# aml-bot.net — SUSPICIOUS

> PhishDestroy flags aml-bot.net as a crypto drainer phishing domain mimicking AML compliance tools. Verify this domain at PhishDestroy before interaction.

## Summary
PhishDestroy has identified aml-bot.net as a live crypto drainer phishing domain under active investigation. This domain purports to offer automated anti-money laundering (AML) compliance bots for cryptocurrency users, but all indicators suggest malicious intent to drain victim wallets upon connection.  

This domain was flagged by security researchers and is currently blocked by two reputable blocklists including ScamSniffer and Enkrypt. VirusTotal analysis shows 0 out of 95 security engines currently detecting the payload, indicating a low initial detection rate despite clear malicious indicators. The domain was registered on March 29, 2026 through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for anonymity protection. It resolves to IP address 172.67.188.198 and holds a valid SSL certificate issued by Let’s Encrypt, a combination often used to lend false legitimacy to phishing sites.  

Users are strongly advised to avoid interacting with aml-bot.net or any services claiming to provide automated AML compliance via browser-based tools. Do not connect your wallet or enter private keys on this domain. If you have already interacted, immediately revoke wallet permissions, transfer remaining assets to a new wallet, and monitor for unauthorized transactions. Report the domain to PhishDestroy for further analysis and community protection.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-29 12:44:32
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.188.198

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["ScamSniffer", "Enkrypt"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/602cf96f-e22d-467a-aa7b-0821a9c8d707
- PhishDestroy: https://phishdestroy.io/domain/aml-bot.net/
- LLM endpoint: https://phishdestroy.io/domain/aml-bot.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/aml-bot.net/
Last updated: 2026-03-30