genesis.alignedfoundation.xyz Open in urlscan Pro
104.21.96.48 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://genesis.alignedfoundation.xyz/
Submission Tags: 0xscam
Submission: On December 24 via api (December 24th 2024, 6:08:31 pm UTC) from US — Scanned from CA

Summary HTTP 18 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 18 HTTP transactions. The main IP is 104.21.96.48, located in and belongs to CLOUDFLARENET, US. The main domain is genesis.alignedfoundation.xyz.
TLS certificate: Issued by WE1 on December 14th 2024. Valid for: 3 months.

This is the only time genesis.alignedfoundation.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Crypto (Crypto Exchange) GitHub (Online)

Domain & IP information

	IP Address	AS Autonomous System
3 10	104.21.96.48 104.21.96.48	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	3.215.63.58 3.215.63.58	14618 (AMAZON-AES) (AMAZON-AES)
2	76.223.55.101 76.223.55.101	16509 (AMAZON-02) (AMAZON-02)
3	151.101.1.229 151.101.1.229	54113 (FASTLY) (FASTLY)
18	6

10 104.21.96.48 (None, ) 3 redirects

ASN13335 (CLOUDFLARENET, US)

genesis.alignedfoundation.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.215.63.58 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-215-63-58.compute-1.amazonaws.com

bsc-dataseed2.bnbchain.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.55.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: aaf0e58824b44ab71.awsglobalaccelerator.com

bsc.rpc.blxrbdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.1.229 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	alignedfoundation.xyz 3 redirects genesis.alignedfoundation.xyz	2 MB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	67 KB
2	blxrbdn.com bsc.rpc.blxrbdn.com	407 B
2	bnbchain.org bsc-dataseed2.bnbchain.org	3 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	143 KB
18	5

	Domain	Requested by
10	genesis.alignedfoundation.xyz	3 redirects genesis.alignedfoundation.xyz
3	cdn.jsdelivr.net	genesis.alignedfoundation.xyz
2	bsc.rpc.blxrbdn.com	genesis.alignedfoundation.xyz
2	bsc-dataseed2.bnbchain.org	genesis.alignedfoundation.xyz
2	cdnjs.cloudflare.com	genesis.alignedfoundation.xyz
18	5

This site contains links to these domains. Also see Links.

Domain
github.com
docs.github.com
support.github.com

Subject Issuer	Validity	Valid
alignedfoundation.xyz WE1	`2024-12-14` - `2025-03-14`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
bnbchain.org Amazon RSA 2048 M03	`2024-05-08` - `2025-06-07`	a year	crt.sh
*.rpc.blxrbdn.com Amazon RSA 2048 M02	`2024-09-29` - `2025-10-28`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://genesis.alignedfoundation.xyz/
Frame ID: 9F7A82B67488F182D1E4E6D0A706482C
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to GitHub · GitHub

Detected technologies

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/npm/sweetalert2@([\d.]+)

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

18
Requests

72 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

2232 kB
Transfer

6828 kB
Size

1
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/

Search URL Search Domain Scan URL

URL: https://github.com/password_reset
Title: Forgot password?

Search URL Search Domain Scan URL

URL: https://github.com/join?return_to=%2Flogin%2Foauth%2Fauthorize%3Fclient_id%3Dov23li2qldsh16ugv4ko%26redirect_uri%3Dhttps%253a%252f%252fgenesis.github.alignedfoundation.org%252fauth%252fgithub%252fcallback%26response_type%3Dcode%26scope%3Dread%253auser%252cuser%253aemail%26state%3Df2c6cf8de32cf9804e46c3f64d43156adffdd1f5b34651&source=oauth
Title: Create an account

Search URL Search Domain Scan URL

URL: https://docs.github.com/site-policy/github-terms/github-terms-of-service
Title: Terms

Search URL Search Domain Scan URL

URL: https://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Title: Privacy

Search URL Search Domain Scan URL

URL: https://docs.github.com/
Title: Docs

Search URL Search Domain Scan URL

URL: https://support.github.com/
Title: Contact GitHub Support

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11

https://genesis.alignedfoundation.xyz/scripts/wallet-connect-v4.js?v=3 HTTP 302
https://genesis.alignedfoundation.xyz/static/scripts/wallet-connect-v4.js

Request Chain 12

https://genesis.alignedfoundation.xyz/scripts/bip39.js HTTP 302
https://genesis.alignedfoundation.xyz/static/scripts/bip39.js

Request Chain 14

https://genesis.alignedfoundation.xyz/styles/modal-12-seed.css HTTP 302
https://genesis.alignedfoundation.xyz/static/styles/modal-12-seed.css

Request Chain 15

https://genesis.alignedfoundation.xyz/styles/popup-6.css HTTP 302
https://genesis.alignedfoundation.xyz/static/styles/popup-6.css

Request Chain 17

https://genesis.alignedfoundation.xyz/scripts/wallet-connect-v4.js?v=3 HTTP 302
https://genesis.alignedfoundation.xyz/static/scripts/wallet-connect-v4.js

18 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
genesis.alignedfoundation.xyz/ 272 KB
53 KB 406ms
303ms Document
text/html 104.21.96.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://genesis.alignedfoundation.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05d6589bfa0e986128acccce998ba8f521250354a7056752ba312f8003374979

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8f7288b9b89fabae-YYZ
content-encoding: zstd
content-type: text/html; charset=utf-8
date: Tue, 24 Dec 2024 18:07:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PN4gz8CmqBoGS0HWf97tHTqF5R8YcnbOyM6RlO9CyI57ma0RVSoMBcu2RTWiG7%2FrSLHl3HKZcT30ZmqRRT%2BUF01YCptVfWWb8YVFU3qsbfsDtQSPqdDBa8x02D6QjT%2BJOdVCAH9dKyazsQEhXnXbMw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=24157&min_rtt=23627&rtt_var=4134&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4168&recv_bytes=4497&delivery_rate=571&cwnd=12000&unsent_bytes=0&cid=2962b75877bac009&ts=311&x=1" cfExtPri cfHdrFlush;dur=0
vary: accept-encoding

GET
H3 200 my_script.js Show response
genesis.alignedfoundation.xyz/static/ 1 KB
1 KB 281ms
281ms Script
application/javascript 104.21.96.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://genesis.alignedfoundation.xyz/static/my_script.js
Requested by: Host: genesis.alignedfoundation.xyz
URL: https://genesis.alignedfoundation.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c62e0ff5c029b43fc97f3db3df66c12d01822396da7e663357111dd972f6a3b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://genesis.alignedfoundation.xyz/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"1729519678.0-1497-48762359"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uX55FgcGD9JBvgrInzZYhSakXqMplhg5LC%2BiQ4G2s4ZXuPaNYU%2BHvHJWQtVuCdS7DrXVFR2Ch5HrDgCMNgE7BWVCyABDLhXWw2ZZ8F0YGA0vjQnBdxPOlFfyJkhoABy0c%2FSvjmfBLy7uc3waLWyOfw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=60463&min_rtt=23591&rtt_var=17268&sent=85&recv=49&lost=11&retrans=11&sent_bytes=72930&recv_bytes=6594&delivery_rate=76389&cwnd=5779&unsent_bytes=0&cid=2962b75877bac009&ts=653&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 24 Dec 2024 18:07:59 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename=my_script.js
vary: Accept-Encoding
last-modified: Mon, 21 Oct 2024 14:07:58 GMT
priority: u=1,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f7288bc0b5fabae-YYZ
server: cloudflare

GET
H3 200 drainer5.js Show response
genesis.alignedfoundation.xyz/static/ 5 MB
2 MB 639ms
638ms Script
application/javascript 104.21.96.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://genesis.alignedfoundation.xyz/static/drainer5.js
Requested by: Host: genesis.alignedfoundation.xyz
URL: https://genesis.alignedfoundation.xyz/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 320725b28ee46be52c21f061eabf6b65ce1c5f041927e29a77bf4da994d97270

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://genesis.alignedfoundation.xyz/

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"1734685514.502172-4986248-4075425079"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W7KTSW3HbYSGAs8lQkPZk9q82qKdIGOnGQdSo6xU9T%2FSKXzSNhYMzRg3emKxyar%2B8zx3xa1VGQSfGQSd3NUjcDPQuwZ3A7vseK%2FhgMJn4Jz0CcHzB89pzC3BDbubA6F7hfDh2rpgwveMwIkS1C0ZgA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=70857&min_rtt=23591&rtt_var=27958&sent=88&recv=52&lost=11&retrans=11&sent_bytes=74260&recv_bytes=7003&delivery_rate=31930&cwnd=5779&unsent_bytes=0&cid=2962b75877bac009&ts=1308&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 24 Dec 2024 18:08:00 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename=drainer5.js
vary: Accept-Encoding
last-modified: Fri, 20 Dec 2024 09:05:14 GMT
priority: u=1,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f7288bddd9fabae-YYZ
server: cloudflare

GET
H3 200 crypto-js.min.js Show response
cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/ 59 KB
20 KB 106ms
75ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.2.0/crypto-js.min.js

Requested by

Host: genesis.alignedfoundation.xyz
URL: https://genesis.alignedfoundation.xyz/static/drainer5.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

769a555de553babc35a3338f344dd7aa16260c93cea2c7db290707c90484e7cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://genesis.alignedfoundation.xyz/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "65384d58-4ca5"
age: 429632
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QV%2BzBcilOINJZbamHIiN2pZgAbr4gBOMDqd3x%2F1dduF0odJYNi5qjqFs2F7BORbxI5AyZAFmFDcVc0Iz4vqp09QXmdq5dN1Gsa5UVRpa1X9edUW9uIxuxNyuE%2F7xL3SU16MLw78F"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sun, 14 Dec 2025 18:08:23 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 24 Dec 2024 18:08:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 24 Oct 2023 23:03:52 GMT
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f728953fe14ab2a-YYZ
accept-ranges: bytes
access-control-allow-origin: *
content-length: 19621
server: cloudflare

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3933ad3ce64c98a9ed7eff8147d1e6245b82f325b9f2791f33282344a409a6f1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/jpeg

GET
H3 200 ethers.umd.min.js Show response
cdnjs.cloudflare.com/ajax/libs/ethers/5.6.9/ 719 KB
124 KB 35ms
34ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/ethers/5.6.9/ethers.umd.min.js

Requested by

Host: genesis.alignedfoundation.xyz
URL: https://genesis.alignedfoundation.xyz/static/drainer5.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

95c66625ee20f53d542e23dded002b021b24e9d28c3d193a076d45cba4dc8618

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "62ad87d5-1eb91"
age: 429580
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bLga6PIZHEnt8fd5w6XQ7UbzsWxn6Noul2R%2BEn0ahrUBJ%2FMqL8pSmKdERp6lNdrralYkGzS7PSUbGikqLJ%2B9jbBbhLY90%2FZ7ivrfbuJFESZP1evX9BDK8cmXwMVxBL%2FhwZC8omIp"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sun, 14 Dec 2025 18:08:23 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 24 Dec 2024 18:08:23 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 18 Jun 2022 08:07:49 GMT
vary: Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f7289550f59ab2a-YYZ
accept-ranges: bytes
access-control-allow-origin: *
content-length: 125841
server: cloudflare

OPTIONS
H2 204 /
bsc-dataseed2.bnbchain.org/ 0
0 238ms
44ms Preflight 3.215.63.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bsc-dataseed2.bnbchain.org/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.215.63.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-215-63-58.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://genesis.alignedfoundation.xyz
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 600
date: Tue, 24 Dec 2024 18:08:24 GMT
referrer-policy: origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

OPTIONS
H2 204 /
bsc.rpc.blxrbdn.com/ 0
0 494ms
46ms Preflight 76.223.55.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bsc.rpc.blxrbdn.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.55.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aaf0e58824b44ab71.awsglobalaccelerator.com
Software: nginx/1.26.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://genesis.alignedfoundation.xyz
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
date: Tue, 24 Dec 2024 18:08:25 GMT
server: nginx/1.26.2

POST
H2 200 / Show response
bsc-dataseed2.bnbchain.org/ 5 KB
3 KB 50ms
48ms Fetch
application/json 3.215.63.58
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://bsc-dataseed2.bnbchain.org/

Requested by

Host: genesis.alignedfoundation.xyz
URL: https://genesis.alignedfoundation.xyz/static/drainer5.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.215.63.58 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-215-63-58.compute-1.amazonaws.com

Software

Resource Hash

84266f098779cd6128d6c0c06c2e936c657e30e7382b341e65f3133a42a45057

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000; includeSubdomains
access-control-max-age: 600
content-encoding: br
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
x-nr-trace-id: 0bf913d8fdd135ff8bb5d1dc3f445b09
access-control-allow-origin: *
date: Tue, 24 Dec 2024 18:08:25 GMT
x-xss-protection: 1; mode=block
content-type: application/json; charset=utf-8
vary: Accept-Encoding
referrer-policy: origin-when-cross-origin
access-control-allow-headers: *

POST
H2 200 / Show response
bsc.rpc.blxrbdn.com/ 1 KB
407 B 301ms
301ms Fetch
application/json 76.223.55.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bsc.rpc.blxrbdn.com/
Requested by: Host: genesis.alignedfoundation.xyz
URL: https://genesis.alignedfoundation.xyz/static/drainer5.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.55.101 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aaf0e58824b44ab71.awsglobalaccelerator.com
Software: nginx/1.26.2 /
Resource Hash: fec1d10e2b74af11924842cfa31d7a09e997915bd912c35b15db0abc5d7abf13

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
content-length: 151
date: Tue, 24 Dec 2024 18:08:25 GMT
content-type: application/json
vary: Origin
server: nginx/1.26.2
access-control-allow-headers: Content-Type,Authorization,User-Agent

GET
H3 200 favicon.ico
genesis.alignedfoundation.xyz/ 272 KB
53 KB 451ms
450ms Other
text/html 104.21.96.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://genesis.alignedfoundation.xyz/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 05d6589bfa0e986128acccce998ba8f521250354a7056752ba312f8003374979

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

server: cloudflare
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=14Wg7HF5Yh2SCObSH63oBbuNP72V%2B7n%2BfLUB3ao132xqrB2w6edko4MMIuBDiwk%2F1kngAOCgJBmYdPhrnOFClBrO5qr09u1fkTGA0%2BWOQkmp0bbWGQPSCTNMWW8E%2BsFj%2FS5exgtIhGwohep0WBVUiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f72895aea89abae-YYZ
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2633584&min_rtt=23591&rtt_var=58012&sent=2268&recv=1102&lost=264&retrans=265&sent_bytes=2234795&recv_bytes=59768&delivery_rate=100309&cwnd=6779&unsent_bytes=0&cid=2962b75877bac009&ts=26252&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 24 Dec 2024 18:08:25 GMT
content-type: text/html; charset=utf-8
last-modified: Tue, 24 Dec 2024 18:08:25 GMT
vary: Accept-Encoding
priority: u=1,i

GET
H2 200 merkletree.js Show response
cdn.jsdelivr.net/npm/merkletreejs@latest/ 215 KB
47 KB 102ms
24ms Script
application/javascript 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/merkletreejs@latest/merkletree.js

Requested by

Host: genesis.alignedfoundation.xyz
URL: https://genesis.alignedfoundation.xyz/static/drainer5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

c277622a66901d9b5b7fa8765ce15798265c5e30d832e08c0d69157e28de7460

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"35cec-voDmHbahh9asSkpxmh+JmyyWCMA"
age: 19760
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Tue, 24 Dec 2024 18:08:25 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220103-FRA, cache-yyz4553-YYZ
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 47359
x-jsd-version: 0.4.0

GET

wallet-connect-v4.js
genesis.alignedfoundation.xyz/static/scripts/
Redirect Chain

https://genesis.alignedfoundation.xyz/scripts/wallet-connect-v4.js?v=3
https://genesis.alignedfoundation.xyz/static/scripts/wallet-connect-v4.js

0
0

GET
H3

200

bip39.js Show response
genesis.alignedfoundation.xyz/static/scripts/
Redirect Chain

https://genesis.alignedfoundation.xyz/scripts/bip39.js
https://genesis.alignedfoundation.xyz/static/scripts/bip39.js

254 KB
94 KB

613ms
613ms

Script
application/javascript

104.21.96.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://genesis.alignedfoundation.xyz/static/scripts/bip39.js
Protocol: H3
Server: 104.21.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea794648e6cfcdfe31005c8a4280eb430c28ed0052a9e1c529880a4cd81793c5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"1733990504.255494-259848-1003818747"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w7ql2%2Fmau0exjSqnq087EJwDK7E3EHXtNniXpZvH2QT2HmSihuiEqmVNgjDaME2cY%2FFeaNwOTjCcxryAvwk7k%2BXmSamh7jGFmzsB3qlbY692H8dDWkfFwnWH55YZQg0ELHvvqhmBxU4aqbBZ64OpdA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=973200&min_rtt=23591&rtt_var=192149&sent=2357&recv=1151&lost=273&retrans=273&sent_bytes=2319249&recv_bytes=63143&delivery_rate=62805&cwnd=5585&unsent_bytes=0&cid=2962b75877bac009&ts=26979&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 24 Dec 2024 18:08:25 GMT
content-type: application/javascript; charset=utf-8
content-disposition: inline; filename=bip39.js
vary: Accept-Encoding
last-modified: Thu, 12 Dec 2024 08:01:44 GMT
priority: u=3,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f72895e8d36abae-YYZ
server: cloudflare

Redirect headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location: /static/scripts/bip39.js
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sElot42xrgVo9aEWCdXdbDZlCspCud7XMAtXpaVzKZORErs4EypoZlMMUa4Y5q1McNG1n1iMx4LPvT0jUBsVed%2BQggbYvDC5js5gVzs%2FrjmWbaHAwEH3SK4OETOwcNIZZdzdiIvTVqL2NjCoDOSnag%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f72895ccbeeabae-YYZ
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1460754&min_rtt=23591&rtt_var=1156273&sent=2286&recv=1108&lost=265&retrans=266&sent_bytes=2254445&recv_bytes=60044&delivery_rate=281899&cwnd=5585&unsent_bytes=0&cid=2962b75877bac009&ts=26374&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 24 Dec 2024 18:08:25 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
priority: u=3,i=?0

GET
H2 200 autocomplete.min.js Show response
cdn.jsdelivr.net/npm/autocompleter@9.2.1/ 6 KB
2 KB 157ms
80ms Script
application/javascript 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/autocompleter@9.2.1/autocomplete.min.js

Requested by

Host: genesis.alignedfoundation.xyz
URL: https://genesis.alignedfoundation.xyz/static/drainer5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ad210c53d6d3b61146779594a306e0d0f48272ebf884284700613baa05919c74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"1778-T/efyFDYUSEmqnfjRzQWaoXGxew"
age: 619746
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Tue, 24 Dec 2024 18:08:25 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230172-FRA, cache-yyz4553-YYZ
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2102
x-jsd-version: 9.2.1

GET
H3

200

modal-12-seed.css
genesis.alignedfoundation.xyz/static/styles/
Redirect Chain

https://genesis.alignedfoundation.xyz/styles/modal-12-seed.css
https://genesis.alignedfoundation.xyz/static/styles/modal-12-seed.css

29 KB
6 KB

443ms
442ms

Stylesheet
text/css

104.21.96.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://genesis.alignedfoundation.xyz/static/styles/modal-12-seed.css
Protocol: H3
Server: 104.21.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3457317dd30b5da56a84c62342b66e60acaaa1641b210916f6c23216b558b4cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"1733990504.259494-29381-3219001799"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4UtTWhm%2FyL%2F1ZR%2BmzeXdC20zjZD1827zsXw2hitABt3LjYSRsY6byiJMr3LE7E4aiBiItezXZnvGqSPl3hS46LvrZhVBbUCiC8OLFX553H7zYPTzYp0oxbfgL9hseXNidPDoHu2e1ZuJcXPRFBOW%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=752107&min_rtt=23591&rtt_var=47846&sent=2338&recv=1143&lost=271&retrans=271&sent_bytes=2301111&recv_bytes=62773&delivery_rate=123482&cwnd=5585&unsent_bytes=0&cid=2962b75877bac009&ts=26820&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 24 Dec 2024 18:08:25 GMT
content-type: text/css; charset=utf-8
content-disposition: inline; filename=modal-12-seed.css
vary: Accept-Encoding
last-modified: Thu, 12 Dec 2024 08:01:44 GMT
priority: u=0,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f72895e8d3cabae-YYZ
server: cloudflare

Redirect headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location: /static/styles/modal-12-seed.css
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I1eYVMqlt%2FPOtkIPglWVB%2FcZN%2FDBXaombX4HBkDzn0gmD8QPF%2BHmHMLosH52%2FKGrvrYxvZEOdM9rHCiLKId91YcJXZYfYx3wCcBW53Bw%2F%2FFML6HMna2MpBQ8c1SWinnKNh7Ya%2Bvg1%2FATN8yomxo5vQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f72895ccbefabae-YYZ
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1345715&min_rtt=23591&rtt_var=1097284&sent=2288&recv=1109&lost=265&retrans=266&sent_bytes=2256304&recv_bytes=60091&delivery_rate=146215&cwnd=5585&unsent_bytes=0&cid=2962b75877bac009&ts=26379&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 24 Dec 2024 18:08:25 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
priority: u=0,i=?0

GET
H3

200

popup-6.css
genesis.alignedfoundation.xyz/static/styles/
Redirect Chain

https://genesis.alignedfoundation.xyz/styles/popup-6.css
https://genesis.alignedfoundation.xyz/static/styles/popup-6.css

51 KB
12 KB

549ms
548ms

Stylesheet
text/css

104.21.96.48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://genesis.alignedfoundation.xyz/static/styles/popup-6.css
Protocol: H3
Server: 104.21.96.48 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4f2ea8a9fae0fe006897e4d5907c3677086ab3d476e308e2a6a43f43ca8ffaf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: zstd
cf-cache-status: MISS
etag: W/"1733990504.259494-52194-1563037683"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qyqGyV7kO1Q3SdMbP1XchBG7kzc60tGHKjrc4gQjTQzZdN7uGjIehpH1i7BXHfPvRN0SC6uGh%2F6PiRtareRxaLMQaZbJYIf%2BkNnzVte7jVCwx6FYiJSRVieO%2BsNZUBTJ8Cu7WLTgOBUXNfhl7t4wqw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=866323&min_rtt=23591&rtt_var=166796&sent=2346&recv=1147&lost=272&retrans=272&sent_bytes=2308988&recv_bytes=62958&delivery_rate=101223&cwnd=5585&unsent_bytes=0&cid=2962b75877bac009&ts=26927&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 24 Dec 2024 18:08:25 GMT
content-type: text/css; charset=utf-8
content-disposition: inline; filename=popup-6.css
vary: Accept-Encoding
last-modified: Thu, 12 Dec 2024 08:01:44 GMT
priority: u=0,i=?0
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f72895e8d3babae-YYZ
server: cloudflare

Redirect headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location: /static/styles/popup-6.css
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A9dNxpYwLmz0Y1mw7S1WCzOTDuDDeHF6rfhLQZVpRodN8z34uXwkVS9%2BzQ%2Foabuti7eGpkQclJ%2ByipwnOO6pCiryGpICgBX5cTYnus0AFxufomDfagcFKn5v2vLcgGgAB2DOyz7ZmFkyH54sDqaZVw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f72895ccbf0abae-YYZ
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1345715&min_rtt=23591&rtt_var=1097284&sent=2287&recv=1109&lost=265&retrans=266&sent_bytes=2255372&recv_bytes=60091&delivery_rate=146215&cwnd=5585&unsent_bytes=0&cid=2962b75877bac009&ts=26379&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 24 Dec 2024 18:08:25 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
priority: u=0,i=?0

GET
H2 200 sweetalert2@11 Show response
cdn.jsdelivr.net/npm/ 71 KB
18 KB 101ms
25ms Script
application/javascript 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/sweetalert2@11

Requested by

Host: genesis.alignedfoundation.xyz
URL: https://genesis.alignedfoundation.xyz/static/drainer5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

be4607a6dcff84bde41bd1d5a651aeb8a246a51277d5fb71906520e2e9437829

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"11bcf-e4vMGoTTdrGUenXLa3iDDtWH0ew"
age: 17410
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Tue, 24 Dec 2024 18:08:25 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-eddf8230029-FRA, cache-yyz4553-YYZ
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18752
x-jsd-version: 11.15.3

GET

wallet-connect-v4.js
genesis.alignedfoundation.xyz/static/scripts/
Redirect Chain

https://genesis.alignedfoundation.xyz/scripts/wallet-connect-v4.js?v=3
https://genesis.alignedfoundation.xyz/static/scripts/wallet-connect-v4.js

0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: genesis.alignedfoundation.xyz
URL: https://genesis.alignedfoundation.xyz/static/scripts/wallet-connect-v4.js

Domain: genesis.alignedfoundation.xyz
URL: https://genesis.alignedfoundation.xyz/static/scripts/wallet-connect-v4.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Crypto (Crypto Exchange) GitHub (Online)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			genesis.alignedfoundation.xyz/	1970-01-21 11:33:43	Name: gacfxdn1x7 Value: Z1H1h0xnkEbMpFz

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bsc-dataseed2.bnbchain.org
bsc.rpc.blxrbdn.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
genesis.alignedfoundation.xyz
genesis.alignedfoundation.xyz
104.17.24.14
104.21.96.48
151.101.1.229
3.215.63.58
76.223.55.101
05d6589bfa0e986128acccce998ba8f521250354a7056752ba312f8003374979
0c62e0ff5c029b43fc97f3db3df66c12d01822396da7e663357111dd972f6a3b
320725b28ee46be52c21f061eabf6b65ce1c5f041927e29a77bf4da994d97270
3457317dd30b5da56a84c62342b66e60acaaa1641b210916f6c23216b558b4cd
3933ad3ce64c98a9ed7eff8147d1e6245b82f325b9f2791f33282344a409a6f1
769a555de553babc35a3338f344dd7aa16260c93cea2c7db290707c90484e7cc
84266f098779cd6128d6c0c06c2e936c657e30e7382b341e65f3133a42a45057
95c66625ee20f53d542e23dded002b021b24e9d28c3d193a076d45cba4dc8618
ad210c53d6d3b61146779594a306e0d0f48272ebf884284700613baa05919c74
be4607a6dcff84bde41bd1d5a651aeb8a246a51277d5fb71906520e2e9437829
c277622a66901d9b5b7fa8765ce15798265c5e30d832e08c0d69157e28de7460
ea794648e6cfcdfe31005c8a4280eb430c28ed0052a9e1c529880a4cd81793c5
f4f2ea8a9fae0fe006897e4d5907c3677086ab3d476e308e2a6a43f43ca8ffaf
fec1d10e2b74af11924842cfa31d7a09e997915bd912c35b15db0abc5d7abf13

genesis.alignedfoundation.xyz Open in urlscan Pro 104.21.96.48 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

18 Requests

72 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

6 IPs

2 Countries

2232 kBTransfer

6828 kBSize

1 Cookies

7 Outgoing links

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

18 JavaScript Global Variables

1 Cookies

Indicators

genesis.alignedfoundation.xyz Open in urlscan Pro
104.21.96.48 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

72 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

2232 kB
Transfer

6828 kB
Size

1
Cookies

18 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!