{ "type": "URL", "indicator": "https://lu-retrofacturation.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://lu-retrofacturation.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4335661936, "indicator": "https://lu-retrofacturation.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "69fbf5acb6f31302f9e2df7c", "name": "IOC - Operation Road Trap: Fake toll and parking texts are spreading worldwide", "description": "", "modified": "2026-05-07T02:15:08.142000", "created": "2026-05-07T02:15:08.142000", "tags": [ "colombia", "india", "linkt", "canada", "australia", "france", "spain", "brazil", "ireland", "california", "april", "police", "download", "webview", "android" ], "references": [ "https://www.bitdefender.com/en-us/blog/labs/operation-road-trap" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1102.002", "name": "Bidirectional Communication", "display_name": "T1102.002 - Bidirectional Communication" }, { "id": "T1102.003", "name": "One-Way Communication", "display_name": "T1102.003 - One-Way Communication" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1476", "name": "Deliver Malicious App via Other Means", "display_name": "T1476 - Deliver Malicious App via Other Means" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" } ], "industries": [], "TLP": "green", "cloned_from": "69f343dc44231b420b31a2b0", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "FileHash-SHA1": 4, "FileHash-SHA256": 4, "URL": 6, "domain": 9, "hostname": 4 }, "indicator_count": 37, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f343dc44231b420b31a2b0", "name": "Operation Road Trap: Fake toll and parking texts are spreading worldwide", "description": "A recent smishing campaign, dubbed Operation Road Trap, targets drivers across twelve countries, employing fraudulent messages designed to pressure victims into submitting personal information or financial details. The scammers impersonate transport authorities, toll operators, and parking services, often claiming that the recipient has unpaid fines or tickets. The messages create a sense of urgency by threatening exacerbating consequences, such as fees or legal actions, and include links to websites that mimic legitimate payment portals.", "modified": "2026-04-30T11:58:20.587000", "created": "2026-04-30T11:58:20.587000", "tags": [ "colombia", "india", "linkt", "canada", "australia", "france", "spain", "brazil", "ireland", "california", "april", "police", "download", "webview", "android" ], "references": [ "https://www.bitdefender.com/en-us/blog/labs/operation-road-trap" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1102.002", "name": "Bidirectional Communication", "display_name": "T1102.002 - Bidirectional Communication" }, { "id": "T1102.003", "name": "One-Way Communication", "display_name": "T1102.003 - One-Way Communication" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1476", "name": "Deliver Malicious App via Other Means", "display_name": "T1476 - Deliver Malicious App via Other Means" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "FileHash-SHA1": 4, "FileHash-SHA256": 4, "URL": 6, "domain": 9, "hostname": 4 }, "indicator_count": 37, "is_author": false, "is_subscribing": null, "subscriber_count": 540, "modified_text": "31 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.bitdefender.com/en-us/blog/labs/operation-road-trap" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 37 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/lu-retrofacturation.com", "whois": "http://whois.domaintools.com/lu-retrofacturation.com", "domain": "lu-retrofacturation.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "69fbf5acb6f31302f9e2df7c", "name": "IOC - Operation Road Trap: Fake toll and parking texts are spreading worldwide", "description": "", "modified": "2026-05-07T02:15:08.142000", "created": "2026-05-07T02:15:08.142000", "tags": [ "colombia", "india", "linkt", "canada", "australia", "france", "spain", "brazil", "ireland", "california", "april", "police", "download", "webview", "android" ], "references": [ "https://www.bitdefender.com/en-us/blog/labs/operation-road-trap" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1102.002", "name": "Bidirectional Communication", "display_name": "T1102.002 - Bidirectional Communication" }, { "id": "T1102.003", "name": "One-Way Communication", "display_name": "T1102.003 - One-Way Communication" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1476", "name": "Deliver Malicious App via Other Means", "display_name": "T1476 - Deliver Malicious App via Other Means" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" } ], "industries": [], "TLP": "green", "cloned_from": "69f343dc44231b420b31a2b0", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "FileHash-SHA1": 4, "FileHash-SHA256": 4, "URL": 6, "domain": 9, "hostname": 4 }, "indicator_count": 37, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f343dc44231b420b31a2b0", "name": "Operation Road Trap: Fake toll and parking texts are spreading worldwide", "description": "A recent smishing campaign, dubbed Operation Road Trap, targets drivers across twelve countries, employing fraudulent messages designed to pressure victims into submitting personal information or financial details. The scammers impersonate transport authorities, toll operators, and parking services, often claiming that the recipient has unpaid fines or tickets. The messages create a sense of urgency by threatening exacerbating consequences, such as fees or legal actions, and include links to websites that mimic legitimate payment portals.", "modified": "2026-04-30T11:58:20.587000", "created": "2026-04-30T11:58:20.587000", "tags": [ "colombia", "india", "linkt", "canada", "australia", "france", "spain", "brazil", "ireland", "california", "april", "police", "download", "webview", "android" ], "references": [ "https://www.bitdefender.com/en-us/blog/labs/operation-road-trap" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1102.002", "name": "Bidirectional Communication", "display_name": "T1102.002 - Bidirectional Communication" }, { "id": "T1102.003", "name": "One-Way Communication", "display_name": "T1102.003 - One-Way Communication" }, { "id": "T1111", "name": "Two-Factor Authentication Interception", "display_name": "T1111 - Two-Factor Authentication Interception" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1476", "name": "Deliver Malicious App via Other Means", "display_name": "T1476 - Deliver Malicious App via Other Means" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "FileHash-SHA1": 4, "FileHash-SHA256": 4, "URL": 6, "domain": 9, "hostname": 4 }, "indicator_count": 37, "is_author": false, "is_subscribing": null, "subscriber_count": 540, "modified_text": "31 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://lu-retrofacturation.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://lu-retrofacturation.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780246195.2711663 }