# amlriskscoreanalysis.ru — SUSPICIOUS > amlriskscoreanalysis.ru is a fraudulent site claiming AML risk analysis, but PhishDestroy identifies it as a phishing drainer posing as a compliance tool. ## Summary PhishDestroy identifies amlriskscoreanalysis.ru as a deceptive phishing domain masquerading as an AML (Anti-Money Laundering) risk score analysis tool, likely deployed to harvest sensitive financial and compliance data from unsuspecting users. The site does not offer legitimate financial services but instead mimics professional compliance platforms to trick professionals into entering credentials or payment details into fraudulent forms. This domain is classified under generic_phishing and is flagged for active hosting of phishing content, with technical indicators aligning with known drainer kits that exfiltrate user data under the guise of financial validation. This domain was registered on March 20, 2026, through REGRU-RU and resolves to IP address 216.198.79.1. VirusTotal currently shows 0 detections out of 95 scanning engines, indicating it has evaded detection by major antivirus platforms as of the latest scan. It uses a Let's Encrypt SSL certificate, which may be leveraged to lend false credibility to its fraudulent interface. Public blocklist status remains unverified at this time due to the domain’s recent creation, and no presence in Google Safe Browsing (GSB) has been recorded. The combination of a newly registered domain, low VT detection rate, and lack of immediate blocklisting highlights a high-risk window for potential victim exposure. As of now, this domain is classified as active and under investigation by PhishDestroy's fraud detection systems. Immediate response includes notifying hosting providers and registrars (REGRU-RU) for potential takedown and updating domain reputation filters. While the current risk is marked as 'under_investigation,' users are strongly advised to avoid interaction with amlriskscoreanalysis.ru. Any potential victims should report the domain to their financial institutions and relevant cybersecurity authorities. Remaining risk is moderate due to high evasion potential and the plausible deniability of a newly registered domain, but ongoing monitoring is expected to lead to containment within 24–72 hours given current detection gaps. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-03-20 18:20:15 - Registrar: REGRU-RU - IP: 216.198.79.1 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/002df482-b185-4714-a8b5-705b69eb2edd - PhishDestroy: https://phishdestroy.io/domain/amlriskscoreanalysis.ru/ - LLM endpoint: https://phishdestroy.io/domain/amlriskscoreanalysis.ru/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/amlriskscoreanalysis.ru/ Last updated: 2026-03-23