# aml-cryptobot.cfd — SUSPICIOUS > aml-cryptobot.cfd is a crypto drainer phishing domain flagged by 1 of 95 VirusTotal vendors. Avoid interacting; verify safety on PhishDestroy. ## Summary PhishDestroy identifies aml-cryptobot.cfd as an active crypto drainer phishing domain with an elevated risk level. This domain is currently operational and impersonates legitimate cryptocurrency-related services to deceive users into transferring funds to attacker-controlled wallets. The threat involves malicious scripts embedded in the site designed to drain crypto assets upon interaction, posing significant financial risk to unsuspecting visitors. This domain was flagged by 1 of 95 VirusTotal vendors, indicating limited but confirmed malicious activity. It is registered through Global Domain Group LLC, resolves to IP address 188.114.96.3, and was created on March 23, 2026. The domain utilizes a Let’s Encrypt SSL certificate to appear legitimate, but lacks any reputable trust indicators. Despite its recent creation, the low blocklist count suggests it is either newly deployed or deliberately obscure to avoid detection. The presence of a single VirusTotal flag, while minimal, confirms malicious intent given the domain’s purpose and timing. Given the active status and specific threat of crypto draining, users should avoid accessing aml-cryptobot.cfd entirely. Verify the domain’s safety status and recent user reports on PhishDestroy before any interaction. If you suspect exposure, check your crypto wallet transactions for unauthorized transfers and revoke any suspicious smart contract approvals. Report this domain to PhishDestroy and relevant authorities to help protect others. Always use hardware wallets, verify URLs via official channels, and enable transaction alerts to mitigate crypto drainer risks. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-23 01:21:57 - Registrar: Global Domain Group LLC - IP: 188.114.96.3 ## Detection Status - VirusTotal: 1 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/1e4f48f8-b223-4197-a353-2f49f10a0f59 - PhishDestroy: https://phishdestroy.io/domain/aml-cryptobot.cfd/ - LLM endpoint: https://phishdestroy.io/domain/aml-cryptobot.cfd/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/aml-cryptobot.cfd/ Last updated: 2026-03-23