# aml-confirm.com — SUSPICIOUS

> aml-confirm.com is a recently registered domain (Dec 2025) posing as an AML confirmation page. 3/95 security vendors flag it as a phishing site harvesting.

## Summary
PhishDestroy identifies aml-confirm.com as an active phishing domain impersonating an Anti-Money Laundering (AML) confirmation service, leveraging urgency to trick users into submitting sensitive credentials. This domain was flagged by 3 out of 95 VirusTotal security vendors, indicating a moderate but noteworthy detection rate.  aml-confirm.com resolves to IP 104.21.1.172 and is registered through MAT BAO CORPORATION. The domain was created on December 16, 2025, and secured with a Let's Encrypt SSL certificate, adding a false sense of legitimacy. As of current checks, the domain remains unlisted in Google Safe Browsing (GSB) but has been identified across multiple blocklists, reinforcing its malicious classification.  This domain is currently active and classified as an elevated threat due to its use in credential harvesting schemes. Immediate countermeasures include blacklisting the domain and IP, as well as updating web filtering rules to block access. Users are strongly advised to avoid interacting with this domain or any associated links. The residual risk remains moderate, given the domain's recent registration and partial detection coverage, necessitating ongoing monitoring for shifts in behavior or infrastructure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-12-16 16:10:59
- Registrar: MAT BAO CORPORATION
- IP: 104.21.1.172

## Detection Status
- VirusTotal: 3 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a0061232-17ff-482f-b32a-dcffb126bdd8
- PhishDestroy: https://phishdestroy.io/domain/aml-confirm.com/
- LLM endpoint: https://phishdestroy.io/domain/aml-confirm.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/aml-confirm.com/
Last updated: 2026-03-24