# amlcore.cc — SUSPICIOUS

> amlcore.cc is an active phishing domain impersonating crypto KYC compliance portals, resolving to 188.114.97.3.

## Summary
PhishDestroy identifies amlcore.cc as an active phishing domain impersonating a cryptocurrency anti-money laundering (AML) Know-Your-Customer (KYC) compliance portal. The campaign leverages a fraudulent website designed to deceive users into submitting sensitive KYC documentation, financial data, or cryptocurrency wallet credentials under the guise of regulatory compliance. This domain is currently classified as under investigation with an active status due to observed live hosting and potential victim engagement.


This domain was flagged by 0 of 95 VirusTotal vendors and is registered through Web Commerce Communications Limited dba WebNic.cc. amlcore.cc resolves to IP address 188.114.97.3 and was created on November 20, 2025. The domain holds an SSL certificate issued by Google Trust Services, which may enhance its credibility. Despite zero detections on VirusTotal and no presence on major public blocklists, the domain’s recent creation and alignment with crypto compliance narratives warrant immediate scrutiny.


Users should avoid interacting with amlcore.cc and block the domain at network and endpoint levels. Organizations are advised to implement DNS filtering rules targeting the domain and IP address (188.114.97.3). Immediately inspect any internal alerts for users attempting to access suspected phishing domains. Prioritize user awareness training regarding crypto AML/KYC scams, and report indicators to relevant threat intelligence platforms. Monitor for new subdomains or similar domains registered with the same registrar. Remain vigilant for credential harvesting or malware distribution associated with this campaign.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-11-20 17:36:30
- Registrar: Web Commerce Communications Limited dba WebNic.cc
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/8bb64ecd-321a-45e2-a65a-390e92dcb100
- PhishDestroy: https://phishdestroy.io/domain/amlcore.cc/
- LLM endpoint: https://phishdestroy.io/domain/amlcore.cc/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/amlcore.cc/
Last updated: 2026-03-22