# aml-check.support — MALICIOUS

> aml-check.support poses a high risk of brand impersonation. Avoid this site to protect your data and stay secure from AML Scam fraud.

## Summary
PhishDestroy identifies aml-check.support as a high-risk domain engaging in brand impersonation targeting AML Scam. The domain was flagged primarily for social engineering attempts designed to deceive users by mimicking a legitimate anti-money laundering service. This creates a significant threat to users who may unknowingly divulge sensitive information or fall victim to fraud.

Supporting evidence shows aml-check.support was registered recently on February 21, 2026, through NameSilo, LLC, a registrar sometimes linked to malicious registrations. The domain resolves to IP address 144.31.244.217 and has been listed on six separate security blocklists. Google Safe Browsing has classified it under social engineering, further confirming the deceptive intent. Additionally, 16 out of 95 VirusTotal security vendors have flagged this domain, reinforcing the suspicion surrounding its activities.

Currently, aml-check.support is offline, reducing immediate risk to users. However, due to its previous malicious behavior and association with AML Scam impersonation, users are advised to avoid interacting with this domain. If you encounter this site or similar ones, do not provide personal or financial information and report the encounter to your security team or a trusted cybersecurity resource. Staying vigilant against such fraudulent domains is crucial to maintaining digital safety.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Scam type: AML Scam
- Target brand: AML Scam
- Page title: aml-check.support

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: NameSilo, LLC
- Country: US
- IP: 144.31.244.217
- IP Country: DE
- IP City: Frankfurt am Main
- IP Org: AS213877 U1 DIGITAL SERVICES LTD
- Nameservers: ["newt.ns.cloudflare.com", "maya.ns.cloudflare.com"]
- SSL Issuer: CloudFlare, Inc.

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Gridinsoft", "Lionic", "Seclookup", "SOCRadar", "Sophos", "Trustwave", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 6 hits
  Lists: ["PhishDestroy", "MetaMask", "Polkadot", "SEAL", "Enkrypt", "Codeesura"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bdd3a-2929-7384-8041-c2abb144a705.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3168a83d-91cd-4a88-8ff4-33676e865f64
- PhishDestroy: https://phishdestroy.io/domain/aml-check.support/
- LLM endpoint: https://phishdestroy.io/domain/aml-check.support/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/aml-check.support/
Last updated: 2026-03-19