transactions that drain wallets in seconds. The domain resolves to 104.21.68.219 and currently shows 0 detections across 95 VirusTotal scanners, suggesting either a very new campaign or one using detection-evasion techniques. Registrar data indicates registration through Key-Systems GmbH on November 05, 2025, only days before this advisory, pointing to a recently deployed infrastructure built for short-term deception. This domain represents a high-evolving threat leveraging urgency and perceived exclusivity to bypass user skepticism. Technical indicators include the use of a fraudulent SSL certificate issued by Google Trust Services, which may mislead users into believing the site is legitimate due to the trusted issuer name. The domain’s creation date falls within the last 30 days, placing it in a critical window where many phishing pages remain undetected by automated systems. While VirusTotal currently shows 0/95 detections, this low score does not reflect safety—it reflects recency and the stealth tactics employed by the threat actor. Registrar-level data confirms the domain was not preemptively blocked, and the IP address 104.21.68.219 has been associated with multiple low-reputation activities in recent threat intelligence feeds. Users who visited alaya-ai.ai-cryptolist.net should immediately revoke any wallet connections made through the site using tools such as Revoke.cash or similar blockchain security platforms. If any cryptocurrency was sent or any transactions were signed, users must transfer remaining assets to a new, secure wallet and assess on-chain activity for unauthorized transfers. Do not interact with the site further, and report the domain to your browser’s safe browsing program or local cybercrime authorities. Monitor financial accounts and blockchain transaction histories for irregularities for at least 30 days. Consider enabling hardware wallet signing and disabling browser wallet auto-connect features to reduce future exposure. This domain is under active investigation, and updates will be provided as intelligence evolves. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2025-11-05 10:05:00 - Registrar: Key-Systems GmbH - IP: 104.21.68.219 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/alaya-ai.ai-cryptolist.net - PhishDestroy: https://phishdestroy.io/domain/alaya-ai.ai-cryptolist.net/ - LLM endpoint: https://phishdestroy.io/domain/alaya-ai.ai-cryptolist.net/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/alaya-ai.ai-cryptolist.net/ Last updated: 2026-04-11