# aml-scanner.app — SUSPICIOUS

> Warning: aml-scanner.app impersonates AML Scam brand. Domain is offline but previously flagged. Avoid interaction and verify crypto compliance sources.

## Summary
PhishDestroy identifies aml-scanner.app as a low-risk brand impersonation domain targeting the AML Scam brand. The domain attempted to present itself as a crypto compliance tool under the page title "AMLBot - Comprehensive Crypto Compliance Solution | Free AML Crypto Check." Created on February 21, 2026, the site was designed to confuse users seeking legitimate AML compliance services by displaying a familiar brand identity.

Technical indicators reveal that aml-scanner.app resolved to IP address 216.126.229.16 and was registered through Dynadot LLC. Despite its attempts at brand mimicry, only 2 out of 95 security vendors flagged the domain via VirusTotal, and it appeared on a single security blocklist. These findings suggest limited distribution or impact. The low detection rate corresponds with the domain’s low-risk classification but warrants caution due to its impersonation tactics.

Currently, aml-scanner.app is offline, mitigating any ongoing threat. PhishDestroy recommends users remain vigilant and avoid engagement with domains impersonating trusted AML or crypto compliance services. Verification of such services through official channels is advised to prevent exposure to potential scams or phishing attempts. Monitoring for potential reactivation or domain replication remains important in ongoing brand protection efforts.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Scam type: AML Scam
- Target brand: AML Scam
- Page title: AMLBot - Comprehensive Crypto Compliance Solution | Free AML Crypto Check

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Dynadot LLC
- Country: US
- IP: 216.126.229.16
- IP Country: DE
- IP City: Frankfurt am Main
- IP Org: AS30823 aurologic GmbH
- Nameservers: ["lewis.ns.cloudflare.com", "rafe.ns.cloudflare.com"]
- SSL Issuer: none

## Detection Status
- VirusTotal: 2 vendors flagged
  Vendors: ["CRDF", "Gridinsoft"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01993dbb-394a-7687-b390-ca46df4cfea7.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/d5e6fbfc-1c30-4dfc-b1fc-e54d9c47b84a
- PhishDestroy: https://phishdestroy.io/domain/aml-scanner.app/
- LLM endpoint: https://phishdestroy.io/domain/aml-scanner.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/aml-scanner.app/
Last updated: 2026-03-19