# aml-crypto-bot.one — SUSPICIOUS

> aml-crypto-bot.one is an ACTIVE cryptocurrency drainer domain registered March 28, 2026. Resolves to IP 107.189.16.56.

## Summary
PhishDestroy identifies aml-crypto-bot.one as an active cryptocurrency drainer domain under investigation. The domain exhibits generic phishing behavior, targeting cryptocurrency users by impersonating legitimate trading or bot services. While no specific drainer kit has been identified in this campaign, the site’s infrastructure and naming suggest an intent to deceive users into connecting wallets or transferring funds to attacker-controlled addresses. The threat level remains under investigation pending additional behavioral analysis and artifact extraction.  aml-crypto-bot.one was registered via Dynadot Inc on March 28, 2026, and resolves to IP address 107.189.16.56. VirusTotal currently reports 0 detections out of 95 engines, indicating it remains unflagged by most security tools. The domain uses a Let’s Encrypt SSL certificate, which is commonly abused to appear legitimate. At present, no blocklist entries have been recorded for this domain. Given its recent registration and lack of detections, the domain poses a high risk due to its potential for rapid spread and low visibility in detection systems.  The domain is currently active, with no known takedown or mitigation in place. Immediate action is recommended: users and organizations should block aml-crypto-bot.one at the network and DNS levels and avoid visiting the site. Security teams should monitor for outbound connections to 107.189.16.56 and inspect internal logs for related traffic. Remaining risk is elevated due to the domain’s recent activation, unflagged status, and use of a trusted SSL issuer. Proactive blocking and user awareness are critical to prevent cryptocurrency loss. Seed: be913e

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-28 14:17:55
- Registrar: Dynadot Inc
- IP: 107.189.16.56

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8e857864-42f6-49ff-bf76-18e65aed3131
- PhishDestroy: https://phishdestroy.io/domain/aml-crypto-bot.one/
- LLM endpoint: https://phishdestroy.io/domain/aml-crypto-bot.one/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/aml-crypto-bot.one/
Last updated: 2026-03-28