{
  "type": "URL",
  "indicator": "https://ca.zakgf.life/dmv/",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://ca.zakgf.life/dmv/",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 4281562327,
      "indicator": "https://ca.zakgf.life/dmv/",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 1,
      "pulses": [
        {
          "id": "69c333aacf8fedcd36832138",
          "name": "URLert Daily Threat Intel \u2014 2026-03-25",
          "description": "URLert Daily Threat Intel \u2014 2026-03-25\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 79 | Indicators: 140\nConfirmed: 27 | Likely: 48 | Domain intel: 4\nTop threats: Phishing (66), Dropper (5), Unknown (4), Malware Hosting (3), C2 Infrastructure (1)\nDomains: 571084.xin, 9990.site, app.link, appwrite.network, arcworld.one, aviatorfine.com, beetrade.me, bit.ly, bonanza-gha.work, casajoys.com, compromisedblog.com, cryptor.plus, daily777ween666.co...\n\n79 unique threats producing 140 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-04-23T20:57:23.519000",
          "created": "2026-03-25T01:00:26.546000",
          "tags": [
            ".cc-tld",
            "abuse-platform",
            "adult-content",
            "adult-scam",
            "affiliate-marketing",
            "aggressive-popups",
            "anti-analysis",
            "ar24-impersonation",
            "automated-scan",
            "blackmail-tool",
            "bonanza-impersonation",
            "brand-impersonation",
            "burn-site",
            "california-dmv",
            "certificate-mismatch",
            "chile",
            "cnn-impersonation",
            "combosquatting",
            "command-and-control",
            "compromised-site",
            "copec",
            "copec-impersonation",
            "credential-harvesting",
            "credit-card-theft",
            "crypto-investment-scam",
            "crypto-scam",
            "cryptocurrency",
            "cryptocurrency-fraud",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-collection",
            "data-exfiltration",
            "data-harvesting",
            "data-theft",
            "deceptive-claims",
            "deceptive-content",
            "deceptive-landing-page",
            "deceptive-marketing",
            "deceptive-practices",
            "deceptive-reward-site",
            "deceptive-rewards",
            "deceptive-site",
            "deceptive-social-viewer",
            "deceptive-tactics",
            "digital-currency-theft",
            "dmv-impersonation",
            "document-sharing-impersonation",
            "domain-classification",
            "domain-rotation",
            "drive-by-download",
            "e-commerce-scam",
            "email-phishing",
            "evasion",
            "exit-scam",
            "facebook-messenger",
            "fake-login",
            "fake-login-portal",
            "fake-offer",
            "fake-phone-number",
            "fake-retail",
            "fake-toll-charge",
            "fake-verification",
            "financial-data-harvesting",
            "financial-fraud",
            "financial-scam",
            "financial-services-impersonation",
            "forced-download",
            "forepaas",
            "forepaas-impersonation",
            "fraudulent-deposits",
            "fraudulent-investment",
            "fraudulent-store",
            "fraudulent-website",
            "gambling-promotion",
            "gambling-scam",
            "gambling-site",
            "game-resource-generator",
            "gibberish-domain",
            "gmail-impersonation",
            "government-impersonation",
            "high-risk-gambling",
            "high-risk-tld",
            "high-traffic",
            "impersonation",
            "instagram-impersonation",
            "investment-scam",
            "kyc-fraud",
            "lead-generation",
            "litellm-malware",
            "login-page",
            "low-reputation-domain",
            "malicious-download",
            "malicious-redirect",
            "malicious-redirection",
            "malicious-redirects",
            "malicious-site",
            "malicious-url",
            "malware-distribution",
            "malware-download",
            "malware-dropper",
            "mfa-harvesting",
            "microsoft",
            "microsoft-defender-flagged",
            "myprotein",
            "nebula-x",
            "new-domain",
            "newly-registered-domain",
            "no-customer-support",
            "obscure-site",
            "online-casino-scam",
            "package-delivery-scam",
            "payment-information-theft",
            "payment-scam",
            "personal-information-theft",
            "phishing",
            "phishing-campaign",
            "phishing-gateway",
            "phishing-site",
            "phone-number-harvesting",
            "pii-collection",
            "pirated-games",
            "pop-mart-impersonation",
            "price-scam",
            "privacy-risk",
            "privacy-violation",
            "quickbooks",
            "redirect",
            "redirect-chain",
            "redirect-cloaking",
            "redirect-service",
            "redirection",
            "redirector",
            "redirects",
            "reverb-impersonation",
            "risky-url",
            "rug-pull",
            "sars-impersonation",
            "scam",
            "social-engineering",
            "social-media-abuse",
            "social-media-campaign",
            "social-media-scam",
            "social-media-scams",
            "south-africa",
            "spam-distribution",
            "spotify-impersonation",
            "streaming-service-scam",
            "subscription-scam",
            "supply-chain-attack",
            "support-scam",
            "surveillance",
            "suspicious-domain",
            "taplink-abuse",
            "task-scam",
            "tencent-hosting",
            "third-party-data-sharing",
            "throwaway-domain",
            "tracking",
            "tracking-url",
            "typosquatting",
            "unaccountable-infrastructure",
            "unauthorized-software",
            "undelivered-goods",
            "unlicensed-gambling",
            "unrealistic-pricing",
            "unreleased-products",
            "unsecured-file-sharing",
            "unwanted-software",
            "url-cloaking",
            "url-shortener",
            "urlert",
            "usdt",
            "usdt-scam",
            "user-manipulation",
            "vpn-impersonation",
            "webcam-capture",
            "webcam-tracking",
            "weebly-abuse",
            "xvideos-impersonation",
            "zero-day-registration"
          ],
          "references": [
            "https://urlert.com/domain/571084.xin",
            "https://urlert.com/domain/9990.site",
            "https://urlert.com/domain/app.link",
            "https://urlert.com/domain/appwrite.network",
            "https://urlert.com/domain/arcworld.one",
            "https://urlert.com/domain/aviatorfine.com",
            "https://urlert.com/domain/beetrade.me",
            "https://urlert.com/domain/bit.ly",
            "https://urlert.com/domain/bonanza-gha.work",
            "https://urlert.com/domain/casajoys.com",
            "https://urlert.com/domain/compromisedblog.com",
            "https://urlert.com/domain/cryptor.plus",
            "https://urlert.com/domain/daily777ween666.com",
            "https://urlert.com/domain/dpoiq.life",
            "https://urlert.com/domain/e.vg",
            "https://urlert.com/domain/effectivegatecpm.com",
            "https://urlert.com/domain/explodely.com",
            "https://urlert.com/domain/extravagant-streaming.life",
            "https://urlert.com/domain/fedexredeliveryform.com",
            "https://urlert.com/domain/fgl.cc"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Energy",
            "Financial Services",
            "Government",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 37,
            "hostname": 15,
            "URL": 36
          },
          "indicator_count": 88,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 31,
          "modified_text": "37 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://urlert.com/domain/bonanza-gha.work",
        "https://urlert.com/domain/9990.site",
        "https://urlert.com/domain/bit.ly",
        "https://urlert.com/domain/dpoiq.life",
        "https://urlert.com/domain/e.vg",
        "https://urlert.com/domain/effectivegatecpm.com",
        "https://urlert.com/domain/appwrite.network",
        "https://urlert.com/domain/aviatorfine.com",
        "https://urlert.com/domain/beetrade.me",
        "https://urlert.com/domain/arcworld.one",
        "https://urlert.com/domain/fedexredeliveryform.com",
        "https://urlert.com/domain/daily777ween666.com",
        "https://urlert.com/domain/app.link",
        "https://urlert.com/domain/casajoys.com",
        "https://urlert.com/domain/compromisedblog.com",
        "https://urlert.com/domain/cryptor.plus",
        "https://urlert.com/domain/fgl.cc",
        "https://urlert.com/domain/explodely.com",
        "https://urlert.com/domain/571084.xin",
        "https://urlert.com/domain/extravagant-streaming.life"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [
            "Energy",
            "Retail / e-commerce",
            "Government",
            "Logistics / supply chain",
            "Media / entertainment",
            "Technology",
            "Financial services"
          ],
          "unique_indicators": 133
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/zakgf.life",
    "whois": "http://whois.domaintools.com/zakgf.life",
    "domain": "zakgf.life",
    "hostname": "ca.zakgf.life"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 1,
  "pulses": [
    {
      "id": "69c333aacf8fedcd36832138",
      "name": "URLert Daily Threat Intel \u2014 2026-03-25",
      "description": "URLert Daily Threat Intel \u2014 2026-03-25\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 79 | Indicators: 140\nConfirmed: 27 | Likely: 48 | Domain intel: 4\nTop threats: Phishing (66), Dropper (5), Unknown (4), Malware Hosting (3), C2 Infrastructure (1)\nDomains: 571084.xin, 9990.site, app.link, appwrite.network, arcworld.one, aviatorfine.com, beetrade.me, bit.ly, bonanza-gha.work, casajoys.com, compromisedblog.com, cryptor.plus, daily777ween666.co...\n\n79 unique threats producing 140 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-04-23T20:57:23.519000",
      "created": "2026-03-25T01:00:26.546000",
      "tags": [
        ".cc-tld",
        "abuse-platform",
        "adult-content",
        "adult-scam",
        "affiliate-marketing",
        "aggressive-popups",
        "anti-analysis",
        "ar24-impersonation",
        "automated-scan",
        "blackmail-tool",
        "bonanza-impersonation",
        "brand-impersonation",
        "burn-site",
        "california-dmv",
        "certificate-mismatch",
        "chile",
        "cnn-impersonation",
        "combosquatting",
        "command-and-control",
        "compromised-site",
        "copec",
        "copec-impersonation",
        "credential-harvesting",
        "credit-card-theft",
        "crypto-investment-scam",
        "crypto-scam",
        "cryptocurrency",
        "cryptocurrency-fraud",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-collection",
        "data-exfiltration",
        "data-harvesting",
        "data-theft",
        "deceptive-claims",
        "deceptive-content",
        "deceptive-landing-page",
        "deceptive-marketing",
        "deceptive-practices",
        "deceptive-reward-site",
        "deceptive-rewards",
        "deceptive-site",
        "deceptive-social-viewer",
        "deceptive-tactics",
        "digital-currency-theft",
        "dmv-impersonation",
        "document-sharing-impersonation",
        "domain-classification",
        "domain-rotation",
        "drive-by-download",
        "e-commerce-scam",
        "email-phishing",
        "evasion",
        "exit-scam",
        "facebook-messenger",
        "fake-login",
        "fake-login-portal",
        "fake-offer",
        "fake-phone-number",
        "fake-retail",
        "fake-toll-charge",
        "fake-verification",
        "financial-data-harvesting",
        "financial-fraud",
        "financial-scam",
        "financial-services-impersonation",
        "forced-download",
        "forepaas",
        "forepaas-impersonation",
        "fraudulent-deposits",
        "fraudulent-investment",
        "fraudulent-store",
        "fraudulent-website",
        "gambling-promotion",
        "gambling-scam",
        "gambling-site",
        "game-resource-generator",
        "gibberish-domain",
        "gmail-impersonation",
        "government-impersonation",
        "high-risk-gambling",
        "high-risk-tld",
        "high-traffic",
        "impersonation",
        "instagram-impersonation",
        "investment-scam",
        "kyc-fraud",
        "lead-generation",
        "litellm-malware",
        "login-page",
        "low-reputation-domain",
        "malicious-download",
        "malicious-redirect",
        "malicious-redirection",
        "malicious-redirects",
        "malicious-site",
        "malicious-url",
        "malware-distribution",
        "malware-download",
        "malware-dropper",
        "mfa-harvesting",
        "microsoft",
        "microsoft-defender-flagged",
        "myprotein",
        "nebula-x",
        "new-domain",
        "newly-registered-domain",
        "no-customer-support",
        "obscure-site",
        "online-casino-scam",
        "package-delivery-scam",
        "payment-information-theft",
        "payment-scam",
        "personal-information-theft",
        "phishing",
        "phishing-campaign",
        "phishing-gateway",
        "phishing-site",
        "phone-number-harvesting",
        "pii-collection",
        "pirated-games",
        "pop-mart-impersonation",
        "price-scam",
        "privacy-risk",
        "privacy-violation",
        "quickbooks",
        "redirect",
        "redirect-chain",
        "redirect-cloaking",
        "redirect-service",
        "redirection",
        "redirector",
        "redirects",
        "reverb-impersonation",
        "risky-url",
        "rug-pull",
        "sars-impersonation",
        "scam",
        "social-engineering",
        "social-media-abuse",
        "social-media-campaign",
        "social-media-scam",
        "social-media-scams",
        "south-africa",
        "spam-distribution",
        "spotify-impersonation",
        "streaming-service-scam",
        "subscription-scam",
        "supply-chain-attack",
        "support-scam",
        "surveillance",
        "suspicious-domain",
        "taplink-abuse",
        "task-scam",
        "tencent-hosting",
        "third-party-data-sharing",
        "throwaway-domain",
        "tracking",
        "tracking-url",
        "typosquatting",
        "unaccountable-infrastructure",
        "unauthorized-software",
        "undelivered-goods",
        "unlicensed-gambling",
        "unrealistic-pricing",
        "unreleased-products",
        "unsecured-file-sharing",
        "unwanted-software",
        "url-cloaking",
        "url-shortener",
        "urlert",
        "usdt",
        "usdt-scam",
        "user-manipulation",
        "vpn-impersonation",
        "webcam-capture",
        "webcam-tracking",
        "weebly-abuse",
        "xvideos-impersonation",
        "zero-day-registration"
      ],
      "references": [
        "https://urlert.com/domain/571084.xin",
        "https://urlert.com/domain/9990.site",
        "https://urlert.com/domain/app.link",
        "https://urlert.com/domain/appwrite.network",
        "https://urlert.com/domain/arcworld.one",
        "https://urlert.com/domain/aviatorfine.com",
        "https://urlert.com/domain/beetrade.me",
        "https://urlert.com/domain/bit.ly",
        "https://urlert.com/domain/bonanza-gha.work",
        "https://urlert.com/domain/casajoys.com",
        "https://urlert.com/domain/compromisedblog.com",
        "https://urlert.com/domain/cryptor.plus",
        "https://urlert.com/domain/daily777ween666.com",
        "https://urlert.com/domain/dpoiq.life",
        "https://urlert.com/domain/e.vg",
        "https://urlert.com/domain/effectivegatecpm.com",
        "https://urlert.com/domain/explodely.com",
        "https://urlert.com/domain/extravagant-streaming.life",
        "https://urlert.com/domain/fedexredeliveryform.com",
        "https://urlert.com/domain/fgl.cc"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Energy",
        "Financial Services",
        "Government",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 37,
        "hostname": 15,
        "URL": 36
      },
      "indicator_count": 88,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 31,
      "modified_text": "37 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://ca.zakgf.life/dmv/",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://ca.zakgf.life/dmv/",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780215728.8032691
}