# amlclean.app — MALICIOUS

> Explore the potential phishing threat from amlclean.app. PhishDestroy monitors this domain closely despite no current detections.

## Summary
PhishDestroy identifies amlclean.app as a potential generic phishing threat, warranting caution due to suspicious activity patterns. This classification matters because phishing attempts can compromise sensitive user data.

The domain resolves to IP 104.21.39.216 and, notably, VirusTotal scans show no detections, indicating no current security vendor flags. However, the domain remains under active investigation based on behavioral indicators and its recent emergence.

Users are advised to avoid interacting with amlclean.app until further analysis concludes its safety. Vigilance against unsolicited links and verification of sources remain crucial to prevent possible phishing exposure.

## Threat Details
- Verdict: MALICIOUS
- Site status: alive (HTTP 200)
- Page title: AML Bot

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 104.21.39.216
- Nameservers: guy.ns.cloudflare.com sandra.ns.cloudflare.com

## Detection Status
- VirusTotal: 14 vendors flagged
  Vendors: ["ADMINUSLabs", "BitDefender", "CRDF", "Chong Lua Dao", "CyRadar", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "SOCRadar", "Seclookup", "Sophos", "alphaMountain.ai"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc51e-454a-73b2-a348-dd9b2f5b930c.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/3b37fad3-dd1f-4268-9029-4320b5820044
- PhishDestroy: https://phishdestroy.io/domain/amlclean.app/

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/amlclean.app/
Last updated: 2026-03-14