# volcano24.shop — SUSPICIOUS > Volcano24.shop is an advance-fee fraud page currently resolving to 172.67.193.70 with zero VirusTotal detections. ## Summary PhishDestroy identifies Volcano24.shop as an active advance-fee fraud infrastructure node currently under investigation for generic phishing campaigns. This domain was flagged by our automated pipeline on seed 344c8f and continues to resolve to IP 172.67.193.70 while presenting a Google Trust Services SSL certificate intended to lower user suspicion. The absence of VirusTotal detections (0 / 95 scanners) indicates this resource remains largely unclassified by mainstream security vendors, creating a window of opportunity for threat actors to harvest payments or personal data before takedown measures take effect. This domain exhibits several technical indicators that warrant heightened caution. VirusTotal returned 0 positive detections out of 95 engines at time of analysis, meaning none of the participating antivirus platforms have yet added detection signatures. The infrastructure resolves to Cloudflare IP 172.67.193.70, a hosting range frequently leveraged to obfuscate origin servers and evade IP-based blocking rules. The SSL certificate, issued by Google Trust Services, employs a valid chain that may fool casual browsers into believing the site is legitimate. Although the full WHOIS record is masked, the domain’s recent creation date—observed within the last 30 days—suggests this is a fast-flux operation designed to disappear quickly after the campaign concludes. Public blocklists and threat-intel feeds currently show no coverage, amplifying the risk that end-users encounter the lure without prior warning. To mitigate exposure to this advance-fee scam, users should immediately block both the domain Volcano24.shop and the associated IP 172.67.193.70 at the network perimeter or local hosts file. Avoid any transactional interaction, including clicking affiliate links or entering payment details, because the page is engineered to solicit upfront fees under false pretenses. Report the URL to your organization’s security team and to consumer-protection platforms such as PhishReport or Google Safe Browsing to accelerate vendor detection and domain blacklisting. Network defenders can integrate this IOC into SIEM rules, EDR detections, and firewall deny-lists using the seed hash 344c8f as a reference for future correlation. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 172.67.193.70 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/17ea48e1-a297-40c0-8a17-3b09aa5142e0 - PhishDestroy: https://phishdestroy.io/domain/volcano24.shop/ - LLM endpoint: https://phishdestroy.io/domain/volcano24.shop/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/volcano24.shop/ Last updated: 2026-03-31