# analyzer-aml.app — SUSPICIOUS

> Stay cautious with analyzer-aml.app, a domain mimicking AML Scam services. Avoid interaction and verify legitimacy before engaging.

## Summary
PhishDestroy has identified analyzer-aml.app as a medium-risk domain engaged in brand impersonation targeting AML Scam, a known cryptocurrency compliance service. The domain’s page title, "AMLBot - Comprehensive Crypto Compliance Solution | Free AML Crypto Check," is designed to mislead users seeking trusted AML tools. This deception aims to exploit user trust by presenting fraudulent compliance resources.

Technically, analyzer-aml.app was registered on February 21, 2026, through Dynadot LLC and resolved to IP address 172.86.69.234. It has been flagged by 3 out of 95 security vendors on VirusTotal and appears on four different security blocklists, indicating recognition by multiple threat intelligence sources. The domain’s infrastructure suggests an attempt to blend into legitimate crypto compliance environments by leveraging a convincing brand impersonation strategy.

Currently, the domain is offline, reducing immediate risk to users. However, given its recent creation and the impersonation tactic, vigilance is advised. Users are recommended to avoid accessing analyzer-aml.app and to verify AML-related resources through official channels. Continuous monitoring by security teams is prudent to detect any reactivation or similar emergent threats.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: dead (HTTP 0)
- Scam type: AML Scam
- Target brand: AML Scam
- Page title: AMLBot - Comprehensive Crypto Compliance Solution | Free AML Crypto Check

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- Registrar: Dynadot LLC
- Country: US
- IP: 172.86.69.234
- IP Country: DE
- IP City: Frankfurt am Main
- IP Org: AS14956 RouterHosting LLC
- Nameservers: ["ns1.dyna-ns.net", "ns2.dyna-ns.net"]
- SSL Issuer: none

## Detection Status
- VirusTotal: 3 vendors flagged
  Vendors: ["CRDF", "Ermes", "Gridinsoft"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "Polkadot", "Enkrypt", "Codeesura"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/01999b3f-16d9-7045-ace7-0f5d354635b9.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/e599dcc8-6b30-4995-b263-a42b4508132e
- PhishDestroy: https://phishdestroy.io/domain/analyzer-aml.app/
- LLM endpoint: https://phishdestroy.io/domain/analyzer-aml.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/analyzer-aml.app/
Last updated: 2026-03-19