# aml-checklist.liunify.dev — SUSPICIOUS > aml-checklist.liunify.dev impersonates AML Scam brands, hosted on 108.142.5.142. Zero of 95 VirusTotal vendors have flagged this active threat yet. ## Summary PhishDestroy identifies aml-checklist.liunify.dev as an active brand impersonation site targeting AML Scam services. This domain is currently under investigation but remains accessible and operational. The threat involves the fraudulent replication of legitimate AML compliance resources to deceive users into disclosing sensitive information or downloading malicious content. This domain was flagged by 0 of 95 VirusTotal vendors at the time of analysis. It resolves to IP address 108.142.5.142 and utilizes a DigiCert Inc SSL certificate to appear legitimate. The infrastructure is hosted on a cloud platform with no verified registration details or public WHOIS transparency, suggesting anonymized or obfuscated ownership. No blocklist entries were detected in major threat intelligence feeds, indicating a newly emerged or stealthily operated campaign. Trust scores across security platforms remain critically low due to the absence of prior detections and the domain’s recent creation. Users are strongly advised to avoid interacting with aml-checklist.liunify.dev and to report any encounters to their IT security team or relevant cybercrime reporting channels. Organizations should implement network-level blocking for this domain and IP address to prevent accidental exposure. If this domain has been accessed, users should scan local systems for unauthorized access, reset credentials for any accounts exposed during the visit, and monitor for signs of credential harvesting or malware deployment. Security teams should investigate internal logs for anomalous traffic to this domain as part of broader threat hunting efforts. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: AML Scam ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 108.142.5.142 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/fb6b776e-ed2c-4029-ba1a-6a209603cc2c - PhishDestroy: https://phishdestroy.io/domain/aml-checklist.liunify.dev/ - LLM endpoint: https://phishdestroy.io/domain/aml-checklist.liunify.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/aml-checklist.liunify.dev/ Last updated: 2026-03-28