# aml-c.net — SUSPICIOUS

> PhishDestroy flags aml-c.net as a generic phishing domain hosting a crypto drainer. VirusTotal score 0/95 detections.

## Summary
PhishDestroy identifies aml-c.net as an active crypto drainer domain posing as a legitimate service to steal cryptocurrency from unwary users. The domain is designed to impersonate legitimate platforms by harvesting wallet credentials and draining funds through unauthorized transactions. Technical analysis indicates the domain is weaponized to trick users into connecting their wallets or entering private keys under false pretenses, resulting in irreversible asset loss. This domain was flagged as a generic phishing site on March 26, 2026, just days after registration, suggesting a fast-turnaround malicious campaign likely leveraging fresh infrastructure to evade detection.  This domain resolves to IP address 188.114.96.3 and is registered through TUCOWS.COM, CO., a common registrar used by malicious actors to quickly deploy malicious domains. VirusTotal currently shows 0 out of 95 detection engines flagging the domain, highlighting how new and undetected this threat remains despite active malicious behavior. The domain uses a Let's Encrypt SSL certificate, which provides a false sense of legitimacy to users. Given its recent creation and lack of blocklist presence, this domain represents a high-risk threat with low visibility across security platforms.  Users who have visited aml-c.net or entered any wallet-related information should immediately disconnect their wallet from the site, revoke any connected permissions through their wallet interface, and transfer remaining funds to a secure, offline wallet. Scan devices for malware using reputable antivirus tools, enable multi-factor authentication where possible, and avoid reusing passwords. Report the domain to PhishDestroy and monitor wallet transactions for suspicious activity. If funds were stolen, file a report with local cybercrime units and blockchain forensic services. Always verify domains and URLs independently before engaging with cryptocurrency platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-26 13:23:22
- Registrar: TUCOWS.COM, CO.
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/479a99ff-b21b-4054-8246-e5cc6660a82c
- PhishDestroy: https://phishdestroy.io/domain/aml-c.net/
- LLM endpoint: https://phishdestroy.io/domain/aml-c.net/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/aml-c.net/
Last updated: 2026-03-28