{
  "type": "Domain",
  "indicator": "geeduu.com",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/geeduu.com",
    "alexa": "http://www.alexa.com/siteinfo/geeduu.com",
    "indicator": "geeduu.com",
    "type": "domain",
    "type_title": "Domain",
    "validation": [],
    "base_indicator": {
      "id": 4278738800,
      "indicator": "geeduu.com",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 6,
      "pulses": [
        {
          "id": "69e96f2bc858014973680e1f",
          "name": "URLert Daily Threat Intel \u2014 2026-04-23",
          "description": "URLert Daily Threat Intel \u2014 2026-04-23\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 63 | Indicators: 117\nConfirmed: 18 | Likely: 43 | Domain intel: 2\nTop threats: Phishing (54), Malvertising (4), Dropper (2), Unknown (2), Malware Hosting (1)\nDomains: 0lprvs.click, abre.ai, bunnyband.com, ca-pageo.cyou, ca-pageo.web.id, chainvoltgrid.com, chara-gacha.com, citly.me, dpd-lanviro.link, dpdlocasa.shop, dpdlocass.shop, eu.cc, euprava-gov.lat...\n\n63 unique threats producing 117 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-23T00:06:10.121000",
          "created": "2026-04-23T01:00:27.807000",
          "tags": [
            "abuse-of-legitimate-service",
            "account-suspended",
            "action",
            "aggressive-ads",
            "airbnb",
            "airdrop-scam",
            "anonymized-infrastructure",
            "automated-scan",
            "brand-impersonation",
            "captcha-scam",
            "chrome-hearts",
            "cloaking",
            "cloudflare-protected",
            "credential-harvesting",
            "crypto-casino-scam",
            "crypto-mining-scam",
            "cryptocurrency",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-harvesting",
            "dating-scam",
            "deceptive-advertising",
            "deceptive-challenge",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-practices",
            "deceptive-tactics",
            "delivery-scam",
            "domain-classification",
            "dpd-impersonation",
            "dpd-local-impersonation",
            "dropshipping-scam",
            "e-commerce-fraud",
            "elon-musk-impersonation",
            "evasion",
            "evasion-technique",
            "fake-dating-service",
            "fake-discounts",
            "fake-engagement",
            "fake-giveaway",
            "fake-login-portal",
            "fake-registration",
            "fake-security-alert",
            "fake-verification",
            "financial-fraud",
            "financial-impersonation",
            "financial-scam",
            "financial-scheme",
            "financial-sector",
            "financial-service-impersonation",
            "fiverr-impersonation",
            "fraud-alert",
            "free-hosting",
            "fuel-voucher-scam",
            "game-downloads",
            "get-paid-to-scheme",
            "gibberish-domain",
            "giveaway-scam",
            "global-futures-options-limited",
            "google-docs-abuse",
            "government",
            "government-impersonation",
            "high-risk",
            "high-risk-alert",
            "high-risk-tld",
            "human-verification-scam",
            "impersonation",
            "information-collection",
            "information-harvesting",
            "information-theft",
            "investment-scam",
            "israel-post-impersonation",
            "linkvertise",
            "logistics-impersonation",
            "low-reputation",
            "low-reputation-domain",
            "lure",
            "macos-impersonation",
            "malicious-infrastructure",
            "malicious-payloads",
            "malicious-site",
            "malvertising",
            "malvertising-gateway",
            "malware-delivery",
            "malware-distribution",
            "mexc-impersonation",
            "mining-scam",
            "mobile-number-harvesting",
            "monetized-url-shortener",
            "new-domain",
            "newly-registered-domain",
            "ontario-government",
            "package-delivery-scam",
            "payment-information-harvesting",
            "peopleperhour-impersonation",
            "petrom",
            "phishing",
            "phishing-page",
            "phishing-risk",
            "phishing-site",
            "privilege-escalation",
            "random-domain",
            "redirect",
            "redirect-chain",
            "redirect-chains",
            "riskware",
            "roblox",
            "roblox-impersonation",
            "scam",
            "scam-allegations",
            "scam-lure",
            "scam-storefront",
            "serbia",
            "serviceontario",
            "social-engineering",
            "suspicious-domain",
            "targeted-phishing",
            "task-based-earning-scam",
            "task-based-scam",
            "task-scam",
            "tiktok-impersonation",
            "tracking-redirect",
            "traffic-redirection",
            "trojan",
            "typosquatting",
            "unwanted-software",
            "unwanted-software-distribution",
            "url-shortener",
            "urlert",
            "user-deception",
            "vgen-impersonation",
            "wallet-draining"
          ],
          "references": [
            "https://urlert.com/domain/0lprvs.click",
            "https://urlert.com/domain/abre.ai",
            "https://urlert.com/domain/bunnyband.com",
            "https://urlert.com/domain/ca-pageo.cyou",
            "https://urlert.com/domain/ca-pageo.web.id",
            "https://urlert.com/domain/chainvoltgrid.com",
            "https://urlert.com/domain/chara-gacha.com",
            "https://urlert.com/domain/citly.me",
            "https://urlert.com/domain/dpd-lanviro.link",
            "https://urlert.com/domain/dpdlocasa.shop",
            "https://urlert.com/domain/dpdlocass.shop",
            "https://urlert.com/domain/eu.cc",
            "https://urlert.com/domain/euprava-gov.lat",
            "https://urlert.com/domain/flowtrackr.site",
            "https://urlert.com/domain/geeduu.com",
            "https://urlert.com/domain/go2wa.cc",
            "https://urlert.com/domain/google.com",
            "https://urlert.com/domain/homebnb.sbs",
            "https://urlert.com/domain/httpps-www-roblox.co",
            "https://urlert.com/domain/huighaverlag.nl"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Government",
            "Hospitality",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 37,
            "URL": 40,
            "hostname": 13
          },
          "indicator_count": 90,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 32,
          "modified_text": "8 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69dee3140bd99e9baf014779",
          "name": "URLert Daily Threat Intel \u2014 2026-04-15",
          "description": "URLert Daily Threat Intel \u2014 2026-04-15\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 67 | Indicators: 121\nConfirmed: 20 | Likely: 43 | Domain intel: 4\nTop threats: Phishing (55), Malware Hosting (6), Dropper (3), Unknown (2), Malvertising (1)\nDomains: 0nlyfans.es, acccat.com, aceimg.com, alert-micro.com, allwatch.id, apidoge.com, asusnext.us, belladobe.com, bunnyband.com, carziqo.net, clearentry.pro, cloudnext.pro, cs2challengemode.com,...\n\n67 unique threats producing 121 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-15T00:53:50.005000",
          "created": "2026-04-15T01:00:04.655000",
          "tags": [
            "5eplay",
            "account-recovery-scam",
            "adult-content-lure",
            "affiliate-fraud",
            "aggressive-advertising",
            "aliexpress-impersonation",
            "allegro-impersonation",
            "apk-distribution",
            "automated-scan",
            "banking-credentials",
            "betting-scam",
            "brand-impersonation",
            "cfd-trading",
            "clickbait",
            "combosquatting",
            "credential-harvesting",
            "credit-card-harvesting",
            "credit-card-theft",
            "crypto-gambling",
            "cryptocurrency",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "dao-impersonation",
            "data-harvesting",
            "dating-scam",
            "deceptive-advertising",
            "deceptive-downloads",
            "deceptive-landing-page",
            "deceptive-marketing",
            "deceptive-redirect",
            "deceptive-redirects",
            "deceptive-scam",
            "deceptive-tactics",
            "delivery-scam",
            "document-sharing-phishing",
            "domain-classification",
            "ecommerce-scam",
            "elon-musk",
            "email-lookup",
            "email-redirect",
            "employment-scam",
            "esports-platform-impersonation",
            "explicit-content",
            "fake-app-store",
            "fake-mining",
            "fake-news",
            "fake-profiles",
            "fake-toll-notice",
            "fake-tracking",
            "file-distribution",
            "file-hosting",
            "financial-deception",
            "financial-fraud",
            "financial-phishing",
            "financial-scam",
            "fiverr",
            "fiverr-impersonation",
            "forex-trading",
            "fraudulent-investment",
            "fraudulent-platform",
            "fraudulent-website",
            "free-hosting-abuse",
            "freelancer-targeting",
            "game-scam",
            "gaming",
            "get-rich-quick",
            "gibberish-domain",
            "gift-card-scam",
            "google-impersonation",
            "government-impersonation",
            "h-and-m",
            "hetzner-hosting",
            "high-risk-tld",
            "hospitality-targeting",
            "income-scheme",
            "information-harvesting",
            "infostealer-logs",
            "investment-scam",
            "irish-government",
            "lead-generation",
            "link-shortener",
            "live-sports-streaming",
            "malicious-file-hosting",
            "malicious-redirection",
            "malware-distribution",
            "malware-hosting",
            "mexc-impersonation",
            "movie-download-scam",
            "mtn-impersonation",
            "mygovid",
            "new-domain",
            "newly-observed-domain",
            "newly-registered-domain",
            "online-banking",
            "online-gaming",
            "outlook-safelink",
            "payload-delivery",
            "payment-scam",
            "pentavida",
            "personal-information-collection",
            "phishing",
            "phishing-campaign",
            "phishing-infrastructure",
            "phishing-scam",
            "phishing-site",
            "phone-number-harvesting",
            "pig-butchering-scam",
            "ponzi-scheme",
            "privacy-risk",
            "pyramid-scheme",
            "raw-binary-serving",
            "redirect",
            "redirect-chain",
            "scam",
            "scam-allegations",
            "scam-landing-page",
            "seo-poisoning",
            "social-engineering",
            "social-media-scam",
            "software-piracy-scam",
            "spam",
            "spotahome",
            "spotify",
            "steam-credentials",
            "survey-scam",
            "suspicious-domain",
            "suspicious-infrastructure",
            "targeted-phishing",
            "task-based-earning-scam",
            "task-scam",
            "team-visma-lease-a-bike",
            "throwaway-domain",
            "trading-platform",
            "typosquatting",
            "unsolicited-messages",
            "unvetted-content",
            "urlert",
            "username-harvesting",
            "username-password-collection",
            "voucher-scam",
            "wallet-draining",
            "wanda-cinemas",
            "whatsapp-group-scam",
            "whatsapp-lure",
            "withdrawal-scam",
            "x-twitter"
          ],
          "references": [
            "https://urlert.com/domain/0nlyfans.es",
            "https://urlert.com/domain/acccat.com",
            "https://urlert.com/domain/aceimg.com",
            "https://urlert.com/domain/alert-micro.com",
            "https://urlert.com/domain/allwatch.id",
            "https://urlert.com/domain/apidoge.com",
            "https://urlert.com/domain/asusnext.us",
            "https://urlert.com/domain/belladobe.com",
            "https://urlert.com/domain/bunnyband.com",
            "https://urlert.com/domain/carziqo.net",
            "https://urlert.com/domain/clearentry.pro",
            "https://urlert.com/domain/cloudnext.pro",
            "https://urlert.com/domain/cs2challengemode.com",
            "https://urlert.com/domain/ct.ws",
            "https://urlert.com/domain/dao-kd.com",
            "https://urlert.com/domain/demoteam.ch",
            "https://urlert.com/domain/es-long-rent-apartments-4567885553.homes",
            "https://urlert.com/domain/freefunhere.com",
            "https://urlert.com/domain/geeduu.com",
            "https://urlert.com/domain/getmysocial.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Automotive",
            "Financial Services",
            "Government",
            "Hospitality",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Real Estate",
            "Retail / E-Commerce",
            "Technology",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 42,
            "hostname": 13,
            "URL": 43
          },
          "indicator_count": 98,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "16 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69dd91ae78f490fd44e82d33",
          "name": "URLert Daily Threat Intel \u2014 2026-04-14",
          "description": "URLert Daily Threat Intel \u2014 2026-04-14\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 67 | Indicators: 113\nConfirmed: 27 | Likely: 38 | Domain intel: 2\nTop threats: Phishing (49), Malware Hosting (12), Malvertising (3), Dropper (2), Exploit Kit (1)\nDomains: 738833.com, 888-gpifc.vip, 964235.help, 9mod.cloud, ankergames.net, appinjects.com, asusnext.us, binance-ltd.vip, bnz-gov.cam, bucara.my.id, bunnyband.com, challengermode.network, clck.ru,...\n\n67 unique threats producing 113 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-14T01:05:16.798000",
          "created": "2026-04-14T01:00:29.601000",
          "tags": [
            ".monster-tld",
            "abused-platform",
            "account-takeover",
            "account-theft",
            "ad-fraud",
            "adult-content-scam",
            "adult-dating-scam",
            "advance-fee-fraud",
            "ai-services",
            "android-malware",
            "anti-analysis",
            "apk-distribution",
            "apk-malware",
            "asset-theft",
            "automated-scan",
            "binance-impersonation",
            "brand-impersonation",
            "brazil",
            "broken-page",
            "carding",
            "city-of-vancouver",
            "click-jacking",
            "cloud-run",
            "combosquatting",
            "community-report",
            "content-locker",
            "counterfeit-domain",
            "credential-harvesting",
            "cryptocurrency",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-collection",
            "data-harvesting",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-interface",
            "deceptive-lure",
            "deceptive-page",
            "deceptive-platform",
            "deceptive-practices",
            "deceptive-redirects",
            "deceptive-site",
            "deceptive-url",
            "deceptive-verification",
            "developer-tools-blocking",
            "domain-classification",
            "e-commerce-fraud",
            "earning-scheme",
            "esports-targeting",
            "etsy-impersonation",
            "evasion",
            "evasion-tactics",
            "fake-android-app",
            "fake-app",
            "fake-domain",
            "fake-giveaway",
            "fake-online-store",
            "fake-platform",
            "fake-rewards",
            "fake-verification",
            "file-sharing",
            "file-sharing-impersonation",
            "financial-fraud",
            "financial-harvesting",
            "financial-scam",
            "fiverr",
            "fiverr-impersonation",
            "flhsmv-impersonation",
            "fraudulent-activity",
            "fraudulent-platform",
            "fraudulent-scheme",
            "free-fire",
            "gambling",
            "gambling-promotion",
            "game-cheats",
            "get-paid-to-scheme",
            "google-impersonation",
            "government-impersonation",
            "high-risk-domain",
            "high-risk-tld",
            "information-gathering",
            "information-harvesting",
            "intrusive-ads",
            "investment-management",
            "investment-scam",
            "jadlog-impersonation",
            "low-reputation",
            "malicious-landing-page",
            "malicious-redirect",
            "malicious-redirection",
            "malvertising",
            "malware",
            "malware-distribution",
            "malware-download",
            "malware-hosting",
            "malware-potential",
            "mexc-impersonation",
            "misleading-domain",
            "mobile-spyware",
            "modified-apps",
            "nebula-x",
            "netlify-abuse",
            "new-domain",
            "newly-registered-domain",
            "obfuscation",
            "payment-information-harvesting",
            "payment-scam",
            "personal-data-collection",
            "personal-information-collection",
            "personal-information-harvesting",
            "pet-scam",
            "phishing",
            "phishing-page",
            "phishing-scam",
            "phishing-site",
            "phishing-technique",
            "pirated-software",
            "ponzi-scheme",
            "puppy-scam",
            "recruitment-scam",
            "redirect",
            "redirect-chain",
            "revanced-impersonation",
            "roblox",
            "roblox-impersonation",
            "scam",
            "scam-campaign",
            "scam-lure",
            "scam-site",
            "serviceontario",
            "session-token",
            "shopping-cart-scam",
            "signup-page",
            "signup-scam",
            "social-engineering",
            "spam-promotion",
            "spoofed-domain",
            "spotify",
            "steam",
            "survey-scam",
            "suspicious-retailer",
            "suspicious-service-model",
            "task-based-earning-scam",
            "task-based-scam",
            "task-scam",
            "third-party-download",
            "toll-scam",
            "typosquatting",
            "unofficial-sources",
            "unwanted-software",
            "url-redirection",
            "url-shortener",
            "urlert",
            "usdt-storage",
            "user-manipulation",
            "virtual-tasks",
            "wallet-harvesting",
            "x-twitter",
            "zip-download"
          ],
          "references": [
            "https://urlert.com/domain/738833.com",
            "https://urlert.com/domain/888-gpifc.vip",
            "https://urlert.com/domain/964235.help",
            "https://urlert.com/domain/9mod.cloud",
            "https://urlert.com/domain/ankergames.net",
            "https://urlert.com/domain/appinjects.com",
            "https://urlert.com/domain/asusnext.us",
            "https://urlert.com/domain/binance-ltd.vip",
            "https://urlert.com/domain/bnz-gov.cam",
            "https://urlert.com/domain/bucara.my.id",
            "https://urlert.com/domain/bunnyband.com",
            "https://urlert.com/domain/challengermode.network",
            "https://urlert.com/domain/clck.ru",
            "https://urlert.com/domain/cloudnext.pro",
            "https://urlert.com/domain/dattingrooms.com",
            "https://urlert.com/domain/discord-tracker.com",
            "https://urlert.com/domain/elricat.co.uk",
            "https://urlert.com/domain/f09poypkdea3.com",
            "https://urlert.com/domain/facebook.hk",
            "https://urlert.com/domain/gamenuv.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Government",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 35,
            "URL": 40,
            "hostname": 13
          },
          "indicator_count": 88,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "17 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d84b940c380e7d4d3cf30c",
          "name": "URLert Daily Threat Intel \u2014 2026-04-10",
          "description": "URLert Daily Threat Intel \u2014 2026-04-10\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 100 | Indicators: 201\nConfirmed: 33 | Likely: 66 | Domain intel: 1\nTop threats: Phishing (89), Malware Hosting (4), Malvertising (3), Dropper (3), Unknown (1)\nDomains: 3fox.fun, 76whb36t.lat, activecampaign-team-support.com, altriagroupformerlyphilipmorakfriscompanies.cfd, amazonaws.com, ameli-gouv.com, apkresult.io, assureloans.ca, beauty-date-app.beaut...\n\n100 unique threats producing 201 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-09T21:51:12.227000",
          "created": "2026-04-10T01:00:04.155000",
          "tags": [
            "seur-impersonation",
            "abused-platform",
            "account-recovery-fraud",
            "account-recovery-scam",
            "account-takeover",
            "activecampaign",
            "adult-lure",
            "adult-scam",
            "advance-fee-scam",
            "advertising-scam",
            "affiliate-fraud",
            "anti-analysis",
            "asset-theft",
            "automated-scan",
            "booking-impersonation",
            "brand-impersonation",
            "browser-verification",
            "canada",
            "clickbait",
            "cloudflare-impersonation",
            "coinhako-impersonation",
            "combosquatting",
            "command-execution",
            "compromised-site",
            "constructconnect-impersonation",
            "credential-harvesting",
            "credit-card-harvesting",
            "crypto-casino",
            "crypto-drainer",
            "crypto-exchange",
            "crypto-scam",
            "cryptocurrency",
            "cryptocurrency-exchange",
            "cs2-tournament",
            "daft-ie",
            "daily-threat-intel",
            "dao",
            "data-harvesting",
            "dating-scam",
            "ddns",
            "deceptive-domain",
            "deceptive-notification",
            "deceptive-redirects",
            "deceptive-reward-scheme",
            "deceptive-scam",
            "deceptive-site",
            "deceptive-social-tool",
            "deceptive-tactics",
            "deceptive-url",
            "deceptive-widget",
            "delivery-exception-scam",
            "delivery-failure",
            "delivery-scam",
            "denmark",
            "depop",
            "discord-impersonation",
            "domain-classification",
            "dpd-impersonation",
            "dropshipping-scam",
            "e-commerce-scam",
            "email-phishing",
            "evasive-behavior",
            "executable-download",
            "fake-contest",
            "fake-dating-scam",
            "fake-delivery-notification",
            "fake-download",
            "fake-financial-institution",
            "fake-gifts",
            "fake-legal-document",
            "fake-login",
            "fake-offer",
            "fake-security-alert",
            "fake-security-check",
            "fake-store",
            "fake-survey",
            "fake-testimonials",
            "fake-voting-scam",
            "financial-fraud",
            "financial-scam",
            "fiverr-impersonation",
            "france",
            "fraudulent-platform",
            "free-hosting",
            "free-web-hosting",
            "gate-page",
            "generic-hosting",
            "georgia",
            "georgia-dds",
            "gibberish-domain",
            "gog-impersonation",
            "google-impersonation",
            "government-service",
            "grayware",
            "high-risk-extension",
            "high-risk-tld",
            "hospitality-scam",
            "identity-theft",
            "illegal-drugs",
            "illicit-marketplace",
            "imap-authentication-scam",
            "information-gathering",
            "investment-scam",
            "kaspersky",
            "loan-fee-scam",
            "loblaws",
            "logistics",
            "logistics-impersonation",
            "lookalike-domain",
            "malicious-links",
            "malicious-site",
            "malvertising",
            "malware-delivery",
            "malware-distribution",
            "malware-hosting",
            "mandarin-oriental",
            "meesho",
            "mexc-impersonation",
            "microsoft",
            "misspelled-domain",
            "modded-apk",
            "multi-stage-redirect",
            "nacex",
            "netlify-app",
            "new-domain",
            "newly-registered-domain",
            "obfuscated-javascript",
            "offer-scam",
            "olx",
            "olx-impersonation",
            "package-delivery-scam",
            "patreon-impersonation",
            "payload-delivery",
            "paywall-bypass",
            "personal-data-collection",
            "personal-data-harvesting",
            "personal-information-harvesting",
            "phishing",
            "phishing-landing-page",
            "phishing-page",
            "phishing-site",
            "pii-collection",
            "pii-harvesting",
            "pirated-software",
            "podcast-voting-impersonation",
            "ponzi-scheme",
            "pornographic-content-promotion",
            "prize-giveaway-scam",
            "profiling",
            "pyramid-scheme",
            "raiffeisen",
            "recent-domain",
            "recently-registered-domain",
            "recruitment-scheme",
            "redirect-chain",
            "retail-scam",
            "risky-tld",
            "roblox",
            "roblox-impersonation",
            "scam",
            "scam-landing-page",
            "scam-site",
            "sharepoint-impersonation",
            "shopify-redirect",
            "smartphone-scam",
            "social-engineering",
            "social-login-phishing",
            "spotify-impersonation",
            "steam",
            "steam-api-key",
            "stonex-impersonation",
            "suspicious-domain",
            "suspicious-redirects",
            "synology",
            "system-compromise",
            "tech-support-scam",
            "telegram",
            "trading-platform",
            "twitter-impersonation",
            "typosquatting",
            "unofficial-software",
            "unwanted-programs",
            "unwanted-software",
            "url-shortener",
            "urlert",
            "webex-impersonation",
            "young-domain",
            "youtube",
            "youtube-bots"
          ],
          "references": [
            "https://urlert.com/domain/3fox.fun",
            "https://urlert.com/domain/76whb36t.lat",
            "https://urlert.com/domain/activecampaign-team-support.com",
            "https://urlert.com/domain/altriagroupformerlyphilipmorakfriscompanies.cfd",
            "https://urlert.com/domain/amazonaws.com",
            "https://urlert.com/domain/ameli-gouv.com",
            "https://urlert.com/domain/apkresult.io",
            "https://urlert.com/domain/assureloans.ca",
            "https://urlert.com/domain/beauty-date-app.beauty",
            "https://urlert.com/domain/bookingil.com",
            "https://urlert.com/domain/callingsafe.com",
            "https://urlert.com/domain/campanie.promo",
            "https://urlert.com/domain/coinhako-m.com",
            "https://urlert.com/domain/confirmare.store",
            "https://urlert.com/domain/cordilleralaserena.cl",
            "https://urlert.com/domain/correos-argentino.org",
            "https://urlert.com/domain/cs2cup.com",
            "https://urlert.com/domain/ct.ws",
            "https://urlert.com/domain/cudasvc.com",
            "https://urlert.com/domain/dadaoas.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Government",
            "Hospitality",
            "Legal Services",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Real Estate",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 62,
            "URL": 64,
            "hostname": 28
          },
          "indicator_count": 154,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "21 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d6fa144bba9d675073150e",
          "name": "URLert Daily Threat Intel \u2014 2026-04-09",
          "description": "URLert Daily Threat Intel \u2014 2026-04-09\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 144 | Indicators: 278\nConfirmed: 40 | Likely: 100 | Domain intel: 4\nTop threats: Phishing (127), Malvertising (5), Malware Hosting (5), Dropper (4), Unknown (2)\nDomains: 678940.com, acsgri.xyz, amazonvtc.com, apple-job-opportunities.com, as6738.com, axionholdings.online, booklng-dats.com, buksuper.xyz, castrooutlet-il.shop, cfbfpro.com, clarissaflorence.co...\n\n144 unique threats producing 278 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-08T22:06:56.603000",
          "created": "2026-04-09T01:00:04.860000",
          "tags": [
            "seur",
            "abused-infrastructure",
            "account-hijacking",
            "account-login-impersonation",
            "acs-courier",
            "ad-blocker-bypass",
            "ad-revenue",
            "ad-revenue-scam",
            "adult-content",
            "adult-content-lure",
            "adult-content-scam",
            "adult-scam",
            "advance-fee-fraud",
            "affiliate-marketing-scam",
            "affiliate-redirect",
            "aged-domain",
            "aggressive-language",
            "airportparking-service",
            "amazon",
            "anti-analysis",
            "arkansas",
            "asset-theft",
            "automated-scan",
            "belgian-health-insurance-impersonation",
            "blank-page",
            "booking-com",
            "booking-com-impersonation",
            "brand-impersonation",
            "brand-in-subdomain",
            "brazil",
            "broken-template",
            "browser-exploit",
            "canada",
            "castro",
            "cloudflare",
            "cloudflare-impersonation",
            "cloudflared-blocked",
            "combosquatting",
            "compromised-site",
            "content-locker",
            "counterfeit-goods",
            "cracked-games",
            "credential-harvesting",
            "crypto-casino-scam",
            "crypto-com",
            "crypto-scam",
            "cryptocurrency",
            "cryptocurrency-investment-scam",
            "cryptocurrency-mining",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-harvesting",
            "dating-scam",
            "deception",
            "deceptive-advertising",
            "deceptive-content",
            "deceptive-dating-scam",
            "deceptive-distribution",
            "deceptive-domain",
            "deceptive-lead-generation",
            "deceptive-marketing",
            "deceptive-offer-walls",
            "deceptive-online-store",
            "deceptive-practices",
            "deceptive-promotion",
            "deceptive-prompts",
            "deceptive-redirect",
            "deceptive-security-check",
            "deceptive-site",
            "deceptive-template",
            "delivery-exception",
            "delivery-exception-scam",
            "delivery-scam",
            "discord-account-hijacking",
            "discord-impersonation",
            "disposable-infrastructure",
            "docsend-impersonation",
            "domain-age-misleading",
            "domain-classification",
            "dpd",
            "dpd-impersonation",
            "dpd-local",
            "e-commerce-scam",
            "education",
            "email-credentials",
            "email-harvesting",
            "employment-scam",
            "explicit-content",
            "fake-captcha",
            "fake-check-scam",
            "fake-fees",
            "fake-giveaway",
            "fake-login",
            "fake-payment",
            "fake-persona",
            "fake-prize",
            "fake-security-challenge",
            "fake-shop",
            "fake-storefront",
            "fake-survey",
            "fake-urgency",
            "fake-wallet",
            "fake-warning",
            "financial-fraud",
            "financial-impersonation",
            "financial-information-harvesting",
            "financial-information-theft",
            "financial-scam",
            "fortnite",
            "fortnite-lure",
            "fraud",
            "fraudulent-commerce",
            "fraudulent-domain",
            "fraudulent-exchange",
            "fraudulent-investment-scheme",
            "fraudulent-payment",
            "fraudulent-services",
            "fraudulent-subscriptions",
            "free-hosting",
            "free-movie-streaming-lure",
            "ftp",
            "game-cheats",
            "gamers",
            "georgia-dds",
            "gibberish-domain",
            "giveaway-scam",
            "google-safe-browsing",
            "government-impersonation",
            "groupon",
            "high-return-scam",
            "high-risk-tld",
            "hoka",
            "hookup-scam",
            "human-verification",
            "hyip",
            "identity-theft",
            "identity-verification-scam",
            "illinois",
            "information-harvesting",
            "insecure-protocol",
            "instagram",
            "installer-download",
            "investment-scam",
            "ipfs-gateway",
            "job-scam",
            "jotform-abuse",
            "large-scale-redirection",
            "lbank",
            "lead-generation",
            "link-shortener",
            "linkedin-impersonation",
            "loading-spinner",
            "logistics",
            "logistics-impersonation",
            "malicious-domain",
            "malicious-redirect",
            "malicious-redirects",
            "malicious-scripts",
            "malvertising",
            "malware-delivery",
            "malware-distribution",
            "malware-download",
            "malware-risk",
            "mexc-impersonation",
            "microsoft-impersonation",
            "microsoft-sharepoint",
            "mitm",
            "mobile-redirect",
            "multi-domain-redirect",
            "nc-dot-impersonation",
            "ncdot",
            "nebula-x",
            "new-domain",
            "newly-registered-domain",
            "north-carolina",
            "oauth-phishing",
            "obfuscated-redirects",
            "oklahoma-dps-impersonation",
            "okx",
            "olx",
            "online-gambling",
            "ontario",
            "pages-dev-abuse",
            "parking-citation",
            "paycity-impersonation",
            "payment-fraud",
            "payment-harvesting",
            "payment-information-harvesting",
            "payment-scam",
            "paypal-impersonation",
            "personal-information-collection",
            "personal-information-harvesting",
            "phishing",
            "phishing-attempt",
            "phishing-infrastructure",
            "phishing-kit",
            "phishing-scam",
            "phishing-site",
            "phishing-vector",
            "pig-butchering",
            "pirated-software",
            "ponzi-scheme",
            "privacy-violation",
            "pump-fun",
            "pyramid-scheme",
            "raiffeisen",
            "random-domain",
            "recently-registered-domain",
            "reconnaissance",
            "recruitment-scheme",
            "redirect",
            "redirect-chain",
            "redirect-cloaking",
            "registration-scam",
            "remote-task-scam",
            "repurposed-domain",
            "retail-scam",
            "riskware",
            "roblox",
            "roblox-impersonation",
            "robux-scam",
            "sameday-courier-impersonation",
            "scam",
            "scam-domain",
            "scam-funnel",
            "scam-platform",
            "security-bypass",
            "session-hijacking",
            "shadow-reporting",
            "shein",
            "shipping-fee-scam",
            "social-engineering",
            "software-executors",
            "software-piracy",
            "soundsquatting",
            "south-africa",
            "steam",
            "surge-sh",
            "survey-scam",
            "suspicious-domain",
            "suspicious-login",
            "suspicious-tld",
            "suspicious-traffic",
            "task-scam",
            "telegram",
            "texas",
            "tiktok",
            "tiktok-impersonation",
            "toll-scam",
            "tracksoptions-com",
            "traffic-citation",
            "tx-dmv",
            "typosquatting",
            "unauthorized-streaming",
            "universitatea-politehnica-timisoara",
            "unknown-payload",
            "unverified-apps",
            "unwanted-software",
            "unwanted-subscriptions",
            "url-obfuscation",
            "url-redirection",
            "urlert",
            "user-deception",
            "user-manipulation",
            "usps-impersonation",
            "vaultcord-impersonation",
            "vercel-subdomain",
            "vulnerability-scanning",
            "wabtec",
            "wallapop",
            "wallet-drainer",
            "wallet-phishing",
            "western-union-scam",
            "whatsapp-scam",
            "windows-installer",
            "withdrawal-scam",
            "zoom-impersonation"
          ],
          "references": [
            "https://urlert.com/domain/678940.com",
            "https://urlert.com/domain/acsgri.xyz",
            "https://urlert.com/domain/amazonvtc.com",
            "https://urlert.com/domain/apple-job-opportunities.com",
            "https://urlert.com/domain/as6738.com",
            "https://urlert.com/domain/axionholdings.online",
            "https://urlert.com/domain/booklng-dats.com",
            "https://urlert.com/domain/buksuper.xyz",
            "https://urlert.com/domain/castrooutlet-il.shop",
            "https://urlert.com/domain/cfbfpro.com",
            "https://urlert.com/domain/clarissaflorence.com",
            "https://urlert.com/domain/com-conflrm-eu.com",
            "https://urlert.com/domain/com-sart.top",
            "https://urlert.com/domain/com-sasi.top",
            "https://urlert.com/domain/compromisedblog.com",
            "https://urlert.com/domain/connectview.click",
            "https://urlert.com/domain/coppii.com",
            "https://urlert.com/domain/cozyloftz.com",
            "https://urlert.com/domain/cryptor.plus",
            "https://urlert.com/domain/ct.ws"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Financial Services",
            "Government",
            "Hospitality",
            "Insurance",
            "Logistics / Supply Chain",
            "Manufacturing",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 87,
            "URL": 89,
            "hostname": 41
          },
          "indicator_count": 217,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "22 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69c0909fb24fd2f82cdfa0f9",
          "name": "URLert Daily Threat Intel \u2014 2026-03-23",
          "description": "URLert Daily Threat Intel \u2014 2026-03-23\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 75 | Indicators: 135\nConfirmed: 26 | Likely: 46 | Domain intel: 3\nTop threats: Phishing (62), Unknown (5), Malvertising (4), Malware Hosting (2), RAT (1)\nDomains: 472rapido.lol, acccat.com, adaface.us, advomate92.com, aidleyy.live, appinjects.com, autree.org, axama.org, backedstock.shop, backkmarket.com, base44.app, buyiphone.online, capri777.com, c...\n\n75 unique threats producing 135 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-04-21T22:31:30.334000",
          "created": "2026-03-23T01:00:15.320000",
          "tags": [
            "ad-blocker-bypass",
            "adaface-impersonation",
            "adult-content-lure",
            "adware",
            "aggressive-marketing",
            "aggressive-tactics",
            "amazon-impersonation",
            "apk-distribution",
            "app-scam",
            "apple-impersonation",
            "asset-theft",
            "automated-scan",
            "banking-phishing",
            "blockchain-scam",
            "brand-impersonation",
            "browser-extension-installation",
            "california-dmv",
            "charity-scam",
            "child-exploitation",
            "cloaked-site",
            "colombia",
            "combosquatting",
            "counterfeit-goods",
            "credential-harvesting",
            "credit-card-theft",
            "crypto-scam",
            "crypto-trading",
            "cryptocurrency",
            "cryptocurrency-fraud",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-harvesting",
            "deceptive-content",
            "deceptive-lure",
            "deceptive-marketing",
            "deceptive-practices",
            "deceptive-redirect",
            "deceptive-redirects",
            "deceptive-retail",
            "deceptive-scam",
            "deceptive-software-download",
            "deceptive-survey",
            "directory-service",
            "domain-classification",
            "donation-scam",
            "email-phishing",
            "email-targeting",
            "evasive-maneuvers",
            "fake-exchange",
            "fake-investments",
            "fake-job-application",
            "fake-login",
            "fake-mining-pool",
            "fake-verification",
            "financial-fraud",
            "financial-loss",
            "financial-scam",
            "financial-service-impersonation",
            "financial-services",
            "financial-theft",
            "fraudulent-crypto-exchange",
            "fraudulent-fundraising",
            "fraudulent-platform",
            "gambling-scam",
            "game-lure",
            "gaming-impersonation",
            "gibberish-domain",
            "google-impersonation",
            "government-impersonation",
            "grayware",
            "high-risk",
            "high-risk-domain",
            "high-risk-gambling",
            "high-risk-tld",
            "high-risk-trading",
            "hyip",
            "identity-theft",
            "illegal-content",
            "impersonation",
            "information-collection",
            "investment-fraud",
            "investment-scam",
            "ip-logging",
            "kentucky",
            "lack-of-transparency",
            "lichousing",
            "link-in-bio",
            "lottery-scam",
            "lure-tactic",
            "malicious-payloads",
            "malicious-redirect",
            "malicious-redirection",
            "malicious-redirects",
            "malvertising",
            "malware-delivery",
            "malware-distribution",
            "manipulative-spreading",
            "mexc-impersonation",
            "mobile-malware",
            "nebula-x-usdt-storage-center",
            "new-domain",
            "new-platform",
            "newly-registered-domain",
            "nimblr-mailog",
            "olx-impersonation",
            "online-casino-scam",
            "online-fraud",
            "online-scam",
            "payment-harvesting",
            "personal-information-collection",
            "personal-information-harvesting",
            "personal-information-theft",
            "phishing",
            "phishing-content",
            "phishing-domain",
            "phishing-page",
            "phishing-site",
            "pig-butchering",
            "pig-butchering-scam",
            "play-to-earn",
            "ponzi-scheme",
            "pop-up-abuse",
            "postal-service-impersonation",
            "privacy-risk",
            "privacy-violation",
            "rat",
            "recent-domain",
            "recently-registered-domain",
            "redirect-chain",
            "redirect-cloaking",
            "redirector",
            "retail-ecommerce",
            "retail-scam",
            "scam",
            "scam-alert",
            "scam-pages",
            "scams",
            "security-scam",
            "snapchat-impersonation",
            "social-engineering",
            "social-media-scam",
            "social-media-targeting",
            "south-carolina",
            "steam-credentials",
            "suspicious-domain",
            "suspicious-domain-name",
            "suspicious-gateway",
            "suspicious-scripting",
            "throwaway-domain",
            "tiktok",
            "tiktok-impersonation",
            "tiktok-scam",
            "traffic-redirection",
            "twitter-impersonation",
            "typo-squatting",
            "typosquatting",
            "unauthorized-access",
            "unauthorized-tracking",
            "unrealistic-pricing",
            "unregulated-platform",
            "unverifiable-entities",
            "unverified-software",
            "unwanted-software",
            "url-shortener",
            "urlert",
            "verification-fraud",
            "voting-platform-impersonation",
            "wallet-theft",
            "watch-to-earn",
            "webcam-monitoring",
            "webcam-streaming-app",
            "webmail-login",
            "whatsapp-impersonation",
            "withdrawal-fraud",
            "withdrawal-scam",
            "workers-dev",
            "young-domain"
          ],
          "references": [
            "https://urlert.com/domain/472rapido.lol",
            "https://urlert.com/domain/acccat.com",
            "https://urlert.com/domain/adaface.us",
            "https://urlert.com/domain/advomate92.com",
            "https://urlert.com/domain/aidleyy.live",
            "https://urlert.com/domain/appinjects.com",
            "https://urlert.com/domain/autree.org",
            "https://urlert.com/domain/axama.org",
            "https://urlert.com/domain/backedstock.shop",
            "https://urlert.com/domain/backkmarket.com",
            "https://urlert.com/domain/base44.app",
            "https://urlert.com/domain/buyiphone.online",
            "https://urlert.com/domain/capri777.com",
            "https://urlert.com/domain/casajoys.com",
            "https://urlert.com/domain/chat-whatsapp.es",
            "https://urlert.com/domain/coinrtu.com",
            "https://urlert.com/domain/cryptor.plus",
            "https://urlert.com/domain/cs2cup.com",
            "https://urlert.com/domain/effectivegatecpm.com",
            "https://urlert.com/domain/fkg.cc"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Government",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Non-Profit",
            "Retail / E-Commerce"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 48,
            "URL": 50,
            "hostname": 14
          },
          "indicator_count": 112,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 29,
          "modified_text": "39 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://urlert.com/domain/chat-whatsapp.es",
        "https://urlert.com/domain/adaface.us",
        "https://urlert.com/domain/confirmare.store",
        "https://urlert.com/domain/capri777.com",
        "https://urlert.com/domain/apple-job-opportunities.com",
        "https://urlert.com/domain/cfbfpro.com",
        "https://urlert.com/domain/effectivegatecpm.com",
        "https://urlert.com/domain/cryptor.plus",
        "https://urlert.com/domain/callingsafe.com",
        "https://urlert.com/domain/challengermode.network",
        "https://urlert.com/domain/9mod.cloud",
        "https://urlert.com/domain/beauty-date-app.beauty",
        "https://urlert.com/domain/abre.ai",
        "https://urlert.com/domain/678940.com",
        "https://urlert.com/domain/cozyloftz.com",
        "https://urlert.com/domain/axama.org",
        "https://urlert.com/domain/binance-ltd.vip",
        "https://urlert.com/domain/asusnext.us",
        "https://urlert.com/domain/coinhako-m.com",
        "https://urlert.com/domain/eu.cc",
        "https://urlert.com/domain/dao-kd.com",
        "https://urlert.com/domain/autree.org",
        "https://urlert.com/domain/0nlyfans.es",
        "https://urlert.com/domain/buyiphone.online",
        "https://urlert.com/domain/elricat.co.uk",
        "https://urlert.com/domain/facebook.hk",
        "https://urlert.com/domain/correos-argentino.org",
        "https://urlert.com/domain/ankergames.net",
        "https://urlert.com/domain/ameli-gouv.com",
        "https://urlert.com/domain/campanie.promo",
        "https://urlert.com/domain/axionholdings.online",
        "https://urlert.com/domain/dadaoas.com",
        "https://urlert.com/domain/allwatch.id",
        "https://urlert.com/domain/demoteam.ch",
        "https://urlert.com/domain/coppii.com",
        "https://urlert.com/domain/geeduu.com",
        "https://urlert.com/domain/aidleyy.live",
        "https://urlert.com/domain/euprava-gov.lat",
        "https://urlert.com/domain/getmysocial.com",
        "https://urlert.com/domain/aceimg.com",
        "https://urlert.com/domain/cloudnext.pro",
        "https://urlert.com/domain/cs2challengemode.com",
        "https://urlert.com/domain/888-gpifc.vip",
        "https://urlert.com/domain/bookingil.com",
        "https://urlert.com/domain/cordilleralaserena.cl",
        "https://urlert.com/domain/clearentry.pro",
        "https://urlert.com/domain/472rapido.lol",
        "https://urlert.com/domain/bunnyband.com",
        "https://urlert.com/domain/booklng-dats.com",
        "https://urlert.com/domain/go2wa.cc",
        "https://urlert.com/domain/3fox.fun",
        "https://urlert.com/domain/chainvoltgrid.com",
        "https://urlert.com/domain/belladobe.com",
        "https://urlert.com/domain/activecampaign-team-support.com",
        "https://urlert.com/domain/dpd-lanviro.link",
        "https://urlert.com/domain/casajoys.com",
        "https://urlert.com/domain/bucara.my.id",
        "https://urlert.com/domain/google.com",
        "https://urlert.com/domain/ca-pageo.cyou",
        "https://urlert.com/domain/chara-gacha.com",
        "https://urlert.com/domain/apkresult.io",
        "https://urlert.com/domain/advomate92.com",
        "https://urlert.com/domain/flowtrackr.site",
        "https://urlert.com/domain/com-sasi.top",
        "https://urlert.com/domain/alert-micro.com",
        "https://urlert.com/domain/apidoge.com",
        "https://urlert.com/domain/cs2cup.com",
        "https://urlert.com/domain/coinrtu.com",
        "https://urlert.com/domain/ct.ws",
        "https://urlert.com/domain/discord-tracker.com",
        "https://urlert.com/domain/altriagroupformerlyphilipmorakfriscompanies.cfd",
        "https://urlert.com/domain/carziqo.net",
        "https://urlert.com/domain/appinjects.com",
        "https://urlert.com/domain/com-sart.top",
        "https://urlert.com/domain/es-long-rent-apartments-4567885553.homes",
        "https://urlert.com/domain/gamenuv.com",
        "https://urlert.com/domain/acsgri.xyz",
        "https://urlert.com/domain/amazonaws.com",
        "https://urlert.com/domain/com-conflrm-eu.com",
        "https://urlert.com/domain/cudasvc.com",
        "https://urlert.com/domain/dpdlocass.shop",
        "https://urlert.com/domain/compromisedblog.com",
        "https://urlert.com/domain/as6738.com",
        "https://urlert.com/domain/738833.com",
        "https://urlert.com/domain/acccat.com",
        "https://urlert.com/domain/httpps-www-roblox.co",
        "https://urlert.com/domain/citly.me",
        "https://urlert.com/domain/clck.ru",
        "https://urlert.com/domain/clarissaflorence.com",
        "https://urlert.com/domain/f09poypkdea3.com",
        "https://urlert.com/domain/base44.app",
        "https://urlert.com/domain/0lprvs.click",
        "https://urlert.com/domain/fkg.cc",
        "https://urlert.com/domain/backkmarket.com",
        "https://urlert.com/domain/dpdlocasa.shop",
        "https://urlert.com/domain/freefunhere.com",
        "https://urlert.com/domain/connectview.click",
        "https://urlert.com/domain/assureloans.ca",
        "https://urlert.com/domain/castrooutlet-il.shop",
        "https://urlert.com/domain/76whb36t.lat",
        "https://urlert.com/domain/buksuper.xyz",
        "https://urlert.com/domain/964235.help",
        "https://urlert.com/domain/homebnb.sbs",
        "https://urlert.com/domain/bnz-gov.cam",
        "https://urlert.com/domain/dattingrooms.com",
        "https://urlert.com/domain/backedstock.shop",
        "https://urlert.com/domain/amazonvtc.com",
        "https://urlert.com/domain/huighaverlag.nl",
        "https://urlert.com/domain/ca-pageo.web.id"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [
            "Retail / e-commerce",
            "Manufacturing",
            "Non-profit",
            "Real estate",
            "Hospitality",
            "Government",
            "Media / entertainment",
            "Education",
            "Technology",
            "Financial services",
            "Telecommunications",
            "Legal services",
            "Insurance",
            "Logistics / supply chain",
            "Automotive"
          ]
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 6,
  "pulses": [
    {
      "id": "69e96f2bc858014973680e1f",
      "name": "URLert Daily Threat Intel \u2014 2026-04-23",
      "description": "URLert Daily Threat Intel \u2014 2026-04-23\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 63 | Indicators: 117\nConfirmed: 18 | Likely: 43 | Domain intel: 2\nTop threats: Phishing (54), Malvertising (4), Dropper (2), Unknown (2), Malware Hosting (1)\nDomains: 0lprvs.click, abre.ai, bunnyband.com, ca-pageo.cyou, ca-pageo.web.id, chainvoltgrid.com, chara-gacha.com, citly.me, dpd-lanviro.link, dpdlocasa.shop, dpdlocass.shop, eu.cc, euprava-gov.lat...\n\n63 unique threats producing 117 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-23T00:06:10.121000",
      "created": "2026-04-23T01:00:27.807000",
      "tags": [
        "abuse-of-legitimate-service",
        "account-suspended",
        "action",
        "aggressive-ads",
        "airbnb",
        "airdrop-scam",
        "anonymized-infrastructure",
        "automated-scan",
        "brand-impersonation",
        "captcha-scam",
        "chrome-hearts",
        "cloaking",
        "cloudflare-protected",
        "credential-harvesting",
        "crypto-casino-scam",
        "crypto-mining-scam",
        "cryptocurrency",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-harvesting",
        "dating-scam",
        "deceptive-advertising",
        "deceptive-challenge",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-practices",
        "deceptive-tactics",
        "delivery-scam",
        "domain-classification",
        "dpd-impersonation",
        "dpd-local-impersonation",
        "dropshipping-scam",
        "e-commerce-fraud",
        "elon-musk-impersonation",
        "evasion",
        "evasion-technique",
        "fake-dating-service",
        "fake-discounts",
        "fake-engagement",
        "fake-giveaway",
        "fake-login-portal",
        "fake-registration",
        "fake-security-alert",
        "fake-verification",
        "financial-fraud",
        "financial-impersonation",
        "financial-scam",
        "financial-scheme",
        "financial-sector",
        "financial-service-impersonation",
        "fiverr-impersonation",
        "fraud-alert",
        "free-hosting",
        "fuel-voucher-scam",
        "game-downloads",
        "get-paid-to-scheme",
        "gibberish-domain",
        "giveaway-scam",
        "global-futures-options-limited",
        "google-docs-abuse",
        "government",
        "government-impersonation",
        "high-risk",
        "high-risk-alert",
        "high-risk-tld",
        "human-verification-scam",
        "impersonation",
        "information-collection",
        "information-harvesting",
        "information-theft",
        "investment-scam",
        "israel-post-impersonation",
        "linkvertise",
        "logistics-impersonation",
        "low-reputation",
        "low-reputation-domain",
        "lure",
        "macos-impersonation",
        "malicious-infrastructure",
        "malicious-payloads",
        "malicious-site",
        "malvertising",
        "malvertising-gateway",
        "malware-delivery",
        "malware-distribution",
        "mexc-impersonation",
        "mining-scam",
        "mobile-number-harvesting",
        "monetized-url-shortener",
        "new-domain",
        "newly-registered-domain",
        "ontario-government",
        "package-delivery-scam",
        "payment-information-harvesting",
        "peopleperhour-impersonation",
        "petrom",
        "phishing",
        "phishing-page",
        "phishing-risk",
        "phishing-site",
        "privilege-escalation",
        "random-domain",
        "redirect",
        "redirect-chain",
        "redirect-chains",
        "riskware",
        "roblox",
        "roblox-impersonation",
        "scam",
        "scam-allegations",
        "scam-lure",
        "scam-storefront",
        "serbia",
        "serviceontario",
        "social-engineering",
        "suspicious-domain",
        "targeted-phishing",
        "task-based-earning-scam",
        "task-based-scam",
        "task-scam",
        "tiktok-impersonation",
        "tracking-redirect",
        "traffic-redirection",
        "trojan",
        "typosquatting",
        "unwanted-software",
        "unwanted-software-distribution",
        "url-shortener",
        "urlert",
        "user-deception",
        "vgen-impersonation",
        "wallet-draining"
      ],
      "references": [
        "https://urlert.com/domain/0lprvs.click",
        "https://urlert.com/domain/abre.ai",
        "https://urlert.com/domain/bunnyband.com",
        "https://urlert.com/domain/ca-pageo.cyou",
        "https://urlert.com/domain/ca-pageo.web.id",
        "https://urlert.com/domain/chainvoltgrid.com",
        "https://urlert.com/domain/chara-gacha.com",
        "https://urlert.com/domain/citly.me",
        "https://urlert.com/domain/dpd-lanviro.link",
        "https://urlert.com/domain/dpdlocasa.shop",
        "https://urlert.com/domain/dpdlocass.shop",
        "https://urlert.com/domain/eu.cc",
        "https://urlert.com/domain/euprava-gov.lat",
        "https://urlert.com/domain/flowtrackr.site",
        "https://urlert.com/domain/geeduu.com",
        "https://urlert.com/domain/go2wa.cc",
        "https://urlert.com/domain/google.com",
        "https://urlert.com/domain/homebnb.sbs",
        "https://urlert.com/domain/httpps-www-roblox.co",
        "https://urlert.com/domain/huighaverlag.nl"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Government",
        "Hospitality",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 37,
        "URL": 40,
        "hostname": 13
      },
      "indicator_count": 90,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 32,
      "modified_text": "8 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69dee3140bd99e9baf014779",
      "name": "URLert Daily Threat Intel \u2014 2026-04-15",
      "description": "URLert Daily Threat Intel \u2014 2026-04-15\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 67 | Indicators: 121\nConfirmed: 20 | Likely: 43 | Domain intel: 4\nTop threats: Phishing (55), Malware Hosting (6), Dropper (3), Unknown (2), Malvertising (1)\nDomains: 0nlyfans.es, acccat.com, aceimg.com, alert-micro.com, allwatch.id, apidoge.com, asusnext.us, belladobe.com, bunnyband.com, carziqo.net, clearentry.pro, cloudnext.pro, cs2challengemode.com,...\n\n67 unique threats producing 121 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-15T00:53:50.005000",
      "created": "2026-04-15T01:00:04.655000",
      "tags": [
        "5eplay",
        "account-recovery-scam",
        "adult-content-lure",
        "affiliate-fraud",
        "aggressive-advertising",
        "aliexpress-impersonation",
        "allegro-impersonation",
        "apk-distribution",
        "automated-scan",
        "banking-credentials",
        "betting-scam",
        "brand-impersonation",
        "cfd-trading",
        "clickbait",
        "combosquatting",
        "credential-harvesting",
        "credit-card-harvesting",
        "credit-card-theft",
        "crypto-gambling",
        "cryptocurrency",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "dao-impersonation",
        "data-harvesting",
        "dating-scam",
        "deceptive-advertising",
        "deceptive-downloads",
        "deceptive-landing-page",
        "deceptive-marketing",
        "deceptive-redirect",
        "deceptive-redirects",
        "deceptive-scam",
        "deceptive-tactics",
        "delivery-scam",
        "document-sharing-phishing",
        "domain-classification",
        "ecommerce-scam",
        "elon-musk",
        "email-lookup",
        "email-redirect",
        "employment-scam",
        "esports-platform-impersonation",
        "explicit-content",
        "fake-app-store",
        "fake-mining",
        "fake-news",
        "fake-profiles",
        "fake-toll-notice",
        "fake-tracking",
        "file-distribution",
        "file-hosting",
        "financial-deception",
        "financial-fraud",
        "financial-phishing",
        "financial-scam",
        "fiverr",
        "fiverr-impersonation",
        "forex-trading",
        "fraudulent-investment",
        "fraudulent-platform",
        "fraudulent-website",
        "free-hosting-abuse",
        "freelancer-targeting",
        "game-scam",
        "gaming",
        "get-rich-quick",
        "gibberish-domain",
        "gift-card-scam",
        "google-impersonation",
        "government-impersonation",
        "h-and-m",
        "hetzner-hosting",
        "high-risk-tld",
        "hospitality-targeting",
        "income-scheme",
        "information-harvesting",
        "infostealer-logs",
        "investment-scam",
        "irish-government",
        "lead-generation",
        "link-shortener",
        "live-sports-streaming",
        "malicious-file-hosting",
        "malicious-redirection",
        "malware-distribution",
        "malware-hosting",
        "mexc-impersonation",
        "movie-download-scam",
        "mtn-impersonation",
        "mygovid",
        "new-domain",
        "newly-observed-domain",
        "newly-registered-domain",
        "online-banking",
        "online-gaming",
        "outlook-safelink",
        "payload-delivery",
        "payment-scam",
        "pentavida",
        "personal-information-collection",
        "phishing",
        "phishing-campaign",
        "phishing-infrastructure",
        "phishing-scam",
        "phishing-site",
        "phone-number-harvesting",
        "pig-butchering-scam",
        "ponzi-scheme",
        "privacy-risk",
        "pyramid-scheme",
        "raw-binary-serving",
        "redirect",
        "redirect-chain",
        "scam",
        "scam-allegations",
        "scam-landing-page",
        "seo-poisoning",
        "social-engineering",
        "social-media-scam",
        "software-piracy-scam",
        "spam",
        "spotahome",
        "spotify",
        "steam-credentials",
        "survey-scam",
        "suspicious-domain",
        "suspicious-infrastructure",
        "targeted-phishing",
        "task-based-earning-scam",
        "task-scam",
        "team-visma-lease-a-bike",
        "throwaway-domain",
        "trading-platform",
        "typosquatting",
        "unsolicited-messages",
        "unvetted-content",
        "urlert",
        "username-harvesting",
        "username-password-collection",
        "voucher-scam",
        "wallet-draining",
        "wanda-cinemas",
        "whatsapp-group-scam",
        "whatsapp-lure",
        "withdrawal-scam",
        "x-twitter"
      ],
      "references": [
        "https://urlert.com/domain/0nlyfans.es",
        "https://urlert.com/domain/acccat.com",
        "https://urlert.com/domain/aceimg.com",
        "https://urlert.com/domain/alert-micro.com",
        "https://urlert.com/domain/allwatch.id",
        "https://urlert.com/domain/apidoge.com",
        "https://urlert.com/domain/asusnext.us",
        "https://urlert.com/domain/belladobe.com",
        "https://urlert.com/domain/bunnyband.com",
        "https://urlert.com/domain/carziqo.net",
        "https://urlert.com/domain/clearentry.pro",
        "https://urlert.com/domain/cloudnext.pro",
        "https://urlert.com/domain/cs2challengemode.com",
        "https://urlert.com/domain/ct.ws",
        "https://urlert.com/domain/dao-kd.com",
        "https://urlert.com/domain/demoteam.ch",
        "https://urlert.com/domain/es-long-rent-apartments-4567885553.homes",
        "https://urlert.com/domain/freefunhere.com",
        "https://urlert.com/domain/geeduu.com",
        "https://urlert.com/domain/getmysocial.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Automotive",
        "Financial Services",
        "Government",
        "Hospitality",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Real Estate",
        "Retail / E-Commerce",
        "Technology",
        "Telecommunications"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 42,
        "hostname": 13,
        "URL": 43
      },
      "indicator_count": 98,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "16 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69dd91ae78f490fd44e82d33",
      "name": "URLert Daily Threat Intel \u2014 2026-04-14",
      "description": "URLert Daily Threat Intel \u2014 2026-04-14\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 67 | Indicators: 113\nConfirmed: 27 | Likely: 38 | Domain intel: 2\nTop threats: Phishing (49), Malware Hosting (12), Malvertising (3), Dropper (2), Exploit Kit (1)\nDomains: 738833.com, 888-gpifc.vip, 964235.help, 9mod.cloud, ankergames.net, appinjects.com, asusnext.us, binance-ltd.vip, bnz-gov.cam, bucara.my.id, bunnyband.com, challengermode.network, clck.ru,...\n\n67 unique threats producing 113 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-14T01:05:16.798000",
      "created": "2026-04-14T01:00:29.601000",
      "tags": [
        ".monster-tld",
        "abused-platform",
        "account-takeover",
        "account-theft",
        "ad-fraud",
        "adult-content-scam",
        "adult-dating-scam",
        "advance-fee-fraud",
        "ai-services",
        "android-malware",
        "anti-analysis",
        "apk-distribution",
        "apk-malware",
        "asset-theft",
        "automated-scan",
        "binance-impersonation",
        "brand-impersonation",
        "brazil",
        "broken-page",
        "carding",
        "city-of-vancouver",
        "click-jacking",
        "cloud-run",
        "combosquatting",
        "community-report",
        "content-locker",
        "counterfeit-domain",
        "credential-harvesting",
        "cryptocurrency",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-collection",
        "data-harvesting",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-interface",
        "deceptive-lure",
        "deceptive-page",
        "deceptive-platform",
        "deceptive-practices",
        "deceptive-redirects",
        "deceptive-site",
        "deceptive-url",
        "deceptive-verification",
        "developer-tools-blocking",
        "domain-classification",
        "e-commerce-fraud",
        "earning-scheme",
        "esports-targeting",
        "etsy-impersonation",
        "evasion",
        "evasion-tactics",
        "fake-android-app",
        "fake-app",
        "fake-domain",
        "fake-giveaway",
        "fake-online-store",
        "fake-platform",
        "fake-rewards",
        "fake-verification",
        "file-sharing",
        "file-sharing-impersonation",
        "financial-fraud",
        "financial-harvesting",
        "financial-scam",
        "fiverr",
        "fiverr-impersonation",
        "flhsmv-impersonation",
        "fraudulent-activity",
        "fraudulent-platform",
        "fraudulent-scheme",
        "free-fire",
        "gambling",
        "gambling-promotion",
        "game-cheats",
        "get-paid-to-scheme",
        "google-impersonation",
        "government-impersonation",
        "high-risk-domain",
        "high-risk-tld",
        "information-gathering",
        "information-harvesting",
        "intrusive-ads",
        "investment-management",
        "investment-scam",
        "jadlog-impersonation",
        "low-reputation",
        "malicious-landing-page",
        "malicious-redirect",
        "malicious-redirection",
        "malvertising",
        "malware",
        "malware-distribution",
        "malware-download",
        "malware-hosting",
        "malware-potential",
        "mexc-impersonation",
        "misleading-domain",
        "mobile-spyware",
        "modified-apps",
        "nebula-x",
        "netlify-abuse",
        "new-domain",
        "newly-registered-domain",
        "obfuscation",
        "payment-information-harvesting",
        "payment-scam",
        "personal-data-collection",
        "personal-information-collection",
        "personal-information-harvesting",
        "pet-scam",
        "phishing",
        "phishing-page",
        "phishing-scam",
        "phishing-site",
        "phishing-technique",
        "pirated-software",
        "ponzi-scheme",
        "puppy-scam",
        "recruitment-scam",
        "redirect",
        "redirect-chain",
        "revanced-impersonation",
        "roblox",
        "roblox-impersonation",
        "scam",
        "scam-campaign",
        "scam-lure",
        "scam-site",
        "serviceontario",
        "session-token",
        "shopping-cart-scam",
        "signup-page",
        "signup-scam",
        "social-engineering",
        "spam-promotion",
        "spoofed-domain",
        "spotify",
        "steam",
        "survey-scam",
        "suspicious-retailer",
        "suspicious-service-model",
        "task-based-earning-scam",
        "task-based-scam",
        "task-scam",
        "third-party-download",
        "toll-scam",
        "typosquatting",
        "unofficial-sources",
        "unwanted-software",
        "url-redirection",
        "url-shortener",
        "urlert",
        "usdt-storage",
        "user-manipulation",
        "virtual-tasks",
        "wallet-harvesting",
        "x-twitter",
        "zip-download"
      ],
      "references": [
        "https://urlert.com/domain/738833.com",
        "https://urlert.com/domain/888-gpifc.vip",
        "https://urlert.com/domain/964235.help",
        "https://urlert.com/domain/9mod.cloud",
        "https://urlert.com/domain/ankergames.net",
        "https://urlert.com/domain/appinjects.com",
        "https://urlert.com/domain/asusnext.us",
        "https://urlert.com/domain/binance-ltd.vip",
        "https://urlert.com/domain/bnz-gov.cam",
        "https://urlert.com/domain/bucara.my.id",
        "https://urlert.com/domain/bunnyband.com",
        "https://urlert.com/domain/challengermode.network",
        "https://urlert.com/domain/clck.ru",
        "https://urlert.com/domain/cloudnext.pro",
        "https://urlert.com/domain/dattingrooms.com",
        "https://urlert.com/domain/discord-tracker.com",
        "https://urlert.com/domain/elricat.co.uk",
        "https://urlert.com/domain/f09poypkdea3.com",
        "https://urlert.com/domain/facebook.hk",
        "https://urlert.com/domain/gamenuv.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Government",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 35,
        "URL": 40,
        "hostname": 13
      },
      "indicator_count": 88,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "17 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d84b940c380e7d4d3cf30c",
      "name": "URLert Daily Threat Intel \u2014 2026-04-10",
      "description": "URLert Daily Threat Intel \u2014 2026-04-10\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 100 | Indicators: 201\nConfirmed: 33 | Likely: 66 | Domain intel: 1\nTop threats: Phishing (89), Malware Hosting (4), Malvertising (3), Dropper (3), Unknown (1)\nDomains: 3fox.fun, 76whb36t.lat, activecampaign-team-support.com, altriagroupformerlyphilipmorakfriscompanies.cfd, amazonaws.com, ameli-gouv.com, apkresult.io, assureloans.ca, beauty-date-app.beaut...\n\n100 unique threats producing 201 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-09T21:51:12.227000",
      "created": "2026-04-10T01:00:04.155000",
      "tags": [
        "seur-impersonation",
        "abused-platform",
        "account-recovery-fraud",
        "account-recovery-scam",
        "account-takeover",
        "activecampaign",
        "adult-lure",
        "adult-scam",
        "advance-fee-scam",
        "advertising-scam",
        "affiliate-fraud",
        "anti-analysis",
        "asset-theft",
        "automated-scan",
        "booking-impersonation",
        "brand-impersonation",
        "browser-verification",
        "canada",
        "clickbait",
        "cloudflare-impersonation",
        "coinhako-impersonation",
        "combosquatting",
        "command-execution",
        "compromised-site",
        "constructconnect-impersonation",
        "credential-harvesting",
        "credit-card-harvesting",
        "crypto-casino",
        "crypto-drainer",
        "crypto-exchange",
        "crypto-scam",
        "cryptocurrency",
        "cryptocurrency-exchange",
        "cs2-tournament",
        "daft-ie",
        "daily-threat-intel",
        "dao",
        "data-harvesting",
        "dating-scam",
        "ddns",
        "deceptive-domain",
        "deceptive-notification",
        "deceptive-redirects",
        "deceptive-reward-scheme",
        "deceptive-scam",
        "deceptive-site",
        "deceptive-social-tool",
        "deceptive-tactics",
        "deceptive-url",
        "deceptive-widget",
        "delivery-exception-scam",
        "delivery-failure",
        "delivery-scam",
        "denmark",
        "depop",
        "discord-impersonation",
        "domain-classification",
        "dpd-impersonation",
        "dropshipping-scam",
        "e-commerce-scam",
        "email-phishing",
        "evasive-behavior",
        "executable-download",
        "fake-contest",
        "fake-dating-scam",
        "fake-delivery-notification",
        "fake-download",
        "fake-financial-institution",
        "fake-gifts",
        "fake-legal-document",
        "fake-login",
        "fake-offer",
        "fake-security-alert",
        "fake-security-check",
        "fake-store",
        "fake-survey",
        "fake-testimonials",
        "fake-voting-scam",
        "financial-fraud",
        "financial-scam",
        "fiverr-impersonation",
        "france",
        "fraudulent-platform",
        "free-hosting",
        "free-web-hosting",
        "gate-page",
        "generic-hosting",
        "georgia",
        "georgia-dds",
        "gibberish-domain",
        "gog-impersonation",
        "google-impersonation",
        "government-service",
        "grayware",
        "high-risk-extension",
        "high-risk-tld",
        "hospitality-scam",
        "identity-theft",
        "illegal-drugs",
        "illicit-marketplace",
        "imap-authentication-scam",
        "information-gathering",
        "investment-scam",
        "kaspersky",
        "loan-fee-scam",
        "loblaws",
        "logistics",
        "logistics-impersonation",
        "lookalike-domain",
        "malicious-links",
        "malicious-site",
        "malvertising",
        "malware-delivery",
        "malware-distribution",
        "malware-hosting",
        "mandarin-oriental",
        "meesho",
        "mexc-impersonation",
        "microsoft",
        "misspelled-domain",
        "modded-apk",
        "multi-stage-redirect",
        "nacex",
        "netlify-app",
        "new-domain",
        "newly-registered-domain",
        "obfuscated-javascript",
        "offer-scam",
        "olx",
        "olx-impersonation",
        "package-delivery-scam",
        "patreon-impersonation",
        "payload-delivery",
        "paywall-bypass",
        "personal-data-collection",
        "personal-data-harvesting",
        "personal-information-harvesting",
        "phishing",
        "phishing-landing-page",
        "phishing-page",
        "phishing-site",
        "pii-collection",
        "pii-harvesting",
        "pirated-software",
        "podcast-voting-impersonation",
        "ponzi-scheme",
        "pornographic-content-promotion",
        "prize-giveaway-scam",
        "profiling",
        "pyramid-scheme",
        "raiffeisen",
        "recent-domain",
        "recently-registered-domain",
        "recruitment-scheme",
        "redirect-chain",
        "retail-scam",
        "risky-tld",
        "roblox",
        "roblox-impersonation",
        "scam",
        "scam-landing-page",
        "scam-site",
        "sharepoint-impersonation",
        "shopify-redirect",
        "smartphone-scam",
        "social-engineering",
        "social-login-phishing",
        "spotify-impersonation",
        "steam",
        "steam-api-key",
        "stonex-impersonation",
        "suspicious-domain",
        "suspicious-redirects",
        "synology",
        "system-compromise",
        "tech-support-scam",
        "telegram",
        "trading-platform",
        "twitter-impersonation",
        "typosquatting",
        "unofficial-software",
        "unwanted-programs",
        "unwanted-software",
        "url-shortener",
        "urlert",
        "webex-impersonation",
        "young-domain",
        "youtube",
        "youtube-bots"
      ],
      "references": [
        "https://urlert.com/domain/3fox.fun",
        "https://urlert.com/domain/76whb36t.lat",
        "https://urlert.com/domain/activecampaign-team-support.com",
        "https://urlert.com/domain/altriagroupformerlyphilipmorakfriscompanies.cfd",
        "https://urlert.com/domain/amazonaws.com",
        "https://urlert.com/domain/ameli-gouv.com",
        "https://urlert.com/domain/apkresult.io",
        "https://urlert.com/domain/assureloans.ca",
        "https://urlert.com/domain/beauty-date-app.beauty",
        "https://urlert.com/domain/bookingil.com",
        "https://urlert.com/domain/callingsafe.com",
        "https://urlert.com/domain/campanie.promo",
        "https://urlert.com/domain/coinhako-m.com",
        "https://urlert.com/domain/confirmare.store",
        "https://urlert.com/domain/cordilleralaserena.cl",
        "https://urlert.com/domain/correos-argentino.org",
        "https://urlert.com/domain/cs2cup.com",
        "https://urlert.com/domain/ct.ws",
        "https://urlert.com/domain/cudasvc.com",
        "https://urlert.com/domain/dadaoas.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Government",
        "Hospitality",
        "Legal Services",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Real Estate",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 62,
        "URL": 64,
        "hostname": 28
      },
      "indicator_count": 154,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "21 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d6fa144bba9d675073150e",
      "name": "URLert Daily Threat Intel \u2014 2026-04-09",
      "description": "URLert Daily Threat Intel \u2014 2026-04-09\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 144 | Indicators: 278\nConfirmed: 40 | Likely: 100 | Domain intel: 4\nTop threats: Phishing (127), Malvertising (5), Malware Hosting (5), Dropper (4), Unknown (2)\nDomains: 678940.com, acsgri.xyz, amazonvtc.com, apple-job-opportunities.com, as6738.com, axionholdings.online, booklng-dats.com, buksuper.xyz, castrooutlet-il.shop, cfbfpro.com, clarissaflorence.co...\n\n144 unique threats producing 278 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-08T22:06:56.603000",
      "created": "2026-04-09T01:00:04.860000",
      "tags": [
        "seur",
        "abused-infrastructure",
        "account-hijacking",
        "account-login-impersonation",
        "acs-courier",
        "ad-blocker-bypass",
        "ad-revenue",
        "ad-revenue-scam",
        "adult-content",
        "adult-content-lure",
        "adult-content-scam",
        "adult-scam",
        "advance-fee-fraud",
        "affiliate-marketing-scam",
        "affiliate-redirect",
        "aged-domain",
        "aggressive-language",
        "airportparking-service",
        "amazon",
        "anti-analysis",
        "arkansas",
        "asset-theft",
        "automated-scan",
        "belgian-health-insurance-impersonation",
        "blank-page",
        "booking-com",
        "booking-com-impersonation",
        "brand-impersonation",
        "brand-in-subdomain",
        "brazil",
        "broken-template",
        "browser-exploit",
        "canada",
        "castro",
        "cloudflare",
        "cloudflare-impersonation",
        "cloudflared-blocked",
        "combosquatting",
        "compromised-site",
        "content-locker",
        "counterfeit-goods",
        "cracked-games",
        "credential-harvesting",
        "crypto-casino-scam",
        "crypto-com",
        "crypto-scam",
        "cryptocurrency",
        "cryptocurrency-investment-scam",
        "cryptocurrency-mining",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-harvesting",
        "dating-scam",
        "deception",
        "deceptive-advertising",
        "deceptive-content",
        "deceptive-dating-scam",
        "deceptive-distribution",
        "deceptive-domain",
        "deceptive-lead-generation",
        "deceptive-marketing",
        "deceptive-offer-walls",
        "deceptive-online-store",
        "deceptive-practices",
        "deceptive-promotion",
        "deceptive-prompts",
        "deceptive-redirect",
        "deceptive-security-check",
        "deceptive-site",
        "deceptive-template",
        "delivery-exception",
        "delivery-exception-scam",
        "delivery-scam",
        "discord-account-hijacking",
        "discord-impersonation",
        "disposable-infrastructure",
        "docsend-impersonation",
        "domain-age-misleading",
        "domain-classification",
        "dpd",
        "dpd-impersonation",
        "dpd-local",
        "e-commerce-scam",
        "education",
        "email-credentials",
        "email-harvesting",
        "employment-scam",
        "explicit-content",
        "fake-captcha",
        "fake-check-scam",
        "fake-fees",
        "fake-giveaway",
        "fake-login",
        "fake-payment",
        "fake-persona",
        "fake-prize",
        "fake-security-challenge",
        "fake-shop",
        "fake-storefront",
        "fake-survey",
        "fake-urgency",
        "fake-wallet",
        "fake-warning",
        "financial-fraud",
        "financial-impersonation",
        "financial-information-harvesting",
        "financial-information-theft",
        "financial-scam",
        "fortnite",
        "fortnite-lure",
        "fraud",
        "fraudulent-commerce",
        "fraudulent-domain",
        "fraudulent-exchange",
        "fraudulent-investment-scheme",
        "fraudulent-payment",
        "fraudulent-services",
        "fraudulent-subscriptions",
        "free-hosting",
        "free-movie-streaming-lure",
        "ftp",
        "game-cheats",
        "gamers",
        "georgia-dds",
        "gibberish-domain",
        "giveaway-scam",
        "google-safe-browsing",
        "government-impersonation",
        "groupon",
        "high-return-scam",
        "high-risk-tld",
        "hoka",
        "hookup-scam",
        "human-verification",
        "hyip",
        "identity-theft",
        "identity-verification-scam",
        "illinois",
        "information-harvesting",
        "insecure-protocol",
        "instagram",
        "installer-download",
        "investment-scam",
        "ipfs-gateway",
        "job-scam",
        "jotform-abuse",
        "large-scale-redirection",
        "lbank",
        "lead-generation",
        "link-shortener",
        "linkedin-impersonation",
        "loading-spinner",
        "logistics",
        "logistics-impersonation",
        "malicious-domain",
        "malicious-redirect",
        "malicious-redirects",
        "malicious-scripts",
        "malvertising",
        "malware-delivery",
        "malware-distribution",
        "malware-download",
        "malware-risk",
        "mexc-impersonation",
        "microsoft-impersonation",
        "microsoft-sharepoint",
        "mitm",
        "mobile-redirect",
        "multi-domain-redirect",
        "nc-dot-impersonation",
        "ncdot",
        "nebula-x",
        "new-domain",
        "newly-registered-domain",
        "north-carolina",
        "oauth-phishing",
        "obfuscated-redirects",
        "oklahoma-dps-impersonation",
        "okx",
        "olx",
        "online-gambling",
        "ontario",
        "pages-dev-abuse",
        "parking-citation",
        "paycity-impersonation",
        "payment-fraud",
        "payment-harvesting",
        "payment-information-harvesting",
        "payment-scam",
        "paypal-impersonation",
        "personal-information-collection",
        "personal-information-harvesting",
        "phishing",
        "phishing-attempt",
        "phishing-infrastructure",
        "phishing-kit",
        "phishing-scam",
        "phishing-site",
        "phishing-vector",
        "pig-butchering",
        "pirated-software",
        "ponzi-scheme",
        "privacy-violation",
        "pump-fun",
        "pyramid-scheme",
        "raiffeisen",
        "random-domain",
        "recently-registered-domain",
        "reconnaissance",
        "recruitment-scheme",
        "redirect",
        "redirect-chain",
        "redirect-cloaking",
        "registration-scam",
        "remote-task-scam",
        "repurposed-domain",
        "retail-scam",
        "riskware",
        "roblox",
        "roblox-impersonation",
        "robux-scam",
        "sameday-courier-impersonation",
        "scam",
        "scam-domain",
        "scam-funnel",
        "scam-platform",
        "security-bypass",
        "session-hijacking",
        "shadow-reporting",
        "shein",
        "shipping-fee-scam",
        "social-engineering",
        "software-executors",
        "software-piracy",
        "soundsquatting",
        "south-africa",
        "steam",
        "surge-sh",
        "survey-scam",
        "suspicious-domain",
        "suspicious-login",
        "suspicious-tld",
        "suspicious-traffic",
        "task-scam",
        "telegram",
        "texas",
        "tiktok",
        "tiktok-impersonation",
        "toll-scam",
        "tracksoptions-com",
        "traffic-citation",
        "tx-dmv",
        "typosquatting",
        "unauthorized-streaming",
        "universitatea-politehnica-timisoara",
        "unknown-payload",
        "unverified-apps",
        "unwanted-software",
        "unwanted-subscriptions",
        "url-obfuscation",
        "url-redirection",
        "urlert",
        "user-deception",
        "user-manipulation",
        "usps-impersonation",
        "vaultcord-impersonation",
        "vercel-subdomain",
        "vulnerability-scanning",
        "wabtec",
        "wallapop",
        "wallet-drainer",
        "wallet-phishing",
        "western-union-scam",
        "whatsapp-scam",
        "windows-installer",
        "withdrawal-scam",
        "zoom-impersonation"
      ],
      "references": [
        "https://urlert.com/domain/678940.com",
        "https://urlert.com/domain/acsgri.xyz",
        "https://urlert.com/domain/amazonvtc.com",
        "https://urlert.com/domain/apple-job-opportunities.com",
        "https://urlert.com/domain/as6738.com",
        "https://urlert.com/domain/axionholdings.online",
        "https://urlert.com/domain/booklng-dats.com",
        "https://urlert.com/domain/buksuper.xyz",
        "https://urlert.com/domain/castrooutlet-il.shop",
        "https://urlert.com/domain/cfbfpro.com",
        "https://urlert.com/domain/clarissaflorence.com",
        "https://urlert.com/domain/com-conflrm-eu.com",
        "https://urlert.com/domain/com-sart.top",
        "https://urlert.com/domain/com-sasi.top",
        "https://urlert.com/domain/compromisedblog.com",
        "https://urlert.com/domain/connectview.click",
        "https://urlert.com/domain/coppii.com",
        "https://urlert.com/domain/cozyloftz.com",
        "https://urlert.com/domain/cryptor.plus",
        "https://urlert.com/domain/ct.ws"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Financial Services",
        "Government",
        "Hospitality",
        "Insurance",
        "Logistics / Supply Chain",
        "Manufacturing",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 3,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 87,
        "URL": 89,
        "hostname": 41
      },
      "indicator_count": 217,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "22 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69c0909fb24fd2f82cdfa0f9",
      "name": "URLert Daily Threat Intel \u2014 2026-03-23",
      "description": "URLert Daily Threat Intel \u2014 2026-03-23\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 75 | Indicators: 135\nConfirmed: 26 | Likely: 46 | Domain intel: 3\nTop threats: Phishing (62), Unknown (5), Malvertising (4), Malware Hosting (2), RAT (1)\nDomains: 472rapido.lol, acccat.com, adaface.us, advomate92.com, aidleyy.live, appinjects.com, autree.org, axama.org, backedstock.shop, backkmarket.com, base44.app, buyiphone.online, capri777.com, c...\n\n75 unique threats producing 135 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-04-21T22:31:30.334000",
      "created": "2026-03-23T01:00:15.320000",
      "tags": [
        "ad-blocker-bypass",
        "adaface-impersonation",
        "adult-content-lure",
        "adware",
        "aggressive-marketing",
        "aggressive-tactics",
        "amazon-impersonation",
        "apk-distribution",
        "app-scam",
        "apple-impersonation",
        "asset-theft",
        "automated-scan",
        "banking-phishing",
        "blockchain-scam",
        "brand-impersonation",
        "browser-extension-installation",
        "california-dmv",
        "charity-scam",
        "child-exploitation",
        "cloaked-site",
        "colombia",
        "combosquatting",
        "counterfeit-goods",
        "credential-harvesting",
        "credit-card-theft",
        "crypto-scam",
        "crypto-trading",
        "cryptocurrency",
        "cryptocurrency-fraud",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-harvesting",
        "deceptive-content",
        "deceptive-lure",
        "deceptive-marketing",
        "deceptive-practices",
        "deceptive-redirect",
        "deceptive-redirects",
        "deceptive-retail",
        "deceptive-scam",
        "deceptive-software-download",
        "deceptive-survey",
        "directory-service",
        "domain-classification",
        "donation-scam",
        "email-phishing",
        "email-targeting",
        "evasive-maneuvers",
        "fake-exchange",
        "fake-investments",
        "fake-job-application",
        "fake-login",
        "fake-mining-pool",
        "fake-verification",
        "financial-fraud",
        "financial-loss",
        "financial-scam",
        "financial-service-impersonation",
        "financial-services",
        "financial-theft",
        "fraudulent-crypto-exchange",
        "fraudulent-fundraising",
        "fraudulent-platform",
        "gambling-scam",
        "game-lure",
        "gaming-impersonation",
        "gibberish-domain",
        "google-impersonation",
        "government-impersonation",
        "grayware",
        "high-risk",
        "high-risk-domain",
        "high-risk-gambling",
        "high-risk-tld",
        "high-risk-trading",
        "hyip",
        "identity-theft",
        "illegal-content",
        "impersonation",
        "information-collection",
        "investment-fraud",
        "investment-scam",
        "ip-logging",
        "kentucky",
        "lack-of-transparency",
        "lichousing",
        "link-in-bio",
        "lottery-scam",
        "lure-tactic",
        "malicious-payloads",
        "malicious-redirect",
        "malicious-redirection",
        "malicious-redirects",
        "malvertising",
        "malware-delivery",
        "malware-distribution",
        "manipulative-spreading",
        "mexc-impersonation",
        "mobile-malware",
        "nebula-x-usdt-storage-center",
        "new-domain",
        "new-platform",
        "newly-registered-domain",
        "nimblr-mailog",
        "olx-impersonation",
        "online-casino-scam",
        "online-fraud",
        "online-scam",
        "payment-harvesting",
        "personal-information-collection",
        "personal-information-harvesting",
        "personal-information-theft",
        "phishing",
        "phishing-content",
        "phishing-domain",
        "phishing-page",
        "phishing-site",
        "pig-butchering",
        "pig-butchering-scam",
        "play-to-earn",
        "ponzi-scheme",
        "pop-up-abuse",
        "postal-service-impersonation",
        "privacy-risk",
        "privacy-violation",
        "rat",
        "recent-domain",
        "recently-registered-domain",
        "redirect-chain",
        "redirect-cloaking",
        "redirector",
        "retail-ecommerce",
        "retail-scam",
        "scam",
        "scam-alert",
        "scam-pages",
        "scams",
        "security-scam",
        "snapchat-impersonation",
        "social-engineering",
        "social-media-scam",
        "social-media-targeting",
        "south-carolina",
        "steam-credentials",
        "suspicious-domain",
        "suspicious-domain-name",
        "suspicious-gateway",
        "suspicious-scripting",
        "throwaway-domain",
        "tiktok",
        "tiktok-impersonation",
        "tiktok-scam",
        "traffic-redirection",
        "twitter-impersonation",
        "typo-squatting",
        "typosquatting",
        "unauthorized-access",
        "unauthorized-tracking",
        "unrealistic-pricing",
        "unregulated-platform",
        "unverifiable-entities",
        "unverified-software",
        "unwanted-software",
        "url-shortener",
        "urlert",
        "verification-fraud",
        "voting-platform-impersonation",
        "wallet-theft",
        "watch-to-earn",
        "webcam-monitoring",
        "webcam-streaming-app",
        "webmail-login",
        "whatsapp-impersonation",
        "withdrawal-fraud",
        "withdrawal-scam",
        "workers-dev",
        "young-domain"
      ],
      "references": [
        "https://urlert.com/domain/472rapido.lol",
        "https://urlert.com/domain/acccat.com",
        "https://urlert.com/domain/adaface.us",
        "https://urlert.com/domain/advomate92.com",
        "https://urlert.com/domain/aidleyy.live",
        "https://urlert.com/domain/appinjects.com",
        "https://urlert.com/domain/autree.org",
        "https://urlert.com/domain/axama.org",
        "https://urlert.com/domain/backedstock.shop",
        "https://urlert.com/domain/backkmarket.com",
        "https://urlert.com/domain/base44.app",
        "https://urlert.com/domain/buyiphone.online",
        "https://urlert.com/domain/capri777.com",
        "https://urlert.com/domain/casajoys.com",
        "https://urlert.com/domain/chat-whatsapp.es",
        "https://urlert.com/domain/coinrtu.com",
        "https://urlert.com/domain/cryptor.plus",
        "https://urlert.com/domain/cs2cup.com",
        "https://urlert.com/domain/effectivegatecpm.com",
        "https://urlert.com/domain/fkg.cc"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Government",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Non-Profit",
        "Retail / E-Commerce"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 48,
        "URL": 50,
        "hostname": 14
      },
      "indicator_count": 112,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 29,
      "modified_text": "39 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "geeduu.com",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "geeduu.com",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780242632.3203049
}