Scam Campaign

Botnetdomain Scam — arilprivate.storexyz.web.id

Identified on 4/23/2026

Primary Entity

domain

arilprivate.storexyz.web.id

High Risk

Flagged by Google Safe Browsing
No SSL certificate

Campaign Narrative

This cluster centers on 59 connected domains tagged as autoconfig-atlcpatax-com, mips, opendir. The domains include arilprivate.storexyz.web.id, down.1756520.xyz, 10cricofficial.com, justwatch.life, echorp.shop, nmgm-nmm.vip, proxyzabc.zabc.net, fenbushijujuefuwu.com, img.ipxxxx.com, hanzzmypanel.paneldo.my.id, www.0837234.duckdns.org, mailserver.ccsnetwork.cn, 92031819.duckdns.org, 0837234.duckdns.org, www.92031819.duckdns.org, dndn3829.duckdns.org, 9103843.duckdns.org, www.84920433.duckdns.org, 84920433.duckdns.org, www.9103843.duckdns.org and 39 more. 59 of these domains have been flagged by threat intelligence feeds including Google Safe Browsing and URLhaus.

Flagged domains in this cluster, arilprivate.storexyz.web.id, down.1756520.xyz, 10cricofficial.com, justwatch.life, echorp.shop, nmgm-nmm.vip, proxyzabc.zabc.net, fenbushijujuefuwu.com, img.ipxxxx.com, hanzzmypanel.paneldo.my.id, www.0837234.duckdns.org, mailserver.ccsnetwork.cn, 92031819.duckdns.org, 0837234.duckdns.org, www.92031819.duckdns.org, dndn3829.duckdns.org, 9103843.duckdns.org, www.84920433.duckdns.org, 84920433.duckdns.org, www.9103843.duckdns.org and 39 more.

Do not click links to any of the flagged domains. If you have visited one, check your accounts for unauthorized activity and consider changing your passwords. You can report suspicious contacts to the FTC at reportfraud.ftc.gov or to the FCC at consumercomplaints.fcc.gov.

This campaign was identified through automated analysis of threat intelligence feeds and entity relationship mapping.

Entity Roster

Domains (59)

195.238.123.165High Risk
176.65.134.30High Risk
176.65.148.141High Risk
outel.linchens.comHigh Risk
45.66.228.93High Risk
82.25.56.112High Risk
linchens.comHigh Risk
94.154.32.153High Risk
193.32.162.53High Risk
192.227.183.143High Risk
91.92.242.13High Risk
85.122.114.19High Risk
madroxreborn.lolHigh Risk
jbrj92scltrbtv7mzejvmovw.duckdns.orgHigh Risk
datasurge-bot.onlineHigh Risk
kernalstress.stHigh Risk
autoconfig.atlcpatax.comHigh Risk
mail.atlcpatax.comHigh Risk
autodiscover.atlcpatax.comHigh Risk
pls.ddosme.web.idHigh Risk
kual11.duckdns.orgHigh Risk
nmgm-nmm.vipHigh Risk
raw.flameblox.comHigh Risk
chanchanmiraixd.duckdns.orgHigh Risk
down.1756520.xyzHigh Risk
coolcams.duckdns.orgHigh Risk
cnc.xenema.vipHigh Risk
s8.vizja.ccHigh Risk
bobnet.exiled.fitHigh Risk
neronpidaras.it.comHigh Risk
echorp.shopHigh Risk
10cricofficial.comHigh Risk
hanzzmypanel.paneldo.my.idHigh Risk
asteriaproject.dstat.clickHigh Risk
0837234.duckdns.orgHigh Risk
92031819.duckdns.orgHigh Risk
musing-visvesvaraya.45-90-98-218.plesk.pageHigh Risk
www.45-90-98-218.plesk.pageHigh Risk
justwatch.lifeHigh Risk
r34fa352.duckdns.orgHigh Risk
dndn3829.duckdns.orgHigh Risk
proxyzabc.zabc.netHigh Risk
fenbushijujuefuwu.comHigh Risk
84920433.duckdns.orgHigh Risk
www.92031819.duckdns.orgHigh Risk
arilprivate.storexyz.web.idHigh Risk
docsfakegen.comHigh Risk
www.0837234.duckdns.orgHigh Risk
affectionate-easley.121-127-34-164.plesk.pageHigh Risk
9103843.duckdns.orgHigh Risk
img.ipxxxx.comHigh Risk
www.r34fa352.duckdns.orgHigh Risk
www.neronpidaras.it.comHigh Risk
www.9103843.duckdns.orgHigh Risk
www.84920433.duckdns.orgHigh Risk
objective-roentgen.121-127-34-164.plesk.pageHigh Risk
mailserver.ccsnetwork.cnHigh Risk
vmi3034867.contaboserver.netHigh Risk
www.coolcams.duckdns.orgHigh Risk

Data Sources

Google Safe Browsing
URLhaus

Related Campaigns

Other campaigns that share phone numbers, domains, or companies with this one.

Gafgyt Infrastructure Cluster45 shared entities
Rev-Base64-Loader Infrastructure Cluster43 shared entities
Ascii Infrastructure Cluster43 shared entities
Asyncrat Infrastructure Cluster43 shared entities
Dropped-By-Amadey Infrastructure Cluster43 shared entities
Censys Infrastructure Cluster43 shared entities
Ascii Infrastructure Cluster42 shared entities
Dropped-By-Amadey Infrastructure Cluster42 shared entities
Archive Scam — lun.marvek.live42 shared entities
Debt Reduction Robocall Campaign42 shared entities
Connectwise Infrastructure Cluster42 shared entities
Dropped call or no message Robocall Campaign41 shared entities
Lotteries, prizes & sweepstakes Robocall Campaign41 shared entities
Dropped call or no message Robocall Campaign40 shared entities
Lotteries, prizes & sweepstakes Robocall Campaign40 shared entities

Scam Prevention Resources

Parking Revenue Recovery Services Doesn't Exist

A fake company sends official-looking parking violation notices through the mail. The letters demand payment for violations that never happened at places you never parked.

Dating Site Wants Crypto to Unlock Your Match

The voting process never ends. The fixes cost more crypto each time. The girl you picked doesn't exist.

Scratch-Off Cards Promise Free Cruises and Luxury Showcases

Those winning scratch-off cards in your mailbox aren't what they seem. The cruise invitation is fake, and the real pitch comes later.

QR Code Traffic Tickets Arrive by Text and Mail

Fake court notices with QR codes are hitting phones and mailboxes. The codes lead to credential-harvesting sites designed to steal your personal information.

(888) 269-4978 Won't Stop Calling About Loans You Never Applied For

This number has generated over 1,300 complaints in 30 days. The victims all have one thing in common: phantom loan applications they never submitted.

View all articles

Proton VPN — Block malicious sites and encrypt your connection

Proton VPN routes your traffic through encrypted servers and blocks known malware domains. Free plan available.

Get Proton VPNAffiliate link. We may earn a commission.

View all campaigns