# aml-check.cfd — SUSPICIOUS

> aml-check.cfd is a crypto drainer scam impersonating AML Scam. 1/95 security vendors flagged this domain. Verify on PhishDestroy for safety.

## Summary
PhishDestroy identifies aml-check.cfd as an elevated-risk crypto drainer domain impersonating AML Scam's legitimate services. This domain poses an immediate threat to users seeking AML verification tools, as it mimics the brand to deceive victims into transferring cryptocurrency to attacker-controlled wallets. The fraudulent site leverages social engineering tactics, including the use of a misleading domain name that suggests legitimacy for AML (Anti-Money Laundering) checks. Users who interact with this domain risk irreversible financial loss due to its crypto drainer functionality.

This domain was flagged with an elevated risk level, with concrete indicators including a VirusTotal detection rate of just 1 out of 95 security vendors as of the assessment date. The domain resolves to IP address 188.114.97.3 and was registered on March 23, 2026, through Global Domain Group LLC. It utilizes a Let's Encrypt SSL certificate to appear trustworthy, but this does not guarantee legitimacy. The newness of the domain and its low detection rate suggest it may be recently launched to evade blocklists, though no public blocklist entries were noted at the time of analysis. The low trust score aligns with its elevated risk classification.

To mitigate exposure to this crypto drainer scam, users must avoid interacting with aml-check.cfd entirely. Verify any AML-related services directly through official channels or trusted third-party platforms. Organizations should update firewall and DNS blocklists immediately using this domain and its associated IP address (188.114.97.3). Report this domain to PhishDestroy and relevant cybersecurity authorities to contribute to collective threat intelligence. Always exercise caution with domains offering unsolicited financial services, especially those impersonating regulated entities like AML Scam.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: AML Scam

## Domain Intelligence
- Registered: 2026-03-23 00:35:51
- Registrar: Global Domain Group LLC
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/0c7a43cd-f595-4ab2-92a7-8e90c1431592
- PhishDestroy: https://phishdestroy.io/domain/aml-check.cfd/
- LLM endpoint: https://phishdestroy.io/domain/aml-check.cfd/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/aml-check.cfd/
Last updated: 2026-03-28