{
  "type": "URL",
  "indicator": "https://nacex-h.eu.cc/es",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://nacex-h.eu.cc/es",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 4346952078,
      "indicator": "https://nacex-h.eu.cc/es",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 1,
      "pulses": [
        {
          "id": "69fbe42d3036ddb4296481a3",
          "name": "URLert Daily Threat Intel \u2014 2026-05-07",
          "description": "URLert Daily Threat Intel \u2014 2026-05-07\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 49 | Indicators: 89\nConfirmed: 12 | Likely: 37\nTop threats: Phishing (38), Malware Hosting (5), Malvertising (3), Dropper (3)\nDomains: 5346815.help, apps.dj, bloomberginterviews.com, cfnfatprnttody.com, cineby.sc, com-long-5232054ff45.com, ct.ws, eu.cc, facebook.com, forms.gle, fut.ac, glydere.org, google.com, gvufwlo.top...\n\n49 unique threats producing 89 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-07T01:00:29.543000",
          "created": "2026-05-07T01:00:29.543000",
          "tags": [
            "adult-content",
            "adult-content-lure",
            "adult-scam",
            "aldi-impersonation",
            "android-malware",
            "anubis",
            "apk-distribution",
            "automated-scan",
            "bloomberg-impersonation",
            "booking-com-impersonation",
            "brand-impersonation",
            "browser-locking",
            "clickbait-scam",
            "cloaking",
            "content-locker",
            "copyright-infringement",
            "costco",
            "credential-harvesting",
            "crepes-and-waffles",
            "daily-threat-intel",
            "data-collection",
            "dating-scam",
            "deceptive-ai-persona",
            "deceptive-campaigns",
            "deceptive-download",
            "deceptive-page",
            "deceptive-practices",
            "deceptive-redirect",
            "deceptive-scam",
            "deceptive-site",
            "disruptive-behavior",
            "dm",
            "dropper",
            "e-commerce-scam",
            "ea-sports",
            "education-scam",
            "email-harvesting",
            "evasion-tactic",
            "evasion-technique",
            "fake-giveaway",
            "fake-rewards",
            "fake-security-check",
            "fake-security-checkpoint",
            "fake-security-verification",
            "fake-store",
            "fake-survey",
            "fake-toll-charge",
            "fake-toll-scam",
            "fc26",
            "financial-fraud",
            "financial-scam",
            "fraud",
            "fraudulent-dating-services",
            "free-hosting",
            "gaming",
            "georgia-department-of-driver-services",
            "google-drive-impersonation",
            "google-forms-abuse",
            "google-impersonation",
            "government-impersonation",
            "imdb-impersonation",
            "information-theft",
            "investment-scam",
            "jollibee",
            "logistics-sector",
            "malicious-infrastructure",
            "malicious-redirect",
            "malicious-redirection",
            "malicious-redirects",
            "malvertising",
            "malware-delivery",
            "malware-distribution",
            "malware-vector",
            "medical-lure",
            "mercadolivre",
            "mexico-city",
            "microsoft",
            "microsoft-impersonation",
            "mobile-billing-scam",
            "modified-apk",
            "nacex-impersonation",
            "new-domain",
            "newly-registered-domain",
            "obfuscated-download",
            "parking-fine",
            "payment-information-harvesting",
            "payment-scam",
            "personal-information-harvesting",
            "phishing",
            "phishing-site",
            "phone-number-harvesting",
            "piracy",
            "premium-rate-sms",
            "premium-unlocked",
            "prize-scam",
            "proxy-detection-message",
            "questionnaire-scam",
            "random-domain",
            "redirect-chain",
            "redirects",
            "retail-scam",
            "scam",
            "scam-campaign",
            "scam-funnel",
            "scam-infrastructure",
            "scam-site",
            "social-engineering",
            "spotify-impersonation",
            "steam",
            "streaming-scam",
            "survey-scam",
            "suspicious-apk",
            "suspicious-domain",
            "suspicious-redirect",
            "t-mobile",
            "travel-scam",
            "typo-squatting",
            "typosquatting",
            "unofficial-app-distribution",
            "unrealistic-pricing",
            "url-shortener",
            "urlert",
            "user-manipulation",
            "weebly",
            "weebly-hosting"
          ],
          "references": [
            "https://urlert.com/domain/5346815.help",
            "https://urlert.com/domain/apps.dj",
            "https://urlert.com/domain/bloomberginterviews.com",
            "https://urlert.com/domain/cfnfatprnttody.com",
            "https://urlert.com/domain/cineby.sc",
            "https://urlert.com/domain/com-long-5232054ff45.com",
            "https://urlert.com/domain/ct.ws",
            "https://urlert.com/domain/eu.cc",
            "https://urlert.com/domain/facebook.com",
            "https://urlert.com/domain/forms.gle",
            "https://urlert.com/domain/fut.ac",
            "https://urlert.com/domain/glydere.org",
            "https://urlert.com/domain/google.com",
            "https://urlert.com/domain/gvufwlo.top",
            "https://urlert.com/domain/heiut.top",
            "https://urlert.com/domain/humus.cam",
            "https://urlert.com/domain/jaexu.top",
            "https://urlert.com/domain/jitola.top",
            "https://urlert.com/domain/kluspz.com",
            "https://urlert.com/domain/ligshtshot.site"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Financial Services",
            "Government",
            "Healthcare",
            "Hospitality",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 25,
            "URL": 41,
            "hostname": 15
          },
          "indicator_count": 81,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 29,
          "modified_text": "25 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://urlert.com/domain/facebook.com",
        "https://urlert.com/domain/kluspz.com",
        "https://urlert.com/domain/eu.cc",
        "https://urlert.com/domain/glydere.org",
        "https://urlert.com/domain/humus.cam",
        "https://urlert.com/domain/google.com",
        "https://urlert.com/domain/5346815.help",
        "https://urlert.com/domain/jaexu.top",
        "https://urlert.com/domain/forms.gle",
        "https://urlert.com/domain/apps.dj",
        "https://urlert.com/domain/ct.ws",
        "https://urlert.com/domain/heiut.top",
        "https://urlert.com/domain/cineby.sc",
        "https://urlert.com/domain/fut.ac",
        "https://urlert.com/domain/jitola.top",
        "https://urlert.com/domain/cfnfatprnttody.com",
        "https://urlert.com/domain/bloomberginterviews.com",
        "https://urlert.com/domain/gvufwlo.top",
        "https://urlert.com/domain/ligshtshot.site",
        "https://urlert.com/domain/com-long-5232054ff45.com"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [
            "Hospitality",
            "Technology",
            "Healthcare",
            "Logistics / supply chain",
            "Education",
            "Media / entertainment",
            "Government",
            "Financial services",
            "Telecommunications",
            "Retail / e-commerce"
          ],
          "unique_indicators": 82
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/eu.cc",
    "whois": "http://whois.domaintools.com/eu.cc",
    "domain": "eu.cc",
    "hostname": "nacex-h.eu.cc"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 1,
  "pulses": [
    {
      "id": "69fbe42d3036ddb4296481a3",
      "name": "URLert Daily Threat Intel \u2014 2026-05-07",
      "description": "URLert Daily Threat Intel \u2014 2026-05-07\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 49 | Indicators: 89\nConfirmed: 12 | Likely: 37\nTop threats: Phishing (38), Malware Hosting (5), Malvertising (3), Dropper (3)\nDomains: 5346815.help, apps.dj, bloomberginterviews.com, cfnfatprnttody.com, cineby.sc, com-long-5232054ff45.com, ct.ws, eu.cc, facebook.com, forms.gle, fut.ac, glydere.org, google.com, gvufwlo.top...\n\n49 unique threats producing 89 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-07T01:00:29.543000",
      "created": "2026-05-07T01:00:29.543000",
      "tags": [
        "adult-content",
        "adult-content-lure",
        "adult-scam",
        "aldi-impersonation",
        "android-malware",
        "anubis",
        "apk-distribution",
        "automated-scan",
        "bloomberg-impersonation",
        "booking-com-impersonation",
        "brand-impersonation",
        "browser-locking",
        "clickbait-scam",
        "cloaking",
        "content-locker",
        "copyright-infringement",
        "costco",
        "credential-harvesting",
        "crepes-and-waffles",
        "daily-threat-intel",
        "data-collection",
        "dating-scam",
        "deceptive-ai-persona",
        "deceptive-campaigns",
        "deceptive-download",
        "deceptive-page",
        "deceptive-practices",
        "deceptive-redirect",
        "deceptive-scam",
        "deceptive-site",
        "disruptive-behavior",
        "dm",
        "dropper",
        "e-commerce-scam",
        "ea-sports",
        "education-scam",
        "email-harvesting",
        "evasion-tactic",
        "evasion-technique",
        "fake-giveaway",
        "fake-rewards",
        "fake-security-check",
        "fake-security-checkpoint",
        "fake-security-verification",
        "fake-store",
        "fake-survey",
        "fake-toll-charge",
        "fake-toll-scam",
        "fc26",
        "financial-fraud",
        "financial-scam",
        "fraud",
        "fraudulent-dating-services",
        "free-hosting",
        "gaming",
        "georgia-department-of-driver-services",
        "google-drive-impersonation",
        "google-forms-abuse",
        "google-impersonation",
        "government-impersonation",
        "imdb-impersonation",
        "information-theft",
        "investment-scam",
        "jollibee",
        "logistics-sector",
        "malicious-infrastructure",
        "malicious-redirect",
        "malicious-redirection",
        "malicious-redirects",
        "malvertising",
        "malware-delivery",
        "malware-distribution",
        "malware-vector",
        "medical-lure",
        "mercadolivre",
        "mexico-city",
        "microsoft",
        "microsoft-impersonation",
        "mobile-billing-scam",
        "modified-apk",
        "nacex-impersonation",
        "new-domain",
        "newly-registered-domain",
        "obfuscated-download",
        "parking-fine",
        "payment-information-harvesting",
        "payment-scam",
        "personal-information-harvesting",
        "phishing",
        "phishing-site",
        "phone-number-harvesting",
        "piracy",
        "premium-rate-sms",
        "premium-unlocked",
        "prize-scam",
        "proxy-detection-message",
        "questionnaire-scam",
        "random-domain",
        "redirect-chain",
        "redirects",
        "retail-scam",
        "scam",
        "scam-campaign",
        "scam-funnel",
        "scam-infrastructure",
        "scam-site",
        "social-engineering",
        "spotify-impersonation",
        "steam",
        "streaming-scam",
        "survey-scam",
        "suspicious-apk",
        "suspicious-domain",
        "suspicious-redirect",
        "t-mobile",
        "travel-scam",
        "typo-squatting",
        "typosquatting",
        "unofficial-app-distribution",
        "unrealistic-pricing",
        "url-shortener",
        "urlert",
        "user-manipulation",
        "weebly",
        "weebly-hosting"
      ],
      "references": [
        "https://urlert.com/domain/5346815.help",
        "https://urlert.com/domain/apps.dj",
        "https://urlert.com/domain/bloomberginterviews.com",
        "https://urlert.com/domain/cfnfatprnttody.com",
        "https://urlert.com/domain/cineby.sc",
        "https://urlert.com/domain/com-long-5232054ff45.com",
        "https://urlert.com/domain/ct.ws",
        "https://urlert.com/domain/eu.cc",
        "https://urlert.com/domain/facebook.com",
        "https://urlert.com/domain/forms.gle",
        "https://urlert.com/domain/fut.ac",
        "https://urlert.com/domain/glydere.org",
        "https://urlert.com/domain/google.com",
        "https://urlert.com/domain/gvufwlo.top",
        "https://urlert.com/domain/heiut.top",
        "https://urlert.com/domain/humus.cam",
        "https://urlert.com/domain/jaexu.top",
        "https://urlert.com/domain/jitola.top",
        "https://urlert.com/domain/kluspz.com",
        "https://urlert.com/domain/ligshtshot.site"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Financial Services",
        "Government",
        "Healthcare",
        "Hospitality",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology",
        "Telecommunications"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 25,
        "URL": 41,
        "hostname": 15
      },
      "indicator_count": 81,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 29,
      "modified_text": "25 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://nacex-h.eu.cc/es",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://nacex-h.eu.cc/es",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780342727.0051079
}