# aml-rescan.cc — SUSPICIOUS > aml-rescan.cc is a credential theft site impersonating AML compliance tools. VirusTotal flags 3/95 vendors. Avoid entering wallet data here. ## Summary PhishDestroy identifies aml-rescan.cc as a malicious domain designed to steal cryptocurrency wallet credentials from unsuspecting users. The site masquerades as an official anti-money laundering (AML) transaction rescan tool for crypto wallets, a common service in the digital asset space. Visitors who attempt to use this fake tool may unknowingly hand over their private keys or seed phrases, allowing attackers to drain their cryptocurrency holdings directly. These fraudulent sites often target users who may be unfamiliar with the legitimate processes for wallet scanning or AML audits, exploiting urgency around transaction issues. This domain was flagged by security researchers and 3 out of 95 VirusTotal antivirus engines as malicious or suspicious. Technical investigation reveals that aml-rescan.cc was registered on February 08, 2026, through Global Domain Group LLC, a domain registrar often associated with bulk or low-cost registrations. The site uses a valid SSL certificate issued by Let's Encrypt, which can mislead users into believing it is secure. The infrastructure behind the domain resolves to IP address 45.150.34.159, a hosting node linked to multiple fraudulent activities. The creation date is unusually recent—less than a month ago—and alignment with known phishing campaigns suggests this is part of an ongoing credential theft operation targeting digital asset users. If you visited aml-rescan.cc, do not enter any cryptocurrency wallet credentials, private keys, or seed phrases. Immediately disconnect from the site and scan your device for malware with a trusted antivirus tool. If you entered sensitive information, transfer your remaining funds to a new wallet using only official and verified tools. Report the domain to your wallet provider and local cybercrime units. Enable two-factor authentication (2FA) and hardware wallet protections for future transactions. Always verify URLs, use bookmarked official links, and consult community forums like Reddit or X (Twitter) before using unfamiliar crypto tools. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-02-08 12:04:39 - Registrar: Global Domain Group LLC - IP: 45.150.34.159 ## Detection Status - VirusTotal: 3 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/aml-rescan.cc - PhishDestroy: https://phishdestroy.io/domain/aml-rescan.cc/ - LLM endpoint: https://phishdestroy.io/domain/aml-rescan.cc/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/aml-rescan.cc/ Last updated: 2026-04-09