# aml-scanner.live — SUSPICIOUS

> aml-scanner.live poses as brand impersonation targeting AML Scam with 0/95 VirusTotal detections. Verify before interacting to avoid credential theft.

## Summary
PhishDestroy identifies aml-scanner.live as a domain engaged in active brand impersonation, specifically mimicking the legitimate AML Scam service. This domain was flagged for hosting fraudulent content designed to deceive users into divulging sensitive information, likely targeting individuals or organizations associated with anti-money laundering compliance. The threat involves a high-risk impersonation campaign, leveraging the trusted reputation of a known brand to facilitate credential theft or malware delivery. Users accessing this domain may unknowingly expose login credentials, financial data, or other sensitive information to threat actors.  This domain was registered through PDR Ltd. d/b/a PublicDomainRegistry.com on December 23, 2025, and currently resolves to the IP address 188.114.96.3. According to VirusTotal, the domain has received 0 detections out of 95 scanners, indicating it has evaded immediate detection by most cybersecurity tools. The domain also utilizes a Google Trust Services SSL certificate, which may further enhance its credibility and reduce user suspicion. As of the latest assessment, this domain remains active and unblocked by major threat intelligence platforms, posing a significant risk to unsuspecting visitors.  Users who have visited aml-scanner.live should immediately cease any interaction with the site and avoid entering any credentials or sensitive information. It is strongly recommended to scan all connected devices for malware using reputable antivirus software. If credentials were entered, users should change passwords immediately and enable multi-factor authentication on all associated accounts. Additionally, report the domain to your organization's security team or to relevant cybersecurity authorities to aid in blocking efforts and prevent further exploitation. Proactive monitoring of financial and account activity is advised to detect any unauthorized transactions or access.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: AML Scam

## Domain Intelligence
- Registered: 2025-12-23 11:16:16
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 188.114.96.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9b59606c-3d4d-4376-8179-57989dec717a
- PhishDestroy: https://phishdestroy.io/domain/aml-scanner.live/
- LLM endpoint: https://phishdestroy.io/domain/aml-scanner.live/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/aml-scanner.live/
Last updated: 2026-03-28