{ "type": "Domain", "indicator": "dfxecha.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/dfxecha.com", "alexa": "http://www.alexa.com/siteinfo/dfxecha.com", "indicator": "dfxecha.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4307233639, "indicator": "dfxecha.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69dc409f0305b15d39f0d7f2", "name": "URLert Daily Threat Intel \u2014 2026-04-13", "description": "URLert Daily Threat Intel \u2014 2026-04-13\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 40 | Indicators: 71\nConfirmed: 14 | Likely: 25 | Domain intel: 1\nTop threats: Phishing (32), Malware Hosting (3), Dropper (2), Malvertising (2), Unknown (1)\nDomains: bmz.cc, brak.cc, bringitonmsg.com, bunnyband.com, cxr.cc, dfxecha.com, fast-links.org, gb-tracking.help, getzofr.com, iceiy.com, illgmouk.com, inssupplier.com, izimuves.com, jylus.my.id, l...\n\n40 unique threats producing 71 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-12T23:08:04.035000", "created": "2026-04-13T01:02:23.579000", "tags": [ ".click-tld", "ad-fraud", "adobe-photoshop", "aggressive-advertising", "anti-analysis", "anydesk", "assistance-loans", "automated-scan", "brand-impersonation", "browser-extension", "content-locker", "counterfeit-goods", "credential-harvesting", "crypto-scam", "cryptocurrency-scam", "daily-threat-intel", "data-breach-lookup", "data-collection", "deception", "deceptive-domain", "deceptive-interface", "deceptive-platform", "deceptive-practices", "deceptive-site", "deceptive-subdomain", "deceptive-tactics", "disposable-domain", "domain-classification", "domain-hopping", "e-commerce-scam", "ecommerce", "evasion", "evasion-technique", "fake-exchange", "fake-login", "fake-reviews", "fake-store", "file-sharing", "financial-fraud", "fordeal", "fraudulent-ecommerce", "fraudulent-financial-platform", "fraudulent-gambling", "fraudulent-platform", "fraudulent-retailer", "fund-harvesting", "generic-impersonation", "gibberish-domain", "high-risk-tld", "insecure-redirect", "leak-scam", "logitech", "low-reputation-domain", "luxury-goods", "malicious-infrastructure", "malicious-redirect", "malicious-redirection", "malvertising", "malware", "malware-distribution", "marketplace", "microsoft-account", "money-making-scheme", "nebula-x", "netflix", "new-domain", "newly-registered-domain", "onlyfans", "payload-delivery", "payment-information-harvesting", "payment-scam", "personal-information-collection", "phishing", "phishing-site", "pirated-software", "pledge-mining", "rakuten", "recently-registered-domain", "redirect-chain", "redirect-facade", "redirector", "retail-e-commerce", "retail-scam", "roblox", "roblox-impersonation", "royal-mail-impersonation", "scam", "scam-operation", "scam-operations", "scam-shop", "social-engineering", "social-media-campaigns", "social-media-lure", "software-cracks", "spam-promotion", "stolen-accounts", "streaming-service-impersonation", "survey-scam", "task-scam", "tryst-link-impersonation", "twitter", "typosquatting", "unexpected-file-type", "unsecured-hosting", "unvetted-content", "urlert", "whatsapp-scam" ], "references": [ "https://urlert.com/domain/bmz.cc", "https://urlert.com/domain/brak.cc", "https://urlert.com/domain/bringitonmsg.com", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/cxr.cc", "https://urlert.com/domain/dfxecha.com", "https://urlert.com/domain/fast-links.org", "https://urlert.com/domain/gb-tracking.help", "https://urlert.com/domain/getzofr.com", "https://urlert.com/domain/iceiy.com", "https://urlert.com/domain/illgmouk.com", "https://urlert.com/domain/inssupplier.com", "https://urlert.com/domain/izimuves.com", "https://urlert.com/domain/jylus.my.id", "https://urlert.com/domain/luluvid.com", "https://urlert.com/domain/lumenpick.com", "https://urlert.com/domain/maddixi.me", "https://urlert.com/domain/newtv.site", "https://urlert.com/domain/nowplaytoc.com", "https://urlert.com/domain/pccompressed.blog" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 21, "URL": 21, "hostname": 6 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69dee993357e7b6f29b213a7", "name": "URLert Daily Threat Intel \u2014 2026-04-13", "description": "URLert Daily Threat Intel \u2014 2026-04-13\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 40 | Indicators: 71\nConfirmed: 14 | Likely: 25 | Domain intel: 1\nTop threats: Phishing (32), Malware Hosting (3), Dropper (2), Malvertising (2), Unknown (1)\nDomains: bmz.cc, brak.cc, bringitonmsg.com, bunnyband.com, cxr.cc, dfxecha.com, fast-links.org, gb-tracking.help, getzofr.com, iceiy.com, illgmouk.com, inssupplier.com, izimuves.com, jylus.my.id, l...\n\n40 unique threats producing 71 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-12T23:08:04.035000", "created": "2026-04-15T01:27:47.408000", "tags": [ ".click-tld", "ad-fraud", "adobe-photoshop", "aggressive-advertising", "anti-analysis", "anydesk", "assistance-loans", "automated-scan", "brand-impersonation", "browser-extension", "content-locker", "counterfeit-goods", "credential-harvesting", "crypto-scam", "cryptocurrency-scam", "daily-threat-intel", "data-breach-lookup", "data-collection", "deception", "deceptive-domain", "deceptive-interface", "deceptive-platform", "deceptive-practices", "deceptive-site", "deceptive-subdomain", "deceptive-tactics", "disposable-domain", "domain-classification", "domain-hopping", "e-commerce-scam", "ecommerce", "evasion", "evasion-technique", "fake-exchange", "fake-login", "fake-reviews", "fake-store", "file-sharing", "financial-fraud", "fordeal", "fraudulent-ecommerce", "fraudulent-financial-platform", "fraudulent-gambling", "fraudulent-platform", "fraudulent-retailer", "fund-harvesting", "generic-impersonation", "gibberish-domain", "high-risk-tld", "insecure-redirect", "leak-scam", "logitech", "low-reputation-domain", "luxury-goods", "malicious-infrastructure", "malicious-redirect", "malicious-redirection", "malvertising", "malware", "malware-distribution", "marketplace", "microsoft-account", "money-making-scheme", "nebula-x", "netflix", "new-domain", "newly-registered-domain", "onlyfans", "payload-delivery", "payment-information-harvesting", "payment-scam", "personal-information-collection", "phishing", "phishing-site", "pirated-software", "pledge-mining", "rakuten", "recently-registered-domain", "redirect-chain", "redirect-facade", "redirector", "retail-e-commerce", "retail-scam", "roblox", "roblox-impersonation", "royal-mail-impersonation", "scam", "scam-operation", "scam-operations", "scam-shop", "social-engineering", "social-media-campaigns", "social-media-lure", "software-cracks", "spam-promotion", "stolen-accounts", "streaming-service-impersonation", "survey-scam", "task-scam", "tryst-link-impersonation", "twitter", "typosquatting", "unexpected-file-type", "unsecured-hosting", "unvetted-content", "urlert", "whatsapp-scam" ], "references": [ "https://urlert.com/domain/bmz.cc", "https://urlert.com/domain/brak.cc", "https://urlert.com/domain/bringitonmsg.com", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/cxr.cc", "https://urlert.com/domain/dfxecha.com", "https://urlert.com/domain/fast-links.org", "https://urlert.com/domain/gb-tracking.help", "https://urlert.com/domain/getzofr.com", "https://urlert.com/domain/iceiy.com", "https://urlert.com/domain/illgmouk.com", "https://urlert.com/domain/inssupplier.com", "https://urlert.com/domain/izimuves.com", "https://urlert.com/domain/jylus.my.id", "https://urlert.com/domain/luluvid.com", "https://urlert.com/domain/lumenpick.com", "https://urlert.com/domain/maddixi.me", "https://urlert.com/domain/newtv.site", "https://urlert.com/domain/nowplaytoc.com", "https://urlert.com/domain/pccompressed.blog" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 21, "URL": 21, "hostname": 6 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69dc1a55d4a952ca9b117bd6", "name": "URLert Daily Threat Intel \u2014 2026-04-12", "description": "URLert Daily Threat Intel \u2014 2026-04-12\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 46 | Indicators: 88\nConfirmed: 17 | Likely: 29\nTop threats: Phishing (34), Malware Hosting (4), Malvertising (3), Dropper (3), Unknown (2)\nDomains: ac-inbox.com, aceimg.com, apkpurehub.net, appmedo.com, auroraexchanges.com, buksuper.xyz, bunnyband.com, cstradex.com, dandys1.xyz, dfxecha.com, digitaloceanspaces.com, flgroup.win, fort-v...\n\n46 unique threats producing 88 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-12T01:07:39.899000", "created": "2026-04-12T22:19:01.528000", "tags": [ "account-theft", "adult-content", "apk-download", "apk-malware", "automated-bots", "automated-scan", "brand-impersonation", "brushing-scam", "click-bait", "cloaking", "cloudflare-block", "connect-wallet-prompt", "content-gating", "credential-harvesting", "credit-card-theft", "crypto-phishing", "crypto-scam", "cryptocurrency", "cryptocurrency-exchange-impersonation", "cryptocurrency-scam", "daily-threat-intel", "data-exfiltration", "data-harvesting", "data-interception", "deception", "deceptive-domain", "deceptive-gambling", "deceptive-landing-page", "deceptive-practices", "deceptive-scam", "deceptive-site", "deposit-scam", "download-lure", "e-commerce-scam", "earning-scam", "epic-games", "evasion", "explicit-content", "extortion", "fake-app-store", "fake-countdown-timer", "fake-ecommerce", "fake-login-page", "fake-marketplace", "fake-rewards", "fake-testimonials", "financial-fraud", "financial-risk", "financial-scam", "financial-theft", "fraud", "fraudulent-activity", "fraudulent-network", "fraudulent-storefront", "free-spins", "game-cheats", "gaming", "get-rich-quick", "hyip", "icloud-pin-harvesting", "identity-theft", "information-gathering", "investment-scam", "low-reputation-domain", "malicious-app", "malicious-download", "malicious-redirection", "malicious-redirects", "malware-distribution", "malware-risk", "man-in-the-middle", "manipulative-language", "monetary-fraud", "nebula-x", "new-domain", "newly-registered-domain", "obfuscated-url", "personal-information-collection", "phishing", "phishing-kit", "pirated-games", "purchase-scam", "pyramid-scheme", "qr-code-scam", "redirect-chain", "redirect-scam", "redirects", "referral-scheme", "retail-sector", "roblox", "rocket-league", "scam", "scam-domain", "scam-shop", "scam-site", "shadow-reporting-scheme", "sm-campaign", "social-engineering", "steamunderground", "subscription-scam", "suspicious-domain", "suspicious-redirect", "task-based-scam", "task-scam", "telegram-bot", "telegram-client-malware", "tiktok", "typosquatting", "unauthorized-downloads", "unicef", "url-obfuscation", "url-redirection", "urlert", "wallet-drainer", "wayfair", "welcome-bonus", "youtube-bots", "youtube-promotion" ], "references": [ "https://urlert.com/domain/ac-inbox.com", "https://urlert.com/domain/aceimg.com", "https://urlert.com/domain/apkpurehub.net", "https://urlert.com/domain/appmedo.com", "https://urlert.com/domain/auroraexchanges.com", "https://urlert.com/domain/buksuper.xyz", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/cstradex.com", "https://urlert.com/domain/dandys1.xyz", "https://urlert.com/domain/dfxecha.com", "https://urlert.com/domain/digitaloceanspaces.com", "https://urlert.com/domain/flgroup.win", "https://urlert.com/domain/fort-vbucks.life", "https://urlert.com/domain/go448.com", "https://urlert.com/domain/greennigeriia.cc", "https://urlert.com/domain/it.com", "https://urlert.com/domain/kindwealthnetwork.xyz", "https://urlert.com/domain/lcdprize.world", "https://urlert.com/domain/mt3.me", "https://urlert.com/domain/nqq.cc" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Media / Entertainment", "Non-Profit", "Retail / E-Commerce", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 27, "hostname": 11, "URL": 28 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "20 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://urlert.com/domain/izimuves.com", "https://urlert.com/domain/jylus.my.id", "https://urlert.com/domain/maddixi.me", "https://urlert.com/domain/bmz.cc", "https://urlert.com/domain/fort-vbucks.life", "https://urlert.com/domain/iceiy.com", "https://urlert.com/domain/nqq.cc", "https://urlert.com/domain/appmedo.com", "https://urlert.com/domain/auroraexchanges.com", "https://urlert.com/domain/nowplaytoc.com", "https://urlert.com/domain/illgmouk.com", "https://urlert.com/domain/buksuper.xyz", "https://urlert.com/domain/ac-inbox.com", "https://urlert.com/domain/bringitonmsg.com", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/it.com", "https://urlert.com/domain/lumenpick.com", "https://urlert.com/domain/brak.cc", "https://urlert.com/domain/aceimg.com", "https://urlert.com/domain/inssupplier.com", "https://urlert.com/domain/apkpurehub.net", "https://urlert.com/domain/greennigeriia.cc", "https://urlert.com/domain/dandys1.xyz", "https://urlert.com/domain/mt3.me", "https://urlert.com/domain/luluvid.com", "https://urlert.com/domain/gb-tracking.help", "https://urlert.com/domain/getzofr.com", "https://urlert.com/domain/go448.com", "https://urlert.com/domain/digitaloceanspaces.com", "https://urlert.com/domain/kindwealthnetwork.xyz", "https://urlert.com/domain/flgroup.win", "https://urlert.com/domain/dfxecha.com", "https://urlert.com/domain/lcdprize.world", "https://urlert.com/domain/fast-links.org", "https://urlert.com/domain/cstradex.com", "https://urlert.com/domain/cxr.cc", "https://urlert.com/domain/pccompressed.blog", "https://urlert.com/domain/newtv.site" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Media / entertainment", "Technology", "Financial services", "Logistics / supply chain", "Non-profit", "Telecommunications", "Retail / e-commerce" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69dc409f0305b15d39f0d7f2", "name": "URLert Daily Threat Intel \u2014 2026-04-13", "description": "URLert Daily Threat Intel \u2014 2026-04-13\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 40 | Indicators: 71\nConfirmed: 14 | Likely: 25 | Domain intel: 1\nTop threats: Phishing (32), Malware Hosting (3), Dropper (2), Malvertising (2), Unknown (1)\nDomains: bmz.cc, brak.cc, bringitonmsg.com, bunnyband.com, cxr.cc, dfxecha.com, fast-links.org, gb-tracking.help, getzofr.com, iceiy.com, illgmouk.com, inssupplier.com, izimuves.com, jylus.my.id, l...\n\n40 unique threats producing 71 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-12T23:08:04.035000", "created": "2026-04-13T01:02:23.579000", "tags": [ ".click-tld", "ad-fraud", "adobe-photoshop", "aggressive-advertising", "anti-analysis", "anydesk", "assistance-loans", "automated-scan", "brand-impersonation", "browser-extension", "content-locker", "counterfeit-goods", "credential-harvesting", "crypto-scam", "cryptocurrency-scam", "daily-threat-intel", "data-breach-lookup", "data-collection", "deception", "deceptive-domain", "deceptive-interface", "deceptive-platform", "deceptive-practices", "deceptive-site", "deceptive-subdomain", "deceptive-tactics", "disposable-domain", "domain-classification", "domain-hopping", "e-commerce-scam", "ecommerce", "evasion", "evasion-technique", "fake-exchange", "fake-login", "fake-reviews", "fake-store", "file-sharing", "financial-fraud", "fordeal", "fraudulent-ecommerce", "fraudulent-financial-platform", "fraudulent-gambling", "fraudulent-platform", "fraudulent-retailer", "fund-harvesting", "generic-impersonation", "gibberish-domain", "high-risk-tld", "insecure-redirect", "leak-scam", "logitech", "low-reputation-domain", "luxury-goods", "malicious-infrastructure", "malicious-redirect", "malicious-redirection", "malvertising", "malware", "malware-distribution", "marketplace", "microsoft-account", "money-making-scheme", "nebula-x", "netflix", "new-domain", "newly-registered-domain", "onlyfans", "payload-delivery", "payment-information-harvesting", "payment-scam", "personal-information-collection", "phishing", "phishing-site", "pirated-software", "pledge-mining", "rakuten", "recently-registered-domain", "redirect-chain", "redirect-facade", "redirector", "retail-e-commerce", "retail-scam", "roblox", "roblox-impersonation", "royal-mail-impersonation", "scam", "scam-operation", "scam-operations", "scam-shop", "social-engineering", "social-media-campaigns", "social-media-lure", "software-cracks", "spam-promotion", "stolen-accounts", "streaming-service-impersonation", "survey-scam", "task-scam", "tryst-link-impersonation", "twitter", "typosquatting", "unexpected-file-type", "unsecured-hosting", "unvetted-content", "urlert", "whatsapp-scam" ], "references": [ "https://urlert.com/domain/bmz.cc", "https://urlert.com/domain/brak.cc", "https://urlert.com/domain/bringitonmsg.com", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/cxr.cc", "https://urlert.com/domain/dfxecha.com", "https://urlert.com/domain/fast-links.org", "https://urlert.com/domain/gb-tracking.help", "https://urlert.com/domain/getzofr.com", "https://urlert.com/domain/iceiy.com", "https://urlert.com/domain/illgmouk.com", "https://urlert.com/domain/inssupplier.com", "https://urlert.com/domain/izimuves.com", "https://urlert.com/domain/jylus.my.id", "https://urlert.com/domain/luluvid.com", "https://urlert.com/domain/lumenpick.com", "https://urlert.com/domain/maddixi.me", "https://urlert.com/domain/newtv.site", "https://urlert.com/domain/nowplaytoc.com", "https://urlert.com/domain/pccompressed.blog" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 21, "URL": 21, "hostname": 6 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69dee993357e7b6f29b213a7", "name": "URLert Daily Threat Intel \u2014 2026-04-13", "description": "URLert Daily Threat Intel \u2014 2026-04-13\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 40 | Indicators: 71\nConfirmed: 14 | Likely: 25 | Domain intel: 1\nTop threats: Phishing (32), Malware Hosting (3), Dropper (2), Malvertising (2), Unknown (1)\nDomains: bmz.cc, brak.cc, bringitonmsg.com, bunnyband.com, cxr.cc, dfxecha.com, fast-links.org, gb-tracking.help, getzofr.com, iceiy.com, illgmouk.com, inssupplier.com, izimuves.com, jylus.my.id, l...\n\n40 unique threats producing 71 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-12T23:08:04.035000", "created": "2026-04-15T01:27:47.408000", "tags": [ ".click-tld", "ad-fraud", "adobe-photoshop", "aggressive-advertising", "anti-analysis", "anydesk", "assistance-loans", "automated-scan", "brand-impersonation", "browser-extension", "content-locker", "counterfeit-goods", "credential-harvesting", "crypto-scam", "cryptocurrency-scam", "daily-threat-intel", "data-breach-lookup", "data-collection", "deception", "deceptive-domain", "deceptive-interface", "deceptive-platform", "deceptive-practices", "deceptive-site", "deceptive-subdomain", "deceptive-tactics", "disposable-domain", "domain-classification", "domain-hopping", "e-commerce-scam", "ecommerce", "evasion", "evasion-technique", "fake-exchange", "fake-login", "fake-reviews", "fake-store", "file-sharing", "financial-fraud", "fordeal", "fraudulent-ecommerce", "fraudulent-financial-platform", "fraudulent-gambling", "fraudulent-platform", "fraudulent-retailer", "fund-harvesting", "generic-impersonation", "gibberish-domain", "high-risk-tld", "insecure-redirect", "leak-scam", "logitech", "low-reputation-domain", "luxury-goods", "malicious-infrastructure", "malicious-redirect", "malicious-redirection", "malvertising", "malware", "malware-distribution", "marketplace", "microsoft-account", "money-making-scheme", "nebula-x", "netflix", "new-domain", "newly-registered-domain", "onlyfans", "payload-delivery", "payment-information-harvesting", "payment-scam", "personal-information-collection", "phishing", "phishing-site", "pirated-software", "pledge-mining", "rakuten", "recently-registered-domain", "redirect-chain", "redirect-facade", "redirector", "retail-e-commerce", "retail-scam", "roblox", "roblox-impersonation", "royal-mail-impersonation", "scam", "scam-operation", "scam-operations", "scam-shop", "social-engineering", "social-media-campaigns", "social-media-lure", "software-cracks", "spam-promotion", "stolen-accounts", "streaming-service-impersonation", "survey-scam", "task-scam", "tryst-link-impersonation", "twitter", "typosquatting", "unexpected-file-type", "unsecured-hosting", "unvetted-content", "urlert", "whatsapp-scam" ], "references": [ "https://urlert.com/domain/bmz.cc", "https://urlert.com/domain/brak.cc", "https://urlert.com/domain/bringitonmsg.com", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/cxr.cc", "https://urlert.com/domain/dfxecha.com", "https://urlert.com/domain/fast-links.org", "https://urlert.com/domain/gb-tracking.help", "https://urlert.com/domain/getzofr.com", "https://urlert.com/domain/iceiy.com", "https://urlert.com/domain/illgmouk.com", "https://urlert.com/domain/inssupplier.com", "https://urlert.com/domain/izimuves.com", "https://urlert.com/domain/jylus.my.id", "https://urlert.com/domain/luluvid.com", "https://urlert.com/domain/lumenpick.com", "https://urlert.com/domain/maddixi.me", "https://urlert.com/domain/newtv.site", "https://urlert.com/domain/nowplaytoc.com", "https://urlert.com/domain/pccompressed.blog" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 21, "URL": 21, "hostname": 6 }, "indicator_count": 48, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69dc1a55d4a952ca9b117bd6", "name": "URLert Daily Threat Intel \u2014 2026-04-12", "description": "URLert Daily Threat Intel \u2014 2026-04-12\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 46 | Indicators: 88\nConfirmed: 17 | Likely: 29\nTop threats: Phishing (34), Malware Hosting (4), Malvertising (3), Dropper (3), Unknown (2)\nDomains: ac-inbox.com, aceimg.com, apkpurehub.net, appmedo.com, auroraexchanges.com, buksuper.xyz, bunnyband.com, cstradex.com, dandys1.xyz, dfxecha.com, digitaloceanspaces.com, flgroup.win, fort-v...\n\n46 unique threats producing 88 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-12T01:07:39.899000", "created": "2026-04-12T22:19:01.528000", "tags": [ "account-theft", "adult-content", "apk-download", "apk-malware", "automated-bots", "automated-scan", "brand-impersonation", "brushing-scam", "click-bait", "cloaking", "cloudflare-block", "connect-wallet-prompt", "content-gating", "credential-harvesting", "credit-card-theft", "crypto-phishing", "crypto-scam", "cryptocurrency", "cryptocurrency-exchange-impersonation", "cryptocurrency-scam", "daily-threat-intel", "data-exfiltration", "data-harvesting", "data-interception", "deception", "deceptive-domain", "deceptive-gambling", "deceptive-landing-page", "deceptive-practices", "deceptive-scam", "deceptive-site", "deposit-scam", "download-lure", "e-commerce-scam", "earning-scam", "epic-games", "evasion", "explicit-content", "extortion", "fake-app-store", "fake-countdown-timer", "fake-ecommerce", "fake-login-page", "fake-marketplace", "fake-rewards", "fake-testimonials", "financial-fraud", "financial-risk", "financial-scam", "financial-theft", "fraud", "fraudulent-activity", "fraudulent-network", "fraudulent-storefront", "free-spins", "game-cheats", "gaming", "get-rich-quick", "hyip", "icloud-pin-harvesting", "identity-theft", "information-gathering", "investment-scam", "low-reputation-domain", "malicious-app", "malicious-download", "malicious-redirection", "malicious-redirects", "malware-distribution", "malware-risk", "man-in-the-middle", "manipulative-language", "monetary-fraud", "nebula-x", "new-domain", "newly-registered-domain", "obfuscated-url", "personal-information-collection", "phishing", "phishing-kit", "pirated-games", "purchase-scam", "pyramid-scheme", "qr-code-scam", "redirect-chain", "redirect-scam", "redirects", "referral-scheme", "retail-sector", "roblox", "rocket-league", "scam", "scam-domain", "scam-shop", "scam-site", "shadow-reporting-scheme", "sm-campaign", "social-engineering", "steamunderground", "subscription-scam", "suspicious-domain", "suspicious-redirect", "task-based-scam", "task-scam", "telegram-bot", "telegram-client-malware", "tiktok", "typosquatting", "unauthorized-downloads", "unicef", "url-obfuscation", "url-redirection", "urlert", "wallet-drainer", "wayfair", "welcome-bonus", "youtube-bots", "youtube-promotion" ], "references": [ "https://urlert.com/domain/ac-inbox.com", "https://urlert.com/domain/aceimg.com", "https://urlert.com/domain/apkpurehub.net", "https://urlert.com/domain/appmedo.com", "https://urlert.com/domain/auroraexchanges.com", "https://urlert.com/domain/buksuper.xyz", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/cstradex.com", "https://urlert.com/domain/dandys1.xyz", "https://urlert.com/domain/dfxecha.com", "https://urlert.com/domain/digitaloceanspaces.com", "https://urlert.com/domain/flgroup.win", "https://urlert.com/domain/fort-vbucks.life", "https://urlert.com/domain/go448.com", "https://urlert.com/domain/greennigeriia.cc", "https://urlert.com/domain/it.com", "https://urlert.com/domain/kindwealthnetwork.xyz", "https://urlert.com/domain/lcdprize.world", "https://urlert.com/domain/mt3.me", "https://urlert.com/domain/nqq.cc" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Media / Entertainment", "Non-Profit", "Retail / E-Commerce", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 27, "hostname": 11, "URL": 28 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "20 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "dfxecha.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "dfxecha.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780302457.0617633 }