# amlriskscore.app — SUSPICIOUS

> amlriskscore.app is an active generic phishing domain using a Let's Encrypt SSL certificate. Users should avoid entering credentials as 4/95 security vendors.

## Summary
amlriskscore.app is an active phishing domain (seed 44fd36) hosting a generic drainer kit designed to harvest financial credentials under the guise of an AML risk scoring portal. The domain was registered on February 27, 2026, through WebNic.cc and resolves to IP 104.21.66.129 with a Let's Encrypt SSL certificate, suggesting an attempt to appear legitimate. VirusTotal analysis confirms elevated risk with 4 out of 95 security vendors flagging the domain for malicious activity.  This domain presents a clear threat through its drainer kit functionality, likely targeting users expecting compliance-related services. Technical indicators include the February 27, 2026 creation date, registrar Web Commerce Communications Limited dba WebNic.cc, and IP allocation to Cloudflare (104.21.66.129). The low detection rate (4/95) indicates evasion tactics, while no Google Safe Browsing (GSB) blocklist status was observed at the time of analysis.  PhishDestroy has flagged this domain as active with elevated risk. Users should avoid interaction and report the domain immediately. Organizations are advised to block the domain at the network level and update threat intelligence feeds. Despite active monitoring, the recent creation and low detection rate suggest this campaign may expand, requiring continuous assessment.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-02-27 18:26:06
- Registrar: Web Commerce Communications Limited dba WebNic.cc
- IP: 104.21.66.129

## Detection Status
- VirusTotal: 4 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3f4d3ebd-5968-4af9-a6be-2353681da79d
- PhishDestroy: https://phishdestroy.io/domain/amlriskscore.app/
- LLM endpoint: https://phishdestroy.io/domain/amlriskscore.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/amlriskscore.app/
Last updated: 2026-03-21