# aml-tap.com — MALICIOUS

> Warning: aml-tap.com is a high-risk phishing site impersonating crypto brands. Avoid interaction; domain is currently offline but was flagged for social.

## Summary
PhishDestroy identifies aml-tap.com as a high-risk phishing domain targeting generic cryptocurrency users through brand impersonation. The domain was designed to deceive visitors with a fraudulent AML Bot page, presenting a significant risk of credential theft and fraud. Due to its high-risk nature, users should remain vigilant and avoid any interaction with this domain or similar URLs.

Evidence collected shows aml-tap.com was flagged by multiple security engines, including Google Safe Browsing for social engineering threats, and appeared on seven different blocklists. The domain was registered recently and resolved to IP address 188.114.97.3. It was registered via GRANSY S.R.O D/B/A SUBREG.CZ, and was also noted in threat intelligence feeds such as AlienVault OTX. Although currently taken offline, it had been reported by 16 security vendors, confirming its malicious intent.

To mitigate risks, users should avoid visiting aml-tap.com or entering any sensitive data on pages resembling crypto services claiming AML verification. Organizations should update blocklists and educate users about the dangers of brand impersonation scams. Continuous monitoring of newly registered domains mimicking crypto brands is essential to prevent exposure to similar threats.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Scam type: AML Scam
- Page title: AML Bot

## Domain Intelligence
- Registered: 2025-10-10 11:38:35
- Expires: 2026-10-10 11:38:35
- Registrar: GRANSY S.R.O D/B/A SUBREG.CZ
- Country: CZ
- IP: 172.67.217.208
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: eva.ns.cloudflare.com guy.ns.cloudflare.com
- SSL Issuer: none

## Detection Status
- VirusTotal: 16 vendors flagged
  Vendors: ["ADMINUSLabs", "ChainPatrol", "alphaMountain.ai", "BitDefender", "Certego", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Google Safebrowsing", "Lionic", "Seclookup", "SOCRadar", "Sophos", "VIPRE"]
- Google Safe Browsing: FLAGGED
- Blocklists: 6 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "Polkadot", "Enkrypt", "Codeesura"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019a4cba-bd48-7777-ae8e-9a3daf03d379.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/0bd5a4c2-4141-4ff1-ae84-01b499e5b078
- PhishDestroy: https://phishdestroy.io/domain/aml-tap.com/
- LLM endpoint: https://phishdestroy.io/domain/aml-tap.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/aml-tap.com/
Last updated: 2026-03-19