# alignelayer.xyz — SUSPICIOUS > alignelayer.xyz identified as a crypto drainer phishing site with 3 out of 95 VirusTotal detections. Immediate investigation and blocking required. ## Summary PhishDestroy identifies alignelayer.xyz as an active crypto drainer operation posing significant risk to cryptocurrency users. This domain employs deceptive tactics to impersonate legitimate crypto services, specifically targeting wallet credentials and digital assets under the guise of a trusted platform. The elevated threat level reflects its confirmed malicious activity and ongoing attempts to deceive potential victims. Hosted infrastructure and domain characteristics align with known cryptocurrency theft campaigns designed to siphon funds from unsuspecting users. This domain exhibits multiple red flags across security platforms and technical indicators. VirusTotal reports detections from 3 out of 95 security vendors, indicating limited but concerning recognition of its malicious nature. The domain was registered through PDR Ltd. d/b/a PublicDomainRegistry.com on April 01, 2026, suggesting recent establishment. Infrastructure analysis reveals resolution to IP address 188.114.96.3, which is associated with malicious activities. Notably, the domain is blocked by Hagezi, a reputable threat intelligence feed, and holds a Let's Encrypt SSL certificate, which threat actors commonly exploit to appear legitimate. Creation within the last 30 days further reduces the opportunity for historical trust assessment, increasing the likelihood of malicious intent. The primary risk stems from its crypto drainer functionality, designed to surreptitiously extract funds from victims' digital wallets by deceiving them into connecting their wallets or entering credentials. The combination of recent registration, low detection ratio, and association with known malicious infrastructure elevates the risk of successful compromise. To mitigate exposure, organizations and individuals should immediately block alignelayer.xyz at the network perimeter and DNS level. Users are advised to avoid accessing the domain and verify the authenticity of any crypto-related platforms through official channels. Additionally, ensuring wallet software and browser extensions are up-to-date with threat intelligence feeds can prevent interactions with such malicious domains. Security teams should investigate any internal connections to IP 188.114.96.3 for potential compromise and scope the incident accordingly. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-01 14:47:35 - Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com - IP: 188.114.96.3 ## Detection Status - VirusTotal: 3 vendors flagged - Google Safe Browsing: clean - Blocklists: 1 hits Lists: ["Hagezi"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/alignelayer.xyz - PhishDestroy: https://phishdestroy.io/domain/alignelayer.xyz/ - LLM endpoint: https://phishdestroy.io/domain/alignelayer.xyz/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/alignelayer.xyz/ Last updated: 2026-04-09