# amlbot.run — MALICIOUS

> amlbot.run is a crypto scam domain flagged by 7/95 VirusTotal vendors; avoid interactions to prevent financial theft or credential harvesting.

## Summary
PhishDestroy identifies amlbot.run as an active crypto scam domain posing elevated phishing risks, including credential harvesting and financial fraud. This domain resolves to IP 188.114.97.3, was registered through PDR Ltd. d/b/a PublicDomainRegistry.com on March 01, 2026, and is flagged by 7 out of 95 VirusTotal security vendors. Additionally, it appears on 1 security blocklist and is blocked by Maltrail, indicating confirmed malicious activity.  Technical indicators further corroborate the threat: the domain utilizes a Let's Encrypt SSL certificate, which may lend false legitimacy to users. Despite its recent registration date, the domain has already attracted significant scrutiny from cybersecurity tools, demonstrating rapid deployment of malicious infrastructure. The combination of a newly registered domain, low detection coverage by some security vendors, and active blocking by established threat intelligence platforms (e.g., Maltrail) suggests this domain is part of a coordinated campaign targeting unsuspecting users, particularly in the cryptocurrency and financial sectors.  Users who have visited amlbot.run are strongly advised to immediately check their devices for signs of compromise, such as unauthorized browser extensions, unfamiliar login credentials, or suspicious transactions. If any interaction occurred—such as entering credentials or downloading files—reset passwords for all online accounts, especially those linked to financial services or crypto wallets. Use a reputable antivirus or anti-malware tool to scan for infections. Report the domain to your security team or relevant authorities to help prevent further victimization.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-01 15:10:08
- Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 7 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["Maltrail"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/97337a6b-b916-444b-ad56-3d55146062fe
- PhishDestroy: https://phishdestroy.io/domain/amlbot.run/
- LLM endpoint: https://phishdestroy.io/domain/amlbot.run/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/amlbot.run/
Last updated: 2026-03-22