# amlbot.limited — MALICIOUS

> amlbot.limited impersonates AMLBot in a high-risk phishing scam. Avoid interacting with this domain and report suspicious activity immediately.

## Summary
PhishDestroy identifies amlbot.limited as a phishing domain impersonating the AMLBot brand. This site was designed to deceive users by mimicking a legitimate service, posing a significant risk to personal and financial information. The campaign is categorized as high risk due to its potential to harvest credentials and sensitive data.

Technical analysis reveals amlbot.limited resolved to IP address 198.18.2.119 and appeared on three security blocklists. VirusTotal flagged the domain with 11 out of 95 security vendors detecting malicious activity. The domain also appeared in one AlienVault OTX threat intelligence pulse and has a low trust score of 45/100 on Scamadviser, confirming its suspicious nature.

Currently, amlbot.limited has been taken offline, reducing immediate threat exposure. Users are advised to remain vigilant for any emails or messages referencing AMLBot and avoid clicking links or providing information to suspicious domains. Reporting such phishing attempts can help prevent further victimization and assist in mitigating ongoing campaigns.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Scam type: AML Scam
- Target brand: AMLBot
- Page title: amlbot.limited

## Domain Intelligence
- IP: 198.18.2.119
- Nameservers: Unknown
- SSL Issuer: none

## Detection Status
- VirusTotal: 11 vendors flagged
  Vendors: ["alphaMountain.ai", "BitDefender", "CRDF", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Lionic", "Seclookup", "SOCRadar", "Sophos"]
- Google Safe Browsing: clean
- Blocklists: 3 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/0198abd8-7043-776e-9a1a-4f87eae1e16c.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/5810de37-63d6-43d3-af42-01c07264037b
- PhishDestroy: https://phishdestroy.io/domain/amlbot.limited/
- LLM endpoint: https://phishdestroy.io/domain/amlbot.limited/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/amlbot.limited/
Last updated: 2026-03-19