{
  "type": "URL",
  "indicator": "https://projectsafenet.lol",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://projectsafenet.lol",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 4296172565,
      "indicator": "https://projectsafenet.lol",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 6,
      "pulses": [
        {
          "id": "69ec121455951901fef8a045",
          "name": "URLert Daily Threat Intel \u2014 2026-04-25",
          "description": "URLert Daily Threat Intel \u2014 2026-04-25\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 63 | Indicators: 122\nConfirmed: 19 | Likely: 44\nTop threats: Phishing (51), Malware Hosting (4), Unknown (3), Dropper (3), Malvertising (2)\nDomains: 6489.pro, app.link, beacons.ai, bit.ly, bookscloud.net, brohood.my.id, bunnyband.com, ca-paget.sbs, cointerac.org, contaboserver.net, cs2by.com, ct.ws, dexo.click, dkfnvk.cfd, dpdlocafd.sh...\n\n63 unique threats producing 122 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-25T00:14:07.625000",
          "created": "2026-04-25T01:00:04.128000",
          "tags": [
            "abused-hosting",
            "account-takeover",
            "adult-content-lure",
            "aggressive-ads",
            "ai-trading-bot",
            "anubis-challenge-service",
            "artificial-urgency",
            "automated-scan",
            "automatic-download",
            "azure-blob-storage",
            "booter",
            "brand-impersonation",
            "broken-site",
            "browser-locker",
            "burberry",
            "car-wrap-scam",
            "cloaking",
            "code-repository-impersonation",
            "command-execution",
            "complex-redirect-chain",
            "compromised-site",
            "contabo",
            "content-locker",
            "content-locker-scam",
            "costco-impersonation",
            "credential-harvesting",
            "crypto-scam",
            "cryptocurrency",
            "cyberattack-facilitation",
            "daily-threat-intel",
            "data-harvesting",
            "ddos-service",
            "deceptive-domain-email",
            "deceptive-marketing",
            "deceptive-practices",
            "deceptive-redirect",
            "deceptive-tactics",
            "deceptive-url",
            "delivery-scam",
            "dpd-impersonation",
            "e-commerce-fraud",
            "e-commerce-scam",
            "email-verification",
            "energy-crisis",
            "evasion-technique",
            "executable-malware",
            "extortion",
            "fake-discounts",
            "fake-download",
            "fake-prize",
            "fake-promotion",
            "fake-urgency",
            "fake-verification",
            "fake-virus-alert",
            "fanatics-impersonation",
            "file-sharing",
            "financial-data-harvesting",
            "financial-fraud",
            "financial-information-harvesting",
            "financial-scam",
            "fraudulent-infrastructure",
            "fraudulent-platform",
            "fraudulent-retail",
            "fraudulent-scheme",
            "fraudulent-sweepstakes",
            "fuel-voucher",
            "gambling-platform",
            "game-related-lure",
            "gaming",
            "gift-card-scam",
            "giveaway-scam",
            "google-cloud-storage-abuse",
            "google-impersonation",
            "government-impersonation",
            "government-targeting",
            "identity-theft",
            "impersonation",
            "infrastructure-misuse",
            "interac",
            "investment-scam",
            "lidl-impersonation",
            "linkvertise",
            "logistics-impersonation",
            "logistics-supply-chain",
            "low-reputation",
            "low-reputation-domain",
            "malicious-download",
            "malicious-file-delivery",
            "malicious-infrastructure",
            "malicious-redirection",
            "malicious-scripts",
            "malvertising",
            "malware-delivery",
            "malware-distribution",
            "mothers-day-scam",
            "multi-provider-phishing",
            "neosurf",
            "new-domain",
            "newly-registered-domain",
            "ontario-government",
            "payload-delivery",
            "payment-voucher-scam",
            "persistent-malware",
            "personal-information-collection",
            "personal-information-harvesting",
            "petrom",
            "phishing",
            "pii-collection",
            "plumeimpactor",
            "potentially-unwanted-software",
            "redirect",
            "roblox",
            "roblox-impersonation",
            "scam",
            "scam-ecommerce",
            "scam-site",
            "servientrega-impersonation",
            "shadow-reporting",
            "shein",
            "social-engineering",
            "software-piracy",
            "software-repository-impersonation",
            "spain",
            "spam-promotion",
            "spotify-impersonation",
            "steam",
            "stress-testing",
            "stresser",
            "survey-scam",
            "suspicious-domain",
            "suspicious-redirect",
            "suspicious-tld",
            "suspicious-url",
            "task-based-scam",
            "task-scam",
            "tech-support-scam",
            "technical-errors",
            "telegram-bot",
            "tracking-parameters",
            "trading-platform",
            "traffic-redirection",
            "transcash",
            "typosquatting",
            "uber-impersonation",
            "unknown-binary",
            "unsecured-site",
            "unverified-health-claims",
            "unwanted-software",
            "url-shortener",
            "urlert",
            "usps",
            "xyz-domain"
          ],
          "references": [
            "https://urlert.com/domain/6489.pro",
            "https://urlert.com/domain/app.link",
            "https://urlert.com/domain/beacons.ai",
            "https://urlert.com/domain/bit.ly",
            "https://urlert.com/domain/bookscloud.net",
            "https://urlert.com/domain/brohood.my.id",
            "https://urlert.com/domain/bunnyband.com",
            "https://urlert.com/domain/ca-paget.sbs",
            "https://urlert.com/domain/cointerac.org",
            "https://urlert.com/domain/contaboserver.net",
            "https://urlert.com/domain/cs2by.com",
            "https://urlert.com/domain/ct.ws",
            "https://urlert.com/domain/dexo.click",
            "https://urlert.com/domain/dkfnvk.cfd",
            "https://urlert.com/domain/dpdlocafd.shop",
            "https://urlert.com/domain/e-entrega.co",
            "https://urlert.com/domain/ethias.be",
            "https://urlert.com/domain/fafda.to",
            "https://urlert.com/domain/futfanaticss.com",
            "https://urlert.com/domain/gamedrive.org"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Energy",
            "Financial Services",
            "Government",
            "Hospitality",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 33,
            "URL": 36,
            "hostname": 13
          },
          "indicator_count": 82,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "6 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69e1863b865baefc104baf4e",
          "name": "URLert Daily Threat Intel \u2014 2026-04-17",
          "description": "URLert Daily Threat Intel \u2014 2026-04-17\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 68 | Indicators: 115\nConfirmed: 24 | Likely: 39 | Domain intel: 5\nTop threats: Phishing (55), Dropper (5), Malware Hosting (5), Malvertising (3)\nDomains: acccat.com, accountresourcecenter.xyz, aceimg.com, ampproject.org, ankergames.net, artinexia.com, atlasjet.com.ng, bexlorina.cfd, blogspot.com, blueberginternational.com, br9f.bet, bringit...\n\n68 unique threats producing 115 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-16T22:27:33.306000",
          "created": "2026-04-17T01:00:43.835000",
          "tags": [
            "account-takeover",
            "ad-fraud",
            "adult-content",
            "advance-fee-scam",
            "aged-domain",
            "amp-cache",
            "anti-analysis",
            "asset-theft",
            "automated-scan",
            "backdoor",
            "bonus-scam",
            "booking-com-impersonation",
            "bot-promoted",
            "brand-impersonation",
            "brazil",
            "browser-extension",
            "celebrity-impersonation",
            "click-to-unlock",
            "cloaking",
            "cloudflare-workers",
            "cpf-harvesting",
            "credential-harvesting",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-harvesting",
            "deceptive-advertising",
            "deceptive-crypto-gambling",
            "deceptive-incentives",
            "deceptive-lure",
            "deceptive-marketing",
            "deceptive-platform",
            "deceptive-pricing",
            "deceptive-registration",
            "deceptive-scheme",
            "deceptive-site",
            "deceptive-tactics",
            "direct-download",
            "domain-classification",
            "domain-rotation",
            "dpd",
            "elon-musk",
            "email-harvesting",
            "employment-scam",
            "epic-games",
            "evasion",
            "evasion-technique",
            "extortion",
            "facebook-impersonation",
            "fake-financial-aid",
            "fake-giveaway",
            "fake-job-offer",
            "fake-message",
            "fake-testimonials",
            "fake-trust-badge",
            "file-hosting",
            "file-sharing-abuse",
            "financial-exploitation",
            "financial-fraud",
            "financial-impersonation",
            "financial-lure",
            "financial-scam",
            "financial-sector",
            "financial-service-impersonation",
            "financial-services-impersonation",
            "fiverr-impersonation",
            "fraud",
            "fraudulent-platform",
            "fraudulent-store",
            "gambling-scam",
            "game-lure",
            "generic-login",
            "get-paid-to-scam",
            "get-rich-quick",
            "government-impersonation",
            "high-risk-domain",
            "high-risk-hosting",
            "high-risk-tld",
            "identity-theft",
            "information-harvesting",
            "investment-scam",
            "invitation-code-scam",
            "java-malware",
            "login-harvesting",
            "login-page",
            "malicious-activity",
            "malicious-archive",
            "malicious-domain",
            "malicious-file-distribution",
            "malicious-landing-page",
            "malicious-redirect",
            "malicious-redirects",
            "malware-delivery",
            "malware-distribution",
            "malware-hosting",
            "mass.gov",
            "mercadolivre",
            "mfa-interception",
            "microsoft-impersonation",
            "misleading-download",
            "monetization-scheme",
            "money-making-scheme",
            "money-scam",
            "music-streaming-impersonation",
            "nebula-x",
            "new-domain",
            "newly-registered-domain",
            "online-gambling-scam",
            "ontario-government",
            "payload-delivery",
            "payment-information-harvesting",
            "phishing",
            "phishing-campaign",
            "phishing-email",
            "pirated-software",
            "placeholder-content",
            "ponzi-scheme",
            "potentially-malicious",
            "prize-scam",
            "recent-domain",
            "recruitment-fraud",
            "recruitment-scam",
            "recruitment-scheme",
            "redirect",
            "redirect-chain",
            "redirect-facade",
            "referral-scheme",
            "retail-e-commerce",
            "retail-scam",
            "retail-sector",
            "rocket-league-impersonation",
            "ru-domain",
            "scam",
            "scam-shop",
            "scam-site",
            "scam-sites",
            "search-engine-blocking",
            "shufersal",
            "shufersal-impersonation",
            "social-engineering",
            "software-piracy",
            "spam-promotion",
            "streaming-service-impersonation",
            "survey-scam",
            "suspicious-domain",
            "suspicious-redirect",
            "suspicious-registry",
            "suspicious-tld",
            "taiwan",
            "task-based-scam",
            "task-scam",
            "tiktok-impersonation",
            "traffic-redirection",
            "typosquatting",
            "unsecured-files",
            "unsolicited-messages",
            "unverified-app-download",
            "unwanted-software",
            "url-cloaking",
            "url-redirection",
            "url-shortener",
            "urlert",
            "usdt-targeting",
            "wibo-baltic-uab",
            "withdrawal-scam",
            "x-formerly-twitter"
          ],
          "references": [
            "https://urlert.com/domain/acccat.com",
            "https://urlert.com/domain/accountresourcecenter.xyz",
            "https://urlert.com/domain/aceimg.com",
            "https://urlert.com/domain/ampproject.org",
            "https://urlert.com/domain/ankergames.net",
            "https://urlert.com/domain/artinexia.com",
            "https://urlert.com/domain/atlasjet.com.ng",
            "https://urlert.com/domain/bexlorina.cfd",
            "https://urlert.com/domain/blogspot.com",
            "https://urlert.com/domain/blueberginternational.com",
            "https://urlert.com/domain/br9f.bet",
            "https://urlert.com/domain/bringitonmsg.com",
            "https://urlert.com/domain/bunnyband.com",
            "https://urlert.com/domain/calendarikymer.forum",
            "https://urlert.com/domain/cgtsrb.vip",
            "https://urlert.com/domain/clientproject.info",
            "https://urlert.com/domain/create-road.my",
            "https://urlert.com/domain/dandys1.xyz",
            "https://urlert.com/domain/delta-executor.com",
            "https://urlert.com/domain/doutf.cn"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Government",
            "Hospitality",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 37,
            "hostname": 11,
            "URL": 40
          },
          "indicator_count": 88,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 29,
          "modified_text": "14 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69dc1a55d4a952ca9b117bd6",
          "name": "URLert Daily Threat Intel \u2014 2026-04-12",
          "description": "URLert Daily Threat Intel \u2014 2026-04-12\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 46 | Indicators: 88\nConfirmed: 17 | Likely: 29\nTop threats: Phishing (34), Malware Hosting (4), Malvertising (3), Dropper (3), Unknown (2)\nDomains: ac-inbox.com, aceimg.com, apkpurehub.net, appmedo.com, auroraexchanges.com, buksuper.xyz, bunnyband.com, cstradex.com, dandys1.xyz, dfxecha.com, digitaloceanspaces.com, flgroup.win, fort-v...\n\n46 unique threats producing 88 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-12T01:07:39.899000",
          "created": "2026-04-12T22:19:01.528000",
          "tags": [
            "account-theft",
            "adult-content",
            "apk-download",
            "apk-malware",
            "automated-bots",
            "automated-scan",
            "brand-impersonation",
            "brushing-scam",
            "click-bait",
            "cloaking",
            "cloudflare-block",
            "connect-wallet-prompt",
            "content-gating",
            "credential-harvesting",
            "credit-card-theft",
            "crypto-phishing",
            "crypto-scam",
            "cryptocurrency",
            "cryptocurrency-exchange-impersonation",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-exfiltration",
            "data-harvesting",
            "data-interception",
            "deception",
            "deceptive-domain",
            "deceptive-gambling",
            "deceptive-landing-page",
            "deceptive-practices",
            "deceptive-scam",
            "deceptive-site",
            "deposit-scam",
            "download-lure",
            "e-commerce-scam",
            "earning-scam",
            "epic-games",
            "evasion",
            "explicit-content",
            "extortion",
            "fake-app-store",
            "fake-countdown-timer",
            "fake-ecommerce",
            "fake-login-page",
            "fake-marketplace",
            "fake-rewards",
            "fake-testimonials",
            "financial-fraud",
            "financial-risk",
            "financial-scam",
            "financial-theft",
            "fraud",
            "fraudulent-activity",
            "fraudulent-network",
            "fraudulent-storefront",
            "free-spins",
            "game-cheats",
            "gaming",
            "get-rich-quick",
            "hyip",
            "icloud-pin-harvesting",
            "identity-theft",
            "information-gathering",
            "investment-scam",
            "low-reputation-domain",
            "malicious-app",
            "malicious-download",
            "malicious-redirection",
            "malicious-redirects",
            "malware-distribution",
            "malware-risk",
            "man-in-the-middle",
            "manipulative-language",
            "monetary-fraud",
            "nebula-x",
            "new-domain",
            "newly-registered-domain",
            "obfuscated-url",
            "personal-information-collection",
            "phishing",
            "phishing-kit",
            "pirated-games",
            "purchase-scam",
            "pyramid-scheme",
            "qr-code-scam",
            "redirect-chain",
            "redirect-scam",
            "redirects",
            "referral-scheme",
            "retail-sector",
            "roblox",
            "rocket-league",
            "scam",
            "scam-domain",
            "scam-shop",
            "scam-site",
            "shadow-reporting-scheme",
            "sm-campaign",
            "social-engineering",
            "steamunderground",
            "subscription-scam",
            "suspicious-domain",
            "suspicious-redirect",
            "task-based-scam",
            "task-scam",
            "telegram-bot",
            "telegram-client-malware",
            "tiktok",
            "typosquatting",
            "unauthorized-downloads",
            "unicef",
            "url-obfuscation",
            "url-redirection",
            "urlert",
            "wallet-drainer",
            "wayfair",
            "welcome-bonus",
            "youtube-bots",
            "youtube-promotion"
          ],
          "references": [
            "https://urlert.com/domain/ac-inbox.com",
            "https://urlert.com/domain/aceimg.com",
            "https://urlert.com/domain/apkpurehub.net",
            "https://urlert.com/domain/appmedo.com",
            "https://urlert.com/domain/auroraexchanges.com",
            "https://urlert.com/domain/buksuper.xyz",
            "https://urlert.com/domain/bunnyband.com",
            "https://urlert.com/domain/cstradex.com",
            "https://urlert.com/domain/dandys1.xyz",
            "https://urlert.com/domain/dfxecha.com",
            "https://urlert.com/domain/digitaloceanspaces.com",
            "https://urlert.com/domain/flgroup.win",
            "https://urlert.com/domain/fort-vbucks.life",
            "https://urlert.com/domain/go448.com",
            "https://urlert.com/domain/greennigeriia.cc",
            "https://urlert.com/domain/it.com",
            "https://urlert.com/domain/kindwealthnetwork.xyz",
            "https://urlert.com/domain/lcdprize.world",
            "https://urlert.com/domain/mt3.me",
            "https://urlert.com/domain/nqq.cc"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Media / Entertainment",
            "Non-Profit",
            "Retail / E-Commerce",
            "Technology",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 27,
            "hostname": 11,
            "URL": 28
          },
          "indicator_count": 66,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 31,
          "modified_text": "19 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d6fa144bba9d675073150e",
          "name": "URLert Daily Threat Intel \u2014 2026-04-09",
          "description": "URLert Daily Threat Intel \u2014 2026-04-09\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 144 | Indicators: 278\nConfirmed: 40 | Likely: 100 | Domain intel: 4\nTop threats: Phishing (127), Malvertising (5), Malware Hosting (5), Dropper (4), Unknown (2)\nDomains: 678940.com, acsgri.xyz, amazonvtc.com, apple-job-opportunities.com, as6738.com, axionholdings.online, booklng-dats.com, buksuper.xyz, castrooutlet-il.shop, cfbfpro.com, clarissaflorence.co...\n\n144 unique threats producing 278 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-08T22:06:56.603000",
          "created": "2026-04-09T01:00:04.860000",
          "tags": [
            "seur",
            "abused-infrastructure",
            "account-hijacking",
            "account-login-impersonation",
            "acs-courier",
            "ad-blocker-bypass",
            "ad-revenue",
            "ad-revenue-scam",
            "adult-content",
            "adult-content-lure",
            "adult-content-scam",
            "adult-scam",
            "advance-fee-fraud",
            "affiliate-marketing-scam",
            "affiliate-redirect",
            "aged-domain",
            "aggressive-language",
            "airportparking-service",
            "amazon",
            "anti-analysis",
            "arkansas",
            "asset-theft",
            "automated-scan",
            "belgian-health-insurance-impersonation",
            "blank-page",
            "booking-com",
            "booking-com-impersonation",
            "brand-impersonation",
            "brand-in-subdomain",
            "brazil",
            "broken-template",
            "browser-exploit",
            "canada",
            "castro",
            "cloudflare",
            "cloudflare-impersonation",
            "cloudflared-blocked",
            "combosquatting",
            "compromised-site",
            "content-locker",
            "counterfeit-goods",
            "cracked-games",
            "credential-harvesting",
            "crypto-casino-scam",
            "crypto-com",
            "crypto-scam",
            "cryptocurrency",
            "cryptocurrency-investment-scam",
            "cryptocurrency-mining",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-harvesting",
            "dating-scam",
            "deception",
            "deceptive-advertising",
            "deceptive-content",
            "deceptive-dating-scam",
            "deceptive-distribution",
            "deceptive-domain",
            "deceptive-lead-generation",
            "deceptive-marketing",
            "deceptive-offer-walls",
            "deceptive-online-store",
            "deceptive-practices",
            "deceptive-promotion",
            "deceptive-prompts",
            "deceptive-redirect",
            "deceptive-security-check",
            "deceptive-site",
            "deceptive-template",
            "delivery-exception",
            "delivery-exception-scam",
            "delivery-scam",
            "discord-account-hijacking",
            "discord-impersonation",
            "disposable-infrastructure",
            "docsend-impersonation",
            "domain-age-misleading",
            "domain-classification",
            "dpd",
            "dpd-impersonation",
            "dpd-local",
            "e-commerce-scam",
            "education",
            "email-credentials",
            "email-harvesting",
            "employment-scam",
            "explicit-content",
            "fake-captcha",
            "fake-check-scam",
            "fake-fees",
            "fake-giveaway",
            "fake-login",
            "fake-payment",
            "fake-persona",
            "fake-prize",
            "fake-security-challenge",
            "fake-shop",
            "fake-storefront",
            "fake-survey",
            "fake-urgency",
            "fake-wallet",
            "fake-warning",
            "financial-fraud",
            "financial-impersonation",
            "financial-information-harvesting",
            "financial-information-theft",
            "financial-scam",
            "fortnite",
            "fortnite-lure",
            "fraud",
            "fraudulent-commerce",
            "fraudulent-domain",
            "fraudulent-exchange",
            "fraudulent-investment-scheme",
            "fraudulent-payment",
            "fraudulent-services",
            "fraudulent-subscriptions",
            "free-hosting",
            "free-movie-streaming-lure",
            "ftp",
            "game-cheats",
            "gamers",
            "georgia-dds",
            "gibberish-domain",
            "giveaway-scam",
            "google-safe-browsing",
            "government-impersonation",
            "groupon",
            "high-return-scam",
            "high-risk-tld",
            "hoka",
            "hookup-scam",
            "human-verification",
            "hyip",
            "identity-theft",
            "identity-verification-scam",
            "illinois",
            "information-harvesting",
            "insecure-protocol",
            "instagram",
            "installer-download",
            "investment-scam",
            "ipfs-gateway",
            "job-scam",
            "jotform-abuse",
            "large-scale-redirection",
            "lbank",
            "lead-generation",
            "link-shortener",
            "linkedin-impersonation",
            "loading-spinner",
            "logistics",
            "logistics-impersonation",
            "malicious-domain",
            "malicious-redirect",
            "malicious-redirects",
            "malicious-scripts",
            "malvertising",
            "malware-delivery",
            "malware-distribution",
            "malware-download",
            "malware-risk",
            "mexc-impersonation",
            "microsoft-impersonation",
            "microsoft-sharepoint",
            "mitm",
            "mobile-redirect",
            "multi-domain-redirect",
            "nc-dot-impersonation",
            "ncdot",
            "nebula-x",
            "new-domain",
            "newly-registered-domain",
            "north-carolina",
            "oauth-phishing",
            "obfuscated-redirects",
            "oklahoma-dps-impersonation",
            "okx",
            "olx",
            "online-gambling",
            "ontario",
            "pages-dev-abuse",
            "parking-citation",
            "paycity-impersonation",
            "payment-fraud",
            "payment-harvesting",
            "payment-information-harvesting",
            "payment-scam",
            "paypal-impersonation",
            "personal-information-collection",
            "personal-information-harvesting",
            "phishing",
            "phishing-attempt",
            "phishing-infrastructure",
            "phishing-kit",
            "phishing-scam",
            "phishing-site",
            "phishing-vector",
            "pig-butchering",
            "pirated-software",
            "ponzi-scheme",
            "privacy-violation",
            "pump-fun",
            "pyramid-scheme",
            "raiffeisen",
            "random-domain",
            "recently-registered-domain",
            "reconnaissance",
            "recruitment-scheme",
            "redirect",
            "redirect-chain",
            "redirect-cloaking",
            "registration-scam",
            "remote-task-scam",
            "repurposed-domain",
            "retail-scam",
            "riskware",
            "roblox",
            "roblox-impersonation",
            "robux-scam",
            "sameday-courier-impersonation",
            "scam",
            "scam-domain",
            "scam-funnel",
            "scam-platform",
            "security-bypass",
            "session-hijacking",
            "shadow-reporting",
            "shein",
            "shipping-fee-scam",
            "social-engineering",
            "software-executors",
            "software-piracy",
            "soundsquatting",
            "south-africa",
            "steam",
            "surge-sh",
            "survey-scam",
            "suspicious-domain",
            "suspicious-login",
            "suspicious-tld",
            "suspicious-traffic",
            "task-scam",
            "telegram",
            "texas",
            "tiktok",
            "tiktok-impersonation",
            "toll-scam",
            "tracksoptions-com",
            "traffic-citation",
            "tx-dmv",
            "typosquatting",
            "unauthorized-streaming",
            "universitatea-politehnica-timisoara",
            "unknown-payload",
            "unverified-apps",
            "unwanted-software",
            "unwanted-subscriptions",
            "url-obfuscation",
            "url-redirection",
            "urlert",
            "user-deception",
            "user-manipulation",
            "usps-impersonation",
            "vaultcord-impersonation",
            "vercel-subdomain",
            "vulnerability-scanning",
            "wabtec",
            "wallapop",
            "wallet-drainer",
            "wallet-phishing",
            "western-union-scam",
            "whatsapp-scam",
            "windows-installer",
            "withdrawal-scam",
            "zoom-impersonation"
          ],
          "references": [
            "https://urlert.com/domain/678940.com",
            "https://urlert.com/domain/acsgri.xyz",
            "https://urlert.com/domain/amazonvtc.com",
            "https://urlert.com/domain/apple-job-opportunities.com",
            "https://urlert.com/domain/as6738.com",
            "https://urlert.com/domain/axionholdings.online",
            "https://urlert.com/domain/booklng-dats.com",
            "https://urlert.com/domain/buksuper.xyz",
            "https://urlert.com/domain/castrooutlet-il.shop",
            "https://urlert.com/domain/cfbfpro.com",
            "https://urlert.com/domain/clarissaflorence.com",
            "https://urlert.com/domain/com-conflrm-eu.com",
            "https://urlert.com/domain/com-sart.top",
            "https://urlert.com/domain/com-sasi.top",
            "https://urlert.com/domain/compromisedblog.com",
            "https://urlert.com/domain/connectview.click",
            "https://urlert.com/domain/coppii.com",
            "https://urlert.com/domain/cozyloftz.com",
            "https://urlert.com/domain/cryptor.plus",
            "https://urlert.com/domain/ct.ws"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Financial Services",
            "Government",
            "Hospitality",
            "Insurance",
            "Logistics / Supply Chain",
            "Manufacturing",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 87,
            "URL": 89,
            "hostname": 41
          },
          "indicator_count": 217,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "22 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d30594f707d5c78dd0db9d",
          "name": "URLert Daily Threat Intel \u2014 2026-04-06",
          "description": "URLert Daily Threat Intel \u2014 2026-04-06\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 113 | Indicators: 188\nConfirmed: 36 | Likely: 64 | Domain intel: 13\nTop threats: Phishing (83), Malware Hosting (19), Malvertising (5), Unknown (3), Dropper (2)\nDomains: acsgri.com, adescargar.net, aixldc10.shop, an1.com, antai-gouv-info.im, audioz.download, awstrack.me, behindtheemail.com, besowin156.pro, bestwestern-id-nt52vos.com, bestwestern-id-oa74fta...\n\n113 unique threats producing 188 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-05T20:19:42.941000",
          "created": "2026-04-06T01:00:04.648000",
          "tags": [
            "abuse-of-legitimate-platform",
            "account-recovery-scam",
            "account-takeover",
            "adult-content",
            "adware",
            "aggressive-advertising",
            "android-apk",
            "android-malware",
            "antai",
            "apk-download",
            "apk-malware",
            "app-download-scam",
            "audio-plugins",
            "automated-scan",
            "bait-and-switch",
            "bank-frick",
            "beacons",
            "best-western",
            "brand-impersonation",
            "browser-hijacking",
            "burn-and-churn",
            "camera-access",
            "capcut-pro",
            "cloaking",
            "cloud-mining",
            "colombia",
            "combosquatting",
            "contest-scam",
            "coomeet",
            "copyright-infringement",
            "counterfeit",
            "counterfeit-distribution",
            "counterfeit-site",
            "counterfeit-software",
            "cpa-scam",
            "cracked-software",
            "credential-harvesting",
            "credential-theft",
            "crypto-casino",
            "crypto-scam",
            "cryptocurrency-exchange",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "dark-patterns",
            "data-aggregation",
            "data-breach-records",
            "data-harvesting",
            "data-theft",
            "dating-scam",
            "deceptive-ads",
            "deceptive-advertising",
            "deceptive-ecommerce-scam",
            "deceptive-landing-pages",
            "deceptive-lead-generation",
            "deceptive-links",
            "deceptive-offers",
            "deceptive-page",
            "deceptive-pricing",
            "deceptive-promises",
            "deceptive-site",
            "deceptive-subscription",
            "deceptive-tactics",
            "delivery-exception-scam",
            "delivery-scam",
            "discord-impersonation",
            "disposable-infrastructure",
            "domain-classification",
            "domain-hopping",
            "dpd-impersonation",
            "e-commerce-scam",
            "ecommerce-scam",
            "education",
            "educational-content-piracy",
            "electronics-fraud",
            "emotional-manipulation",
            "epic-games",
            "extortion",
            "facebook-campaign",
            "fake-app-distribution",
            "fake-domain",
            "fake-giveaway",
            "fake-login",
            "fake-login-page",
            "fake-login-portal",
            "fake-payment-portal",
            "fake-registration",
            "fake-reviews",
            "fake-rewards",
            "fake-security-check",
            "fake-shop",
            "fake-verification",
            "financial-fraud",
            "financial-information-theft",
            "financial-phishing",
            "financial-scam",
            "financial-services",
            "forced-redirects",
            "fortnite",
            "fraudulent-marketplace",
            "fraudulent-platform",
            "fraudulent-purchases",
            "fraudulent-retailer",
            "fraudulent-scheme",
            "free-hosting",
            "free-jewelry-scam",
            "free-spins-scam",
            "french-government",
            "french-government-impersonation",
            "gambling-scam",
            "gambling-site",
            "game-impersonation",
            "gaming-theme",
            "gibberish-domain",
            "giveaway-scam",
            "google",
            "grayware",
            "high-risk-domain",
            "high-risk-domain-extension",
            "high-risk-environment",
            "high-risk-tld",
            "hospitality",
            "hungary",
            "identity-intelligence",
            "identity-theft",
            "illegal-content",
            "impersonation",
            "incentivized-traffic",
            "indonesian-targeting",
            "information-collection",
            "information-obfuscation",
            "investment-scam",
            "israel",
            "it.com",
            "landing-page-service",
            "link-in-bio",
            "login-page",
            "logistics-phishing",
            "logistics-sector",
            "malicious-domain",
            "malicious-impersonation",
            "malicious-redirect",
            "malicious-redirection",
            "malicious-redirects",
            "malvertising",
            "malware",
            "malware-delivery",
            "malware-distribution",
            "malware-hosting",
            "malware-vector",
            "medi-markt",
            "mediamarkt-impersonation",
            "mediatarget",
            "modded-apk",
            "modified-apk",
            "monopoly-go",
            "music-production",
            "nebula-x",
            "new-domain",
            "newly-registered-domain",
            "oauth2-abuse",
            "olx",
            "online-scam",
            "onlyfans-impersonation",
            "payment-information-harvesting",
            "payment-scam",
            "paypal-friends-and-family",
            "personal-information-collection",
            "personal-information-harvesting",
            "phishing",
            "phishing-backend",
            "phishing-kit",
            "phishing-platform",
            "phishing-scam",
            "phishing-site",
            "pig-butchering-scam",
            "pii-collection",
            "porn-lure",
            "potentially-harmful-applications",
            "privacy-risk",
            "prize-scam",
            "product-impersonation",
            "pup",
            "quantitative-strategies",
            "recently-registered-domain",
            "redirect",
            "redirect-chain",
            "redirect-cloaking",
            "redirection",
            "redirection-scheme",
            "redirects",
            "replit-app",
            "retail-e-commerce",
            "retail-ecommerce",
            "retail-fraud",
            "retail-impersonation",
            "retail-scam",
            "retail-sector",
            "revanced",
            "revanced-impersonation",
            "revanced-malware",
            "roblox",
            "roblox-impersonation",
            "rug-pull",
            "scam",
            "scam-domain",
            "scam-lure",
            "scam-shop",
            "scam-site",
            "scaniverse-impersonation",
            "scareware",
            "shadow-reporting",
            "shadow-reporting-extortion-scheme",
            "shadow-reporting-scheme",
            "shipping-impersonation",
            "shopee",
            "shortened-url",
            "simit",
            "snickers-workwear",
            "social-engineering",
            "social-media-campaign",
            "social-media-scam",
            "software-piracy",
            "sorewin149",
            "souq-impersonation",
            "spyware",
            "steam-community",
            "steam-credential-phishing",
            "suspicious-domain",
            "suspicious-executable",
            "suspicious-infrastructure",
            "suspicious-redirector",
            "telecommunications-sector",
            "telegram-scam",
            "tracking-redirect",
            "trading-scam",
            "traffic-redirection",
            "trojan",
            "trojanized-game",
            "typosquat",
            "typosquatting",
            "unauthorized-access",
            "unauthorized-content-distribution",
            "unofficial-app",
            "unregulated-gambling",
            "unrestricted-file-hosting",
            "unverified-apps",
            "unverified-software",
            "unvetted-content",
            "unwanted-software",
            "url-shortener",
            "urlert",
            "usdt-scam",
            "video-call-scam",
            "vinted-impersonation",
            "visa",
            "withdrawal-scam",
            "xfinity",
            "youtube-downloader"
          ],
          "references": [
            "https://urlert.com/domain/acsgri.com",
            "https://urlert.com/domain/adescargar.net",
            "https://urlert.com/domain/aixldc10.shop",
            "https://urlert.com/domain/an1.com",
            "https://urlert.com/domain/antai-gouv-info.im",
            "https://urlert.com/domain/audioz.download",
            "https://urlert.com/domain/awstrack.me",
            "https://urlert.com/domain/behindtheemail.com",
            "https://urlert.com/domain/besowin156.pro",
            "https://urlert.com/domain/bestwestern-id-nt52vos.com",
            "https://urlert.com/domain/bestwestern-id-oa74fta.com",
            "https://urlert.com/domain/bfrickonline.com",
            "https://urlert.com/domain/biltty.cc",
            "https://urlert.com/domain/binance-trade.info",
            "https://urlert.com/domain/bit.ly",
            "https://urlert.com/domain/bot-gate.cc",
            "https://urlert.com/domain/boxpop.cfd",
            "https://urlert.com/domain/capcutpro.org.in",
            "https://urlert.com/domain/cashstar.com",
            "https://urlert.com/domain/clearancesalestore-eu.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Financial Services",
            "Government",
            "Hospitality",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 65,
            "hostname": 19,
            "URL": 55
          },
          "indicator_count": 139,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 32,
          "modified_text": "25 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69f54caa7cb0e300ef3662ab",
          "name": "URLert Daily Threat Intel \u2014 2026-05-02",
          "description": "URLert Daily Threat Intel \u2014 2026-05-02\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 30 | Indicators: 69\nConfirmed: 6 | Likely: 24\nTop threats: Phishing (26), Dropper (2), Malvertising (1), Malware Hosting (1)\nDomains: bakecaincountrie.com, computacentersolutions.dad, deliwekahh.shop, due-otscs.com, eargmose-csoaad.xyz, google.com, gov-zhngf.help, govtgn.cam, govtxid.shop, govyhvc.cam, gywcf.top, itidokp...\n\n30 unique threats producing 69 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-02T01:00:26.753000",
          "created": "2026-05-02T01:00:26.753000",
          "tags": [
            "automated-scan",
            "brand-impersonation",
            "browser-lock",
            "cloudflare-impersonation",
            "computacenter-impersonation",
            "counterfeit-goods",
            "credential-harvesting",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-harvesting",
            "dating-affiliate-scheme",
            "deception",
            "deceptive-campaign",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-landing-page",
            "deceptive-practices",
            "deceptive-tactic",
            "deceptive-warning",
            "delivery-scam",
            "dpd-impersonation",
            "explicit-content",
            "extortion",
            "fake-delivery-alert",
            "fake-legal-notice",
            "fake-login",
            "fake-payment-proofs",
            "fake-security-challenge",
            "fake-security-page",
            "fake-store",
            "fake-video-player",
            "financial-scam",
            "financial-services",
            "fraudulent-scheme",
            "fraudulent-site",
            "get-rich-quick-scheme",
            "government-impersonation",
            "high-risk-tld",
            "holiday-scam",
            "identity-theft",
            "information-harvesting",
            "information-stealing",
            "intimidation-tactics",
            "link-shortener",
            "login-harvesting",
            "malicious-activity",
            "malicious-form",
            "malware-delivery",
            "malware-distribution",
            "meta-impersonation",
            "mobile-number-harvesting",
            "ncdmv",
            "office-365",
            "payment-harvesting",
            "payment-information-theft",
            "phishing",
            "phishing-page",
            "phone-number-harvesting",
            "random-domain",
            "redirect-chain",
            "redirects",
            "registration-scam",
            "retail-scam",
            "roblox",
            "scam",
            "scam-infrastructure",
            "scareware",
            "security-issues",
            "shadow-reporting",
            "social-engineering",
            "suspicious-domain",
            "task-to-earn",
            "tech-support-scam",
            "toll-scam",
            "urlert",
            "usps-impersonation",
            "vpn-scam"
          ],
          "references": [
            "https://urlert.com/domain/bakecaincountrie.com",
            "https://urlert.com/domain/computacentersolutions.dad",
            "https://urlert.com/domain/deliwekahh.shop",
            "https://urlert.com/domain/due-otscs.com",
            "https://urlert.com/domain/eargmose-csoaad.xyz",
            "https://urlert.com/domain/google.com",
            "https://urlert.com/domain/gov-zhngf.help",
            "https://urlert.com/domain/govtgn.cam",
            "https://urlert.com/domain/govtxid.shop",
            "https://urlert.com/domain/govyhvc.cam",
            "https://urlert.com/domain/gywcf.top",
            "https://urlert.com/domain/itidokpo.xyz",
            "https://urlert.com/domain/kiocusdt.com",
            "https://urlert.com/domain/ln.run",
            "https://urlert.com/domain/lovable.app",
            "https://urlert.com/domain/macyslxeur.com",
            "https://urlert.com/domain/mmfsbers.cyou",
            "https://urlert.com/domain/modelbuilddepot.com",
            "https://urlert.com/domain/oundhertobeconsist.org",
            "https://urlert.com/domain/php.lat"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Government",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 28,
            "domain": 23,
            "hostname": 13
          },
          "indicator_count": 64,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "29 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://urlert.com/domain/dkfnvk.cfd",
        "https://urlert.com/domain/govtxid.shop",
        "https://urlert.com/domain/antai-gouv-info.im",
        "https://urlert.com/domain/mmfsbers.cyou",
        "https://urlert.com/domain/contaboserver.net",
        "https://urlert.com/domain/acsgri.com",
        "https://urlert.com/domain/go448.com",
        "https://urlert.com/domain/brohood.my.id",
        "https://urlert.com/domain/castrooutlet-il.shop",
        "https://urlert.com/domain/bit.ly",
        "https://urlert.com/domain/acccat.com",
        "https://urlert.com/domain/accountresourcecenter.xyz",
        "https://urlert.com/domain/awstrack.me",
        "https://urlert.com/domain/macyslxeur.com",
        "https://urlert.com/domain/cashstar.com",
        "https://urlert.com/domain/lcdprize.world",
        "https://urlert.com/domain/ln.run",
        "https://urlert.com/domain/cgtsrb.vip",
        "https://urlert.com/domain/create-road.my",
        "https://urlert.com/domain/cryptor.plus",
        "https://urlert.com/domain/ac-inbox.com",
        "https://urlert.com/domain/biltty.cc",
        "https://urlert.com/domain/kindwealthnetwork.xyz",
        "https://urlert.com/domain/amazonvtc.com",
        "https://urlert.com/domain/dfxecha.com",
        "https://urlert.com/domain/atlasjet.com.ng",
        "https://urlert.com/domain/govyhvc.cam",
        "https://urlert.com/domain/futfanaticss.com",
        "https://urlert.com/domain/678940.com",
        "https://urlert.com/domain/ampproject.org",
        "https://urlert.com/domain/doutf.cn",
        "https://urlert.com/domain/an1.com",
        "https://urlert.com/domain/ethias.be",
        "https://urlert.com/domain/calendarikymer.forum",
        "https://urlert.com/domain/clarissaflorence.com",
        "https://urlert.com/domain/buksuper.xyz",
        "https://urlert.com/domain/adescargar.net",
        "https://urlert.com/domain/ca-paget.sbs",
        "https://urlert.com/domain/app.link",
        "https://urlert.com/domain/com-conflrm-eu.com",
        "https://urlert.com/domain/lovable.app",
        "https://urlert.com/domain/aceimg.com",
        "https://urlert.com/domain/coppii.com",
        "https://urlert.com/domain/6489.pro",
        "https://urlert.com/domain/besowin156.pro",
        "https://urlert.com/domain/apple-job-opportunities.com",
        "https://urlert.com/domain/as6738.com",
        "https://urlert.com/domain/audioz.download",
        "https://urlert.com/domain/auroraexchanges.com",
        "https://urlert.com/domain/e-entrega.co",
        "https://urlert.com/domain/capcutpro.org.in",
        "https://urlert.com/domain/gov-zhngf.help",
        "https://urlert.com/domain/dandys1.xyz",
        "https://urlert.com/domain/beacons.ai",
        "https://urlert.com/domain/cointerac.org",
        "https://urlert.com/domain/bakecaincountrie.com",
        "https://urlert.com/domain/greennigeriia.cc",
        "https://urlert.com/domain/itidokpo.xyz",
        "https://urlert.com/domain/nqq.cc",
        "https://urlert.com/domain/bestwestern-id-oa74fta.com",
        "https://urlert.com/domain/bfrickonline.com",
        "https://urlert.com/domain/artinexia.com",
        "https://urlert.com/domain/br9f.bet",
        "https://urlert.com/domain/gamedrive.org",
        "https://urlert.com/domain/eargmose-csoaad.xyz",
        "https://urlert.com/domain/compromisedblog.com",
        "https://urlert.com/domain/com-sart.top",
        "https://urlert.com/domain/binance-trade.info",
        "https://urlert.com/domain/bexlorina.cfd",
        "https://urlert.com/domain/computacentersolutions.dad",
        "https://urlert.com/domain/fafda.to",
        "https://urlert.com/domain/modelbuilddepot.com",
        "https://urlert.com/domain/boxpop.cfd",
        "https://urlert.com/domain/apkpurehub.net",
        "https://urlert.com/domain/ankergames.net",
        "https://urlert.com/domain/bringitonmsg.com",
        "https://urlert.com/domain/blueberginternational.com",
        "https://urlert.com/domain/govtgn.cam",
        "https://urlert.com/domain/gywcf.top",
        "https://urlert.com/domain/ct.ws",
        "https://urlert.com/domain/dexo.click",
        "https://urlert.com/domain/com-sasi.top",
        "https://urlert.com/domain/php.lat",
        "https://urlert.com/domain/flgroup.win",
        "https://urlert.com/domain/mt3.me",
        "https://urlert.com/domain/oundhertobeconsist.org",
        "https://urlert.com/domain/dpdlocafd.shop",
        "https://urlert.com/domain/delta-executor.com",
        "https://urlert.com/domain/cfbfpro.com",
        "https://urlert.com/domain/bot-gate.cc",
        "https://urlert.com/domain/connectview.click",
        "https://urlert.com/domain/due-otscs.com",
        "https://urlert.com/domain/google.com",
        "https://urlert.com/domain/cs2by.com",
        "https://urlert.com/domain/behindtheemail.com",
        "https://urlert.com/domain/axionholdings.online",
        "https://urlert.com/domain/digitaloceanspaces.com",
        "https://urlert.com/domain/bunnyband.com",
        "https://urlert.com/domain/fort-vbucks.life",
        "https://urlert.com/domain/deliwekahh.shop",
        "https://urlert.com/domain/cozyloftz.com",
        "https://urlert.com/domain/booklng-dats.com",
        "https://urlert.com/domain/clientproject.info",
        "https://urlert.com/domain/clearancesalestore-eu.com",
        "https://urlert.com/domain/acsgri.xyz",
        "https://urlert.com/domain/cstradex.com",
        "https://urlert.com/domain/bookscloud.net",
        "https://urlert.com/domain/bestwestern-id-nt52vos.com",
        "https://urlert.com/domain/aixldc10.shop",
        "https://urlert.com/domain/appmedo.com",
        "https://urlert.com/domain/it.com",
        "https://urlert.com/domain/kiocusdt.com",
        "https://urlert.com/domain/blogspot.com"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [
            "Non-profit",
            "Government",
            "Manufacturing",
            "Insurance",
            "Media / entertainment",
            "Retail / e-commerce",
            "Hospitality",
            "Technology",
            "Logistics / supply chain",
            "Education",
            "Telecommunications",
            "Financial services",
            "Energy"
          ],
          "unique_indicators": 799
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/projectsafenet.lol",
    "whois": "http://whois.domaintools.com/projectsafenet.lol",
    "domain": "projectsafenet.lol",
    "hostname": "Unavailable"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 6,
  "pulses": [
    {
      "id": "69ec121455951901fef8a045",
      "name": "URLert Daily Threat Intel \u2014 2026-04-25",
      "description": "URLert Daily Threat Intel \u2014 2026-04-25\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 63 | Indicators: 122\nConfirmed: 19 | Likely: 44\nTop threats: Phishing (51), Malware Hosting (4), Unknown (3), Dropper (3), Malvertising (2)\nDomains: 6489.pro, app.link, beacons.ai, bit.ly, bookscloud.net, brohood.my.id, bunnyband.com, ca-paget.sbs, cointerac.org, contaboserver.net, cs2by.com, ct.ws, dexo.click, dkfnvk.cfd, dpdlocafd.sh...\n\n63 unique threats producing 122 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-25T00:14:07.625000",
      "created": "2026-04-25T01:00:04.128000",
      "tags": [
        "abused-hosting",
        "account-takeover",
        "adult-content-lure",
        "aggressive-ads",
        "ai-trading-bot",
        "anubis-challenge-service",
        "artificial-urgency",
        "automated-scan",
        "automatic-download",
        "azure-blob-storage",
        "booter",
        "brand-impersonation",
        "broken-site",
        "browser-locker",
        "burberry",
        "car-wrap-scam",
        "cloaking",
        "code-repository-impersonation",
        "command-execution",
        "complex-redirect-chain",
        "compromised-site",
        "contabo",
        "content-locker",
        "content-locker-scam",
        "costco-impersonation",
        "credential-harvesting",
        "crypto-scam",
        "cryptocurrency",
        "cyberattack-facilitation",
        "daily-threat-intel",
        "data-harvesting",
        "ddos-service",
        "deceptive-domain-email",
        "deceptive-marketing",
        "deceptive-practices",
        "deceptive-redirect",
        "deceptive-tactics",
        "deceptive-url",
        "delivery-scam",
        "dpd-impersonation",
        "e-commerce-fraud",
        "e-commerce-scam",
        "email-verification",
        "energy-crisis",
        "evasion-technique",
        "executable-malware",
        "extortion",
        "fake-discounts",
        "fake-download",
        "fake-prize",
        "fake-promotion",
        "fake-urgency",
        "fake-verification",
        "fake-virus-alert",
        "fanatics-impersonation",
        "file-sharing",
        "financial-data-harvesting",
        "financial-fraud",
        "financial-information-harvesting",
        "financial-scam",
        "fraudulent-infrastructure",
        "fraudulent-platform",
        "fraudulent-retail",
        "fraudulent-scheme",
        "fraudulent-sweepstakes",
        "fuel-voucher",
        "gambling-platform",
        "game-related-lure",
        "gaming",
        "gift-card-scam",
        "giveaway-scam",
        "google-cloud-storage-abuse",
        "google-impersonation",
        "government-impersonation",
        "government-targeting",
        "identity-theft",
        "impersonation",
        "infrastructure-misuse",
        "interac",
        "investment-scam",
        "lidl-impersonation",
        "linkvertise",
        "logistics-impersonation",
        "logistics-supply-chain",
        "low-reputation",
        "low-reputation-domain",
        "malicious-download",
        "malicious-file-delivery",
        "malicious-infrastructure",
        "malicious-redirection",
        "malicious-scripts",
        "malvertising",
        "malware-delivery",
        "malware-distribution",
        "mothers-day-scam",
        "multi-provider-phishing",
        "neosurf",
        "new-domain",
        "newly-registered-domain",
        "ontario-government",
        "payload-delivery",
        "payment-voucher-scam",
        "persistent-malware",
        "personal-information-collection",
        "personal-information-harvesting",
        "petrom",
        "phishing",
        "pii-collection",
        "plumeimpactor",
        "potentially-unwanted-software",
        "redirect",
        "roblox",
        "roblox-impersonation",
        "scam",
        "scam-ecommerce",
        "scam-site",
        "servientrega-impersonation",
        "shadow-reporting",
        "shein",
        "social-engineering",
        "software-piracy",
        "software-repository-impersonation",
        "spain",
        "spam-promotion",
        "spotify-impersonation",
        "steam",
        "stress-testing",
        "stresser",
        "survey-scam",
        "suspicious-domain",
        "suspicious-redirect",
        "suspicious-tld",
        "suspicious-url",
        "task-based-scam",
        "task-scam",
        "tech-support-scam",
        "technical-errors",
        "telegram-bot",
        "tracking-parameters",
        "trading-platform",
        "traffic-redirection",
        "transcash",
        "typosquatting",
        "uber-impersonation",
        "unknown-binary",
        "unsecured-site",
        "unverified-health-claims",
        "unwanted-software",
        "url-shortener",
        "urlert",
        "usps",
        "xyz-domain"
      ],
      "references": [
        "https://urlert.com/domain/6489.pro",
        "https://urlert.com/domain/app.link",
        "https://urlert.com/domain/beacons.ai",
        "https://urlert.com/domain/bit.ly",
        "https://urlert.com/domain/bookscloud.net",
        "https://urlert.com/domain/brohood.my.id",
        "https://urlert.com/domain/bunnyband.com",
        "https://urlert.com/domain/ca-paget.sbs",
        "https://urlert.com/domain/cointerac.org",
        "https://urlert.com/domain/contaboserver.net",
        "https://urlert.com/domain/cs2by.com",
        "https://urlert.com/domain/ct.ws",
        "https://urlert.com/domain/dexo.click",
        "https://urlert.com/domain/dkfnvk.cfd",
        "https://urlert.com/domain/dpdlocafd.shop",
        "https://urlert.com/domain/e-entrega.co",
        "https://urlert.com/domain/ethias.be",
        "https://urlert.com/domain/fafda.to",
        "https://urlert.com/domain/futfanaticss.com",
        "https://urlert.com/domain/gamedrive.org"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Energy",
        "Financial Services",
        "Government",
        "Hospitality",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 2,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 33,
        "URL": 36,
        "hostname": 13
      },
      "indicator_count": 82,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "6 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69e1863b865baefc104baf4e",
      "name": "URLert Daily Threat Intel \u2014 2026-04-17",
      "description": "URLert Daily Threat Intel \u2014 2026-04-17\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 68 | Indicators: 115\nConfirmed: 24 | Likely: 39 | Domain intel: 5\nTop threats: Phishing (55), Dropper (5), Malware Hosting (5), Malvertising (3)\nDomains: acccat.com, accountresourcecenter.xyz, aceimg.com, ampproject.org, ankergames.net, artinexia.com, atlasjet.com.ng, bexlorina.cfd, blogspot.com, blueberginternational.com, br9f.bet, bringit...\n\n68 unique threats producing 115 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-16T22:27:33.306000",
      "created": "2026-04-17T01:00:43.835000",
      "tags": [
        "account-takeover",
        "ad-fraud",
        "adult-content",
        "advance-fee-scam",
        "aged-domain",
        "amp-cache",
        "anti-analysis",
        "asset-theft",
        "automated-scan",
        "backdoor",
        "bonus-scam",
        "booking-com-impersonation",
        "bot-promoted",
        "brand-impersonation",
        "brazil",
        "browser-extension",
        "celebrity-impersonation",
        "click-to-unlock",
        "cloaking",
        "cloudflare-workers",
        "cpf-harvesting",
        "credential-harvesting",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-harvesting",
        "deceptive-advertising",
        "deceptive-crypto-gambling",
        "deceptive-incentives",
        "deceptive-lure",
        "deceptive-marketing",
        "deceptive-platform",
        "deceptive-pricing",
        "deceptive-registration",
        "deceptive-scheme",
        "deceptive-site",
        "deceptive-tactics",
        "direct-download",
        "domain-classification",
        "domain-rotation",
        "dpd",
        "elon-musk",
        "email-harvesting",
        "employment-scam",
        "epic-games",
        "evasion",
        "evasion-technique",
        "extortion",
        "facebook-impersonation",
        "fake-financial-aid",
        "fake-giveaway",
        "fake-job-offer",
        "fake-message",
        "fake-testimonials",
        "fake-trust-badge",
        "file-hosting",
        "file-sharing-abuse",
        "financial-exploitation",
        "financial-fraud",
        "financial-impersonation",
        "financial-lure",
        "financial-scam",
        "financial-sector",
        "financial-service-impersonation",
        "financial-services-impersonation",
        "fiverr-impersonation",
        "fraud",
        "fraudulent-platform",
        "fraudulent-store",
        "gambling-scam",
        "game-lure",
        "generic-login",
        "get-paid-to-scam",
        "get-rich-quick",
        "government-impersonation",
        "high-risk-domain",
        "high-risk-hosting",
        "high-risk-tld",
        "identity-theft",
        "information-harvesting",
        "investment-scam",
        "invitation-code-scam",
        "java-malware",
        "login-harvesting",
        "login-page",
        "malicious-activity",
        "malicious-archive",
        "malicious-domain",
        "malicious-file-distribution",
        "malicious-landing-page",
        "malicious-redirect",
        "malicious-redirects",
        "malware-delivery",
        "malware-distribution",
        "malware-hosting",
        "mass.gov",
        "mercadolivre",
        "mfa-interception",
        "microsoft-impersonation",
        "misleading-download",
        "monetization-scheme",
        "money-making-scheme",
        "money-scam",
        "music-streaming-impersonation",
        "nebula-x",
        "new-domain",
        "newly-registered-domain",
        "online-gambling-scam",
        "ontario-government",
        "payload-delivery",
        "payment-information-harvesting",
        "phishing",
        "phishing-campaign",
        "phishing-email",
        "pirated-software",
        "placeholder-content",
        "ponzi-scheme",
        "potentially-malicious",
        "prize-scam",
        "recent-domain",
        "recruitment-fraud",
        "recruitment-scam",
        "recruitment-scheme",
        "redirect",
        "redirect-chain",
        "redirect-facade",
        "referral-scheme",
        "retail-e-commerce",
        "retail-scam",
        "retail-sector",
        "rocket-league-impersonation",
        "ru-domain",
        "scam",
        "scam-shop",
        "scam-site",
        "scam-sites",
        "search-engine-blocking",
        "shufersal",
        "shufersal-impersonation",
        "social-engineering",
        "software-piracy",
        "spam-promotion",
        "streaming-service-impersonation",
        "survey-scam",
        "suspicious-domain",
        "suspicious-redirect",
        "suspicious-registry",
        "suspicious-tld",
        "taiwan",
        "task-based-scam",
        "task-scam",
        "tiktok-impersonation",
        "traffic-redirection",
        "typosquatting",
        "unsecured-files",
        "unsolicited-messages",
        "unverified-app-download",
        "unwanted-software",
        "url-cloaking",
        "url-redirection",
        "url-shortener",
        "urlert",
        "usdt-targeting",
        "wibo-baltic-uab",
        "withdrawal-scam",
        "x-formerly-twitter"
      ],
      "references": [
        "https://urlert.com/domain/acccat.com",
        "https://urlert.com/domain/accountresourcecenter.xyz",
        "https://urlert.com/domain/aceimg.com",
        "https://urlert.com/domain/ampproject.org",
        "https://urlert.com/domain/ankergames.net",
        "https://urlert.com/domain/artinexia.com",
        "https://urlert.com/domain/atlasjet.com.ng",
        "https://urlert.com/domain/bexlorina.cfd",
        "https://urlert.com/domain/blogspot.com",
        "https://urlert.com/domain/blueberginternational.com",
        "https://urlert.com/domain/br9f.bet",
        "https://urlert.com/domain/bringitonmsg.com",
        "https://urlert.com/domain/bunnyband.com",
        "https://urlert.com/domain/calendarikymer.forum",
        "https://urlert.com/domain/cgtsrb.vip",
        "https://urlert.com/domain/clientproject.info",
        "https://urlert.com/domain/create-road.my",
        "https://urlert.com/domain/dandys1.xyz",
        "https://urlert.com/domain/delta-executor.com",
        "https://urlert.com/domain/doutf.cn"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Government",
        "Hospitality",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 2,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 37,
        "hostname": 11,
        "URL": 40
      },
      "indicator_count": 88,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 29,
      "modified_text": "14 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69dc1a55d4a952ca9b117bd6",
      "name": "URLert Daily Threat Intel \u2014 2026-04-12",
      "description": "URLert Daily Threat Intel \u2014 2026-04-12\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 46 | Indicators: 88\nConfirmed: 17 | Likely: 29\nTop threats: Phishing (34), Malware Hosting (4), Malvertising (3), Dropper (3), Unknown (2)\nDomains: ac-inbox.com, aceimg.com, apkpurehub.net, appmedo.com, auroraexchanges.com, buksuper.xyz, bunnyband.com, cstradex.com, dandys1.xyz, dfxecha.com, digitaloceanspaces.com, flgroup.win, fort-v...\n\n46 unique threats producing 88 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-12T01:07:39.899000",
      "created": "2026-04-12T22:19:01.528000",
      "tags": [
        "account-theft",
        "adult-content",
        "apk-download",
        "apk-malware",
        "automated-bots",
        "automated-scan",
        "brand-impersonation",
        "brushing-scam",
        "click-bait",
        "cloaking",
        "cloudflare-block",
        "connect-wallet-prompt",
        "content-gating",
        "credential-harvesting",
        "credit-card-theft",
        "crypto-phishing",
        "crypto-scam",
        "cryptocurrency",
        "cryptocurrency-exchange-impersonation",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-exfiltration",
        "data-harvesting",
        "data-interception",
        "deception",
        "deceptive-domain",
        "deceptive-gambling",
        "deceptive-landing-page",
        "deceptive-practices",
        "deceptive-scam",
        "deceptive-site",
        "deposit-scam",
        "download-lure",
        "e-commerce-scam",
        "earning-scam",
        "epic-games",
        "evasion",
        "explicit-content",
        "extortion",
        "fake-app-store",
        "fake-countdown-timer",
        "fake-ecommerce",
        "fake-login-page",
        "fake-marketplace",
        "fake-rewards",
        "fake-testimonials",
        "financial-fraud",
        "financial-risk",
        "financial-scam",
        "financial-theft",
        "fraud",
        "fraudulent-activity",
        "fraudulent-network",
        "fraudulent-storefront",
        "free-spins",
        "game-cheats",
        "gaming",
        "get-rich-quick",
        "hyip",
        "icloud-pin-harvesting",
        "identity-theft",
        "information-gathering",
        "investment-scam",
        "low-reputation-domain",
        "malicious-app",
        "malicious-download",
        "malicious-redirection",
        "malicious-redirects",
        "malware-distribution",
        "malware-risk",
        "man-in-the-middle",
        "manipulative-language",
        "monetary-fraud",
        "nebula-x",
        "new-domain",
        "newly-registered-domain",
        "obfuscated-url",
        "personal-information-collection",
        "phishing",
        "phishing-kit",
        "pirated-games",
        "purchase-scam",
        "pyramid-scheme",
        "qr-code-scam",
        "redirect-chain",
        "redirect-scam",
        "redirects",
        "referral-scheme",
        "retail-sector",
        "roblox",
        "rocket-league",
        "scam",
        "scam-domain",
        "scam-shop",
        "scam-site",
        "shadow-reporting-scheme",
        "sm-campaign",
        "social-engineering",
        "steamunderground",
        "subscription-scam",
        "suspicious-domain",
        "suspicious-redirect",
        "task-based-scam",
        "task-scam",
        "telegram-bot",
        "telegram-client-malware",
        "tiktok",
        "typosquatting",
        "unauthorized-downloads",
        "unicef",
        "url-obfuscation",
        "url-redirection",
        "urlert",
        "wallet-drainer",
        "wayfair",
        "welcome-bonus",
        "youtube-bots",
        "youtube-promotion"
      ],
      "references": [
        "https://urlert.com/domain/ac-inbox.com",
        "https://urlert.com/domain/aceimg.com",
        "https://urlert.com/domain/apkpurehub.net",
        "https://urlert.com/domain/appmedo.com",
        "https://urlert.com/domain/auroraexchanges.com",
        "https://urlert.com/domain/buksuper.xyz",
        "https://urlert.com/domain/bunnyband.com",
        "https://urlert.com/domain/cstradex.com",
        "https://urlert.com/domain/dandys1.xyz",
        "https://urlert.com/domain/dfxecha.com",
        "https://urlert.com/domain/digitaloceanspaces.com",
        "https://urlert.com/domain/flgroup.win",
        "https://urlert.com/domain/fort-vbucks.life",
        "https://urlert.com/domain/go448.com",
        "https://urlert.com/domain/greennigeriia.cc",
        "https://urlert.com/domain/it.com",
        "https://urlert.com/domain/kindwealthnetwork.xyz",
        "https://urlert.com/domain/lcdprize.world",
        "https://urlert.com/domain/mt3.me",
        "https://urlert.com/domain/nqq.cc"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Media / Entertainment",
        "Non-Profit",
        "Retail / E-Commerce",
        "Technology",
        "Telecommunications"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 27,
        "hostname": 11,
        "URL": 28
      },
      "indicator_count": 66,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 31,
      "modified_text": "19 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d6fa144bba9d675073150e",
      "name": "URLert Daily Threat Intel \u2014 2026-04-09",
      "description": "URLert Daily Threat Intel \u2014 2026-04-09\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 144 | Indicators: 278\nConfirmed: 40 | Likely: 100 | Domain intel: 4\nTop threats: Phishing (127), Malvertising (5), Malware Hosting (5), Dropper (4), Unknown (2)\nDomains: 678940.com, acsgri.xyz, amazonvtc.com, apple-job-opportunities.com, as6738.com, axionholdings.online, booklng-dats.com, buksuper.xyz, castrooutlet-il.shop, cfbfpro.com, clarissaflorence.co...\n\n144 unique threats producing 278 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-08T22:06:56.603000",
      "created": "2026-04-09T01:00:04.860000",
      "tags": [
        "seur",
        "abused-infrastructure",
        "account-hijacking",
        "account-login-impersonation",
        "acs-courier",
        "ad-blocker-bypass",
        "ad-revenue",
        "ad-revenue-scam",
        "adult-content",
        "adult-content-lure",
        "adult-content-scam",
        "adult-scam",
        "advance-fee-fraud",
        "affiliate-marketing-scam",
        "affiliate-redirect",
        "aged-domain",
        "aggressive-language",
        "airportparking-service",
        "amazon",
        "anti-analysis",
        "arkansas",
        "asset-theft",
        "automated-scan",
        "belgian-health-insurance-impersonation",
        "blank-page",
        "booking-com",
        "booking-com-impersonation",
        "brand-impersonation",
        "brand-in-subdomain",
        "brazil",
        "broken-template",
        "browser-exploit",
        "canada",
        "castro",
        "cloudflare",
        "cloudflare-impersonation",
        "cloudflared-blocked",
        "combosquatting",
        "compromised-site",
        "content-locker",
        "counterfeit-goods",
        "cracked-games",
        "credential-harvesting",
        "crypto-casino-scam",
        "crypto-com",
        "crypto-scam",
        "cryptocurrency",
        "cryptocurrency-investment-scam",
        "cryptocurrency-mining",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-harvesting",
        "dating-scam",
        "deception",
        "deceptive-advertising",
        "deceptive-content",
        "deceptive-dating-scam",
        "deceptive-distribution",
        "deceptive-domain",
        "deceptive-lead-generation",
        "deceptive-marketing",
        "deceptive-offer-walls",
        "deceptive-online-store",
        "deceptive-practices",
        "deceptive-promotion",
        "deceptive-prompts",
        "deceptive-redirect",
        "deceptive-security-check",
        "deceptive-site",
        "deceptive-template",
        "delivery-exception",
        "delivery-exception-scam",
        "delivery-scam",
        "discord-account-hijacking",
        "discord-impersonation",
        "disposable-infrastructure",
        "docsend-impersonation",
        "domain-age-misleading",
        "domain-classification",
        "dpd",
        "dpd-impersonation",
        "dpd-local",
        "e-commerce-scam",
        "education",
        "email-credentials",
        "email-harvesting",
        "employment-scam",
        "explicit-content",
        "fake-captcha",
        "fake-check-scam",
        "fake-fees",
        "fake-giveaway",
        "fake-login",
        "fake-payment",
        "fake-persona",
        "fake-prize",
        "fake-security-challenge",
        "fake-shop",
        "fake-storefront",
        "fake-survey",
        "fake-urgency",
        "fake-wallet",
        "fake-warning",
        "financial-fraud",
        "financial-impersonation",
        "financial-information-harvesting",
        "financial-information-theft",
        "financial-scam",
        "fortnite",
        "fortnite-lure",
        "fraud",
        "fraudulent-commerce",
        "fraudulent-domain",
        "fraudulent-exchange",
        "fraudulent-investment-scheme",
        "fraudulent-payment",
        "fraudulent-services",
        "fraudulent-subscriptions",
        "free-hosting",
        "free-movie-streaming-lure",
        "ftp",
        "game-cheats",
        "gamers",
        "georgia-dds",
        "gibberish-domain",
        "giveaway-scam",
        "google-safe-browsing",
        "government-impersonation",
        "groupon",
        "high-return-scam",
        "high-risk-tld",
        "hoka",
        "hookup-scam",
        "human-verification",
        "hyip",
        "identity-theft",
        "identity-verification-scam",
        "illinois",
        "information-harvesting",
        "insecure-protocol",
        "instagram",
        "installer-download",
        "investment-scam",
        "ipfs-gateway",
        "job-scam",
        "jotform-abuse",
        "large-scale-redirection",
        "lbank",
        "lead-generation",
        "link-shortener",
        "linkedin-impersonation",
        "loading-spinner",
        "logistics",
        "logistics-impersonation",
        "malicious-domain",
        "malicious-redirect",
        "malicious-redirects",
        "malicious-scripts",
        "malvertising",
        "malware-delivery",
        "malware-distribution",
        "malware-download",
        "malware-risk",
        "mexc-impersonation",
        "microsoft-impersonation",
        "microsoft-sharepoint",
        "mitm",
        "mobile-redirect",
        "multi-domain-redirect",
        "nc-dot-impersonation",
        "ncdot",
        "nebula-x",
        "new-domain",
        "newly-registered-domain",
        "north-carolina",
        "oauth-phishing",
        "obfuscated-redirects",
        "oklahoma-dps-impersonation",
        "okx",
        "olx",
        "online-gambling",
        "ontario",
        "pages-dev-abuse",
        "parking-citation",
        "paycity-impersonation",
        "payment-fraud",
        "payment-harvesting",
        "payment-information-harvesting",
        "payment-scam",
        "paypal-impersonation",
        "personal-information-collection",
        "personal-information-harvesting",
        "phishing",
        "phishing-attempt",
        "phishing-infrastructure",
        "phishing-kit",
        "phishing-scam",
        "phishing-site",
        "phishing-vector",
        "pig-butchering",
        "pirated-software",
        "ponzi-scheme",
        "privacy-violation",
        "pump-fun",
        "pyramid-scheme",
        "raiffeisen",
        "random-domain",
        "recently-registered-domain",
        "reconnaissance",
        "recruitment-scheme",
        "redirect",
        "redirect-chain",
        "redirect-cloaking",
        "registration-scam",
        "remote-task-scam",
        "repurposed-domain",
        "retail-scam",
        "riskware",
        "roblox",
        "roblox-impersonation",
        "robux-scam",
        "sameday-courier-impersonation",
        "scam",
        "scam-domain",
        "scam-funnel",
        "scam-platform",
        "security-bypass",
        "session-hijacking",
        "shadow-reporting",
        "shein",
        "shipping-fee-scam",
        "social-engineering",
        "software-executors",
        "software-piracy",
        "soundsquatting",
        "south-africa",
        "steam",
        "surge-sh",
        "survey-scam",
        "suspicious-domain",
        "suspicious-login",
        "suspicious-tld",
        "suspicious-traffic",
        "task-scam",
        "telegram",
        "texas",
        "tiktok",
        "tiktok-impersonation",
        "toll-scam",
        "tracksoptions-com",
        "traffic-citation",
        "tx-dmv",
        "typosquatting",
        "unauthorized-streaming",
        "universitatea-politehnica-timisoara",
        "unknown-payload",
        "unverified-apps",
        "unwanted-software",
        "unwanted-subscriptions",
        "url-obfuscation",
        "url-redirection",
        "urlert",
        "user-deception",
        "user-manipulation",
        "usps-impersonation",
        "vaultcord-impersonation",
        "vercel-subdomain",
        "vulnerability-scanning",
        "wabtec",
        "wallapop",
        "wallet-drainer",
        "wallet-phishing",
        "western-union-scam",
        "whatsapp-scam",
        "windows-installer",
        "withdrawal-scam",
        "zoom-impersonation"
      ],
      "references": [
        "https://urlert.com/domain/678940.com",
        "https://urlert.com/domain/acsgri.xyz",
        "https://urlert.com/domain/amazonvtc.com",
        "https://urlert.com/domain/apple-job-opportunities.com",
        "https://urlert.com/domain/as6738.com",
        "https://urlert.com/domain/axionholdings.online",
        "https://urlert.com/domain/booklng-dats.com",
        "https://urlert.com/domain/buksuper.xyz",
        "https://urlert.com/domain/castrooutlet-il.shop",
        "https://urlert.com/domain/cfbfpro.com",
        "https://urlert.com/domain/clarissaflorence.com",
        "https://urlert.com/domain/com-conflrm-eu.com",
        "https://urlert.com/domain/com-sart.top",
        "https://urlert.com/domain/com-sasi.top",
        "https://urlert.com/domain/compromisedblog.com",
        "https://urlert.com/domain/connectview.click",
        "https://urlert.com/domain/coppii.com",
        "https://urlert.com/domain/cozyloftz.com",
        "https://urlert.com/domain/cryptor.plus",
        "https://urlert.com/domain/ct.ws"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Financial Services",
        "Government",
        "Hospitality",
        "Insurance",
        "Logistics / Supply Chain",
        "Manufacturing",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 3,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 87,
        "URL": 89,
        "hostname": 41
      },
      "indicator_count": 217,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "22 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d30594f707d5c78dd0db9d",
      "name": "URLert Daily Threat Intel \u2014 2026-04-06",
      "description": "URLert Daily Threat Intel \u2014 2026-04-06\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 113 | Indicators: 188\nConfirmed: 36 | Likely: 64 | Domain intel: 13\nTop threats: Phishing (83), Malware Hosting (19), Malvertising (5), Unknown (3), Dropper (2)\nDomains: acsgri.com, adescargar.net, aixldc10.shop, an1.com, antai-gouv-info.im, audioz.download, awstrack.me, behindtheemail.com, besowin156.pro, bestwestern-id-nt52vos.com, bestwestern-id-oa74fta...\n\n113 unique threats producing 188 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-05T20:19:42.941000",
      "created": "2026-04-06T01:00:04.648000",
      "tags": [
        "abuse-of-legitimate-platform",
        "account-recovery-scam",
        "account-takeover",
        "adult-content",
        "adware",
        "aggressive-advertising",
        "android-apk",
        "android-malware",
        "antai",
        "apk-download",
        "apk-malware",
        "app-download-scam",
        "audio-plugins",
        "automated-scan",
        "bait-and-switch",
        "bank-frick",
        "beacons",
        "best-western",
        "brand-impersonation",
        "browser-hijacking",
        "burn-and-churn",
        "camera-access",
        "capcut-pro",
        "cloaking",
        "cloud-mining",
        "colombia",
        "combosquatting",
        "contest-scam",
        "coomeet",
        "copyright-infringement",
        "counterfeit",
        "counterfeit-distribution",
        "counterfeit-site",
        "counterfeit-software",
        "cpa-scam",
        "cracked-software",
        "credential-harvesting",
        "credential-theft",
        "crypto-casino",
        "crypto-scam",
        "cryptocurrency-exchange",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "dark-patterns",
        "data-aggregation",
        "data-breach-records",
        "data-harvesting",
        "data-theft",
        "dating-scam",
        "deceptive-ads",
        "deceptive-advertising",
        "deceptive-ecommerce-scam",
        "deceptive-landing-pages",
        "deceptive-lead-generation",
        "deceptive-links",
        "deceptive-offers",
        "deceptive-page",
        "deceptive-pricing",
        "deceptive-promises",
        "deceptive-site",
        "deceptive-subscription",
        "deceptive-tactics",
        "delivery-exception-scam",
        "delivery-scam",
        "discord-impersonation",
        "disposable-infrastructure",
        "domain-classification",
        "domain-hopping",
        "dpd-impersonation",
        "e-commerce-scam",
        "ecommerce-scam",
        "education",
        "educational-content-piracy",
        "electronics-fraud",
        "emotional-manipulation",
        "epic-games",
        "extortion",
        "facebook-campaign",
        "fake-app-distribution",
        "fake-domain",
        "fake-giveaway",
        "fake-login",
        "fake-login-page",
        "fake-login-portal",
        "fake-payment-portal",
        "fake-registration",
        "fake-reviews",
        "fake-rewards",
        "fake-security-check",
        "fake-shop",
        "fake-verification",
        "financial-fraud",
        "financial-information-theft",
        "financial-phishing",
        "financial-scam",
        "financial-services",
        "forced-redirects",
        "fortnite",
        "fraudulent-marketplace",
        "fraudulent-platform",
        "fraudulent-purchases",
        "fraudulent-retailer",
        "fraudulent-scheme",
        "free-hosting",
        "free-jewelry-scam",
        "free-spins-scam",
        "french-government",
        "french-government-impersonation",
        "gambling-scam",
        "gambling-site",
        "game-impersonation",
        "gaming-theme",
        "gibberish-domain",
        "giveaway-scam",
        "google",
        "grayware",
        "high-risk-domain",
        "high-risk-domain-extension",
        "high-risk-environment",
        "high-risk-tld",
        "hospitality",
        "hungary",
        "identity-intelligence",
        "identity-theft",
        "illegal-content",
        "impersonation",
        "incentivized-traffic",
        "indonesian-targeting",
        "information-collection",
        "information-obfuscation",
        "investment-scam",
        "israel",
        "it.com",
        "landing-page-service",
        "link-in-bio",
        "login-page",
        "logistics-phishing",
        "logistics-sector",
        "malicious-domain",
        "malicious-impersonation",
        "malicious-redirect",
        "malicious-redirection",
        "malicious-redirects",
        "malvertising",
        "malware",
        "malware-delivery",
        "malware-distribution",
        "malware-hosting",
        "malware-vector",
        "medi-markt",
        "mediamarkt-impersonation",
        "mediatarget",
        "modded-apk",
        "modified-apk",
        "monopoly-go",
        "music-production",
        "nebula-x",
        "new-domain",
        "newly-registered-domain",
        "oauth2-abuse",
        "olx",
        "online-scam",
        "onlyfans-impersonation",
        "payment-information-harvesting",
        "payment-scam",
        "paypal-friends-and-family",
        "personal-information-collection",
        "personal-information-harvesting",
        "phishing",
        "phishing-backend",
        "phishing-kit",
        "phishing-platform",
        "phishing-scam",
        "phishing-site",
        "pig-butchering-scam",
        "pii-collection",
        "porn-lure",
        "potentially-harmful-applications",
        "privacy-risk",
        "prize-scam",
        "product-impersonation",
        "pup",
        "quantitative-strategies",
        "recently-registered-domain",
        "redirect",
        "redirect-chain",
        "redirect-cloaking",
        "redirection",
        "redirection-scheme",
        "redirects",
        "replit-app",
        "retail-e-commerce",
        "retail-ecommerce",
        "retail-fraud",
        "retail-impersonation",
        "retail-scam",
        "retail-sector",
        "revanced",
        "revanced-impersonation",
        "revanced-malware",
        "roblox",
        "roblox-impersonation",
        "rug-pull",
        "scam",
        "scam-domain",
        "scam-lure",
        "scam-shop",
        "scam-site",
        "scaniverse-impersonation",
        "scareware",
        "shadow-reporting",
        "shadow-reporting-extortion-scheme",
        "shadow-reporting-scheme",
        "shipping-impersonation",
        "shopee",
        "shortened-url",
        "simit",
        "snickers-workwear",
        "social-engineering",
        "social-media-campaign",
        "social-media-scam",
        "software-piracy",
        "sorewin149",
        "souq-impersonation",
        "spyware",
        "steam-community",
        "steam-credential-phishing",
        "suspicious-domain",
        "suspicious-executable",
        "suspicious-infrastructure",
        "suspicious-redirector",
        "telecommunications-sector",
        "telegram-scam",
        "tracking-redirect",
        "trading-scam",
        "traffic-redirection",
        "trojan",
        "trojanized-game",
        "typosquat",
        "typosquatting",
        "unauthorized-access",
        "unauthorized-content-distribution",
        "unofficial-app",
        "unregulated-gambling",
        "unrestricted-file-hosting",
        "unverified-apps",
        "unverified-software",
        "unvetted-content",
        "unwanted-software",
        "url-shortener",
        "urlert",
        "usdt-scam",
        "video-call-scam",
        "vinted-impersonation",
        "visa",
        "withdrawal-scam",
        "xfinity",
        "youtube-downloader"
      ],
      "references": [
        "https://urlert.com/domain/acsgri.com",
        "https://urlert.com/domain/adescargar.net",
        "https://urlert.com/domain/aixldc10.shop",
        "https://urlert.com/domain/an1.com",
        "https://urlert.com/domain/antai-gouv-info.im",
        "https://urlert.com/domain/audioz.download",
        "https://urlert.com/domain/awstrack.me",
        "https://urlert.com/domain/behindtheemail.com",
        "https://urlert.com/domain/besowin156.pro",
        "https://urlert.com/domain/bestwestern-id-nt52vos.com",
        "https://urlert.com/domain/bestwestern-id-oa74fta.com",
        "https://urlert.com/domain/bfrickonline.com",
        "https://urlert.com/domain/biltty.cc",
        "https://urlert.com/domain/binance-trade.info",
        "https://urlert.com/domain/bit.ly",
        "https://urlert.com/domain/bot-gate.cc",
        "https://urlert.com/domain/boxpop.cfd",
        "https://urlert.com/domain/capcutpro.org.in",
        "https://urlert.com/domain/cashstar.com",
        "https://urlert.com/domain/clearancesalestore-eu.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Financial Services",
        "Government",
        "Hospitality",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology",
        "Telecommunications"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 65,
        "hostname": 19,
        "URL": 55
      },
      "indicator_count": 139,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 32,
      "modified_text": "25 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69f54caa7cb0e300ef3662ab",
      "name": "URLert Daily Threat Intel \u2014 2026-05-02",
      "description": "URLert Daily Threat Intel \u2014 2026-05-02\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 30 | Indicators: 69\nConfirmed: 6 | Likely: 24\nTop threats: Phishing (26), Dropper (2), Malvertising (1), Malware Hosting (1)\nDomains: bakecaincountrie.com, computacentersolutions.dad, deliwekahh.shop, due-otscs.com, eargmose-csoaad.xyz, google.com, gov-zhngf.help, govtgn.cam, govtxid.shop, govyhvc.cam, gywcf.top, itidokp...\n\n30 unique threats producing 69 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-02T01:00:26.753000",
      "created": "2026-05-02T01:00:26.753000",
      "tags": [
        "automated-scan",
        "brand-impersonation",
        "browser-lock",
        "cloudflare-impersonation",
        "computacenter-impersonation",
        "counterfeit-goods",
        "credential-harvesting",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-harvesting",
        "dating-affiliate-scheme",
        "deception",
        "deceptive-campaign",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-landing-page",
        "deceptive-practices",
        "deceptive-tactic",
        "deceptive-warning",
        "delivery-scam",
        "dpd-impersonation",
        "explicit-content",
        "extortion",
        "fake-delivery-alert",
        "fake-legal-notice",
        "fake-login",
        "fake-payment-proofs",
        "fake-security-challenge",
        "fake-security-page",
        "fake-store",
        "fake-video-player",
        "financial-scam",
        "financial-services",
        "fraudulent-scheme",
        "fraudulent-site",
        "get-rich-quick-scheme",
        "government-impersonation",
        "high-risk-tld",
        "holiday-scam",
        "identity-theft",
        "information-harvesting",
        "information-stealing",
        "intimidation-tactics",
        "link-shortener",
        "login-harvesting",
        "malicious-activity",
        "malicious-form",
        "malware-delivery",
        "malware-distribution",
        "meta-impersonation",
        "mobile-number-harvesting",
        "ncdmv",
        "office-365",
        "payment-harvesting",
        "payment-information-theft",
        "phishing",
        "phishing-page",
        "phone-number-harvesting",
        "random-domain",
        "redirect-chain",
        "redirects",
        "registration-scam",
        "retail-scam",
        "roblox",
        "scam",
        "scam-infrastructure",
        "scareware",
        "security-issues",
        "shadow-reporting",
        "social-engineering",
        "suspicious-domain",
        "task-to-earn",
        "tech-support-scam",
        "toll-scam",
        "urlert",
        "usps-impersonation",
        "vpn-scam"
      ],
      "references": [
        "https://urlert.com/domain/bakecaincountrie.com",
        "https://urlert.com/domain/computacentersolutions.dad",
        "https://urlert.com/domain/deliwekahh.shop",
        "https://urlert.com/domain/due-otscs.com",
        "https://urlert.com/domain/eargmose-csoaad.xyz",
        "https://urlert.com/domain/google.com",
        "https://urlert.com/domain/gov-zhngf.help",
        "https://urlert.com/domain/govtgn.cam",
        "https://urlert.com/domain/govtxid.shop",
        "https://urlert.com/domain/govyhvc.cam",
        "https://urlert.com/domain/gywcf.top",
        "https://urlert.com/domain/itidokpo.xyz",
        "https://urlert.com/domain/kiocusdt.com",
        "https://urlert.com/domain/ln.run",
        "https://urlert.com/domain/lovable.app",
        "https://urlert.com/domain/macyslxeur.com",
        "https://urlert.com/domain/mmfsbers.cyou",
        "https://urlert.com/domain/modelbuilddepot.com",
        "https://urlert.com/domain/oundhertobeconsist.org",
        "https://urlert.com/domain/php.lat"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Government",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology",
        "Telecommunications"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 28,
        "domain": 23,
        "hostname": 13
      },
      "indicator_count": 64,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "29 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://projectsafenet.lol",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://projectsafenet.lol",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780222547.4605052
}