{
  "type": "URL",
  "indicator": "https://steamdrops.net/p/transparency",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://steamdrops.net/p/transparency",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 4289231703,
      "indicator": "https://steamdrops.net/p/transparency",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 2,
      "pulses": [
        {
          "id": "69d5a89569e0095158da2a9c",
          "name": "URLert Daily Threat Intel \u2014 2026-04-08",
          "description": "URLert Daily Threat Intel \u2014 2026-04-08\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 139 | Indicators: 264\nConfirmed: 43 | Likely: 94 | Domain intel: 2\nTop threats: Phishing (109), Malvertising (9), Unknown (8), Malware Hosting (7), Dropper (5)\nDomains: 472hico.lat, acccat.com, aipixelss.com, allerides.shop, alpiyd.help, ankergames.net, authpadi.com, awstrack.me, besowin.com, beyondclosetstore.com, bfhix.buzz, blogspot.com, bookscloud.net...\n\n139 unique threats producing 264 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-07T23:19:25.182000",
          "created": "2026-04-08T01:00:05.017000",
          "tags": [
            "2fa-bypass",
            "4-72",
            "4-72-impersonation",
            "abuse-hosting",
            "account-checker",
            "account-reactivation",
            "activity-viewer",
            "adac",
            "adult-affiliate",
            "adult-scam",
            "affiliate-network",
            "aggressive-advertising",
            "ai-platform-abuse",
            "an-post",
            "android-malware",
            "anti-analysis",
            "apk-download",
            "apk-malware",
            "app-update-lure",
            "automated-scan",
            "automatic-download",
            "blank-landing-page",
            "blogspot",
            "booking-com",
            "booking-com-impersonation",
            "bpi-impersonation",
            "brand-impersonation",
            "browser-extension",
            "california-dmv",
            "california-government-impersonation",
            "celebrity-impersonation",
            "cloaking",
            "cloudflare-impersonation",
            "colombia",
            "combosquatting",
            "command-and-control-communication",
            "compromised-site",
            "content-gating",
            "content-locker-scam",
            "cracking",
            "credential-harvesting",
            "crypto-casino",
            "cryptocurrency-phishing",
            "cryptocurrency-scam",
            "cybercrime-tools",
            "daily-threat-intel",
            "dating-scam",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-download",
            "deceptive-lure",
            "deceptive-overlay",
            "deceptive-practices",
            "deceptive-redirect",
            "deceptive-redirects",
            "deceptive-registration",
            "deceptive-tactics",
            "delivery-scam",
            "detection-evasion",
            "developer-tool-evasion",
            "dhl",
            "dhl-impersonation",
            "discord",
            "discord-bot-users",
            "disposable-infrastructure",
            "domain-classification",
            "download-link",
            "dpd",
            "dpd-impersonation",
            "dpd-local",
            "e-commerce-scam",
            "evasion",
            "evasion-technique",
            "evasion-techniques",
            "evasive-technique",
            "evasive-techniques",
            "facebook-impersonation",
            "fake-account-creation",
            "fake-cloudflare-challenge",
            "fake-domain",
            "fake-government-service",
            "fake-login-portal",
            "fake-payment",
            "fake-paywall",
            "fake-questionnaire",
            "fake-security-challenge",
            "fake-security-verification",
            "fake-service",
            "fake-toll-charge",
            "fake-toll-scam",
            "fake-voucher",
            "financial-harvesting",
            "financial-loss",
            "financial-theft",
            "fiverr",
            "fiverr-impersonation",
            "fortnite-impersonation",
            "fraudulent-activity",
            "fraudulent-gambling",
            "fraudulent-investment-platform",
            "fraudulent-platform",
            "fraudulent-store",
            "gambling-scam",
            "gamers",
            "generic-login-form",
            "georgia-dds",
            "germany",
            "gibberish-domain",
            "gmail-impersonation",
            "google",
            "government-impersonation",
            "grabify-logging",
            "grayware",
            "hamilton-fraser",
            "high-pressure-sales",
            "high-risk-subdomain",
            "high-risk-tld",
            "hookup-scam",
            "hr-block-impersonation",
            "identity-verification",
            "impersonation-scam",
            "inactive-infrastructure",
            "information-harvesting",
            "instagram",
            "invalid-certificate",
            "investment-scam",
            "invitation-code-required",
            "invite-code",
            "israel-post-impersonation",
            "javascript-delivery",
            "keyword-stuffing",
            "lead-generation",
            "link-shortener",
            "logistics",
            "logistics-impersonation",
            "logistics-scam",
            "logistics-sector",
            "lookalike-domain",
            "low-reputation-domain",
            "malicious-advertising-network",
            "malicious-extensions",
            "malicious-infrastructure",
            "malicious-redirection",
            "malicious-redirects",
            "malicious-site",
            "malvertising",
            "malware-bundling",
            "malware-delivery",
            "malware-distribution",
            "mercadopago",
            "microsoft-impersonation",
            "microsoft-sharepoint-impersonation",
            "misleading-ui",
            "mobile-phishing",
            "modded-applications",
            "monetized-url-shortener",
            "netlify-abuse",
            "nevada-dmv",
            "new-domain",
            "newly-registered-domain",
            "non-legitimate-site",
            "online-casino",
            "passport-data-theft",
            "payment-card-theft",
            "payment-harvesting",
            "payment-information-harvesting",
            "payment-information-theft",
            "payment-scam",
            "payroll-scam",
            "personal-information-harvesting",
            "phishing",
            "phishing-lure",
            "phishing-page",
            "phishing-site",
            "pig-butchering-scam",
            "pii-collection",
            "pirated-software",
            "ponzi-scheme",
            "pop-unders",
            "posta-kenya-impersonation",
            "potentially-malicious-domain",
            "privacy-risk",
            "profile-visitor-tracking",
            "pua",
            "random-subdomain",
            "recent-domain",
            "redirect-chain",
            "redirector",
            "refund-service",
            "retail-scam",
            "retail-sector",
            "roblox",
            "roblox-accounts",
            "roblox-impersonation",
            "scam",
            "scam-distribution",
            "scam-gateway",
            "scam-infrastructure",
            "scam-site",
            "scam-website",
            "script-hosting",
            "security-bypass",
            "seo-spam",
            "serviceontario",
            "shipping-protection-scam",
            "sms-verification-bypass",
            "social-engineering",
            "social-media-scam",
            "software-piracy",
            "spam-infrastructure",
            "spyware",
            "steam",
            "student-targeting",
            "surveillance-tools",
            "survey-scam",
            "suspicious-domain",
            "suspicious-file-type",
            "suspicious-pricing",
            "suspicious-subdomain",
            "template-based-storefront",
            "tiktok-impersonation",
            "tiktok-shop",
            "toll-charge",
            "toll-scam",
            "tracking",
            "traffic-citations",
            "traffic-direction-system",
            "traffic-distribution-system",
            "traffic-diversion",
            "traffic-redirection",
            "travel-scam",
            "travel-sector",
            "trojan",
            "trojanized-app",
            "twitter-impersonation",
            "txdmv",
            "txdmv-impersonation",
            "typosquatting",
            "uk-eta-visa",
            "unauthorized-tracking",
            "unofficial-app-distribution",
            "unreachable",
            "unverified-software-download",
            "unwanted-content",
            "unwanted-programs",
            "unwanted-software",
            "url-redirect",
            "url-redirector",
            "url-shortener",
            "urlert",
            "usdt",
            "usps",
            "vbucks-scam",
            "webcam-capture",
            "webcam360",
            "weebly-abuse",
            "wetransfer",
            "wetransfer-impersonation",
            "whatsapp-impersonation",
            "wisconsin-dot",
            "withdrawal-scam"
          ],
          "references": [
            "https://urlert.com/domain/472hico.lat",
            "https://urlert.com/domain/acccat.com",
            "https://urlert.com/domain/aipixelss.com",
            "https://urlert.com/domain/allerides.shop",
            "https://urlert.com/domain/alpiyd.help",
            "https://urlert.com/domain/ankergames.net",
            "https://urlert.com/domain/authpadi.com",
            "https://urlert.com/domain/awstrack.me",
            "https://urlert.com/domain/besowin.com",
            "https://urlert.com/domain/beyondclosetstore.com",
            "https://urlert.com/domain/bfhix.buzz",
            "https://urlert.com/domain/blogspot.com",
            "https://urlert.com/domain/bookscloud.net",
            "https://urlert.com/domain/boxstatusr.cfd",
            "https://urlert.com/domain/bpidirecto.top",
            "https://urlert.com/domain/bringitonmsg.com",
            "https://urlert.com/domain/ca-pagel.cyou",
            "https://urlert.com/domain/ca-pagel.icu",
            "https://urlert.com/domain/ca-pagel.sbs",
            "https://urlert.com/domain/ca-pages.biz.id"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Automotive",
            "Education",
            "Financial Services",
            "Government",
            "Hospitality",
            "Insurance",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 78,
            "URL": 80,
            "hostname": 42
          },
          "indicator_count": 200,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 33,
          "modified_text": "24 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69cc6e158fe4850ec735588e",
          "name": "URLert Daily Threat Intel \u2014 2026-04-01",
          "description": "URLert Daily Threat Intel \u2014 2026-04-01\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 87 | Indicators: 175\nConfirmed: 22 | Likely: 64 | Domain intel: 1\nTop threats: Phishing (76), Malware Hosting (8), Malvertising (3)\nDomains: 03198.sale, 2351e.cyou, 42web.io, 731045.xin, aftdy.com, amctheatersvip.com, autocreds.com, bcr-hr.com, bx.vc, byh.cc, cadastro2026.online, capitaloneshopping.com, carnivalcart.shop, chicv...\n\n87 unique threats producing 175 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-04-30T23:27:49.066000",
          "created": "2026-04-01T01:00:05.090000",
          "tags": [
            "account-compromise",
            "adobe-impersonation",
            "allegro-impersonation",
            "amc-theatres",
            "an-post-impersonation",
            "apk-malware",
            "app-scam",
            "apple-find-my",
            "apple-users",
            "automated-scan",
            "blocket-impersonation",
            "booking-impersonation",
            "brand-impersonation",
            "brazil",
            "california-government-impersonation",
            "cdn-abuse",
            "combosquatting",
            "compromised-site",
            "consumer-scam",
            "content-locker",
            "copyright-infringement",
            "cracked-games",
            "cracked-pc-games",
            "credential-harvesting",
            "cryptocurrency",
            "cryptocurrency-impersonation",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "deceptive-claims",
            "deceptive-domain",
            "deceptive-practices",
            "deceptive-pricing",
            "deceptive-purposes",
            "deceptive-redirects",
            "discord-impersonation",
            "disposable-domain",
            "domain-classification",
            "domain-cloaking",
            "domain-mismatch",
            "domain-rotation",
            "dpd-impersonation",
            "dpd-local",
            "ebook-scam",
            "education-targeting",
            "electronics-scam",
            "encoded-url",
            "fake-discounts",
            "fake-document-notification",
            "fake-download",
            "fake-login-page",
            "fake-payment",
            "fake-platform",
            "fake-retail",
            "fake-shopping-site",
            "fake-token-presale",
            "fake-toll-charge",
            "fake-toll-notice",
            "fake-tracking-page",
            "fake-transfer",
            "fedex",
            "financial-scam",
            "financial-services",
            "fl-studio-piracy",
            "fraudulent-marketplace",
            "fraudulent-platform",
            "fraudulent-purchases",
            "free-hosting",
            "game-distribution",
            "game-downloads",
            "game-exploits",
            "gaming-lure",
            "gibberish-domain",
            "google-apps-script",
            "google-docs",
            "google-sites",
            "government-impersonation",
            "hades-2",
            "high-risk-domain",
            "high-risk-tld",
            "impersonation",
            "intelcom-impersonation",
            "intellectual-property-infringement",
            "investment-fraud",
            "investment-scam",
            "invitation-code",
            "job-scam",
            "link-aggregator",
            "login-page-impersonation",
            "logistics-sector",
            "mailchimp",
            "malicious-campaign",
            "malicious-redirector",
            "malware-delivery",
            "malware-distribution",
            "malware-hosting",
            "marktplaats",
            "microsoft",
            "microsoft-365-impersonation",
            "microsoft-accounts",
            "microsoft-impersonation",
            "microsoft-onedrive-impersonation",
            "nebula-x-scam",
            "netto-impersonation",
            "new-domain",
            "newly-registered-domain",
            "offer-scam",
            "okta-impersonation",
            "payment-fraud",
            "payment-harvesting",
            "payment-information-harvesting",
            "payment-information-theft",
            "paypal-friends-and-family",
            "pc-games",
            "pennsylvania-dmv",
            "personal-information-harvesting",
            "phishing",
            "phishing-page",
            "pii-collection",
            "pirated-software",
            "pirated-software-distribution",
            "pornographic-links",
            "private-profile-viewer",
            "quicknode-impersonation",
            "redirect-chain",
            "redirector",
            "reported-phishing-site",
            "retail-e-commerce",
            "retail-impersonation",
            "retail-scam",
            "roblox",
            "roblox-impersonation",
            "rog-ally",
            "rune-emu",
            "scam",
            "school-credentials",
            "security-verification-scam",
            "sensitive-information-theft",
            "sexually-explicit-lure",
            "social-engineering",
            "social-media-impersonation",
            "social-media-phishing",
            "software-piracy",
            "spyware",
            "state-government",
            "steam-accounts",
            "suspicious-domain",
            "t-mobile",
            "tracking",
            "traffic-redirection-service",
            "typosquatting",
            "unauthorized-software",
            "url-shortener",
            "urlert",
            "usdt-storage-center",
            "washington-state",
            "x-impersonation",
            "xoxbox",
            "youtube-promotion",
            "zelle",
            "zip-payload"
          ],
          "references": [
            "https://urlert.com/domain/03198.sale",
            "https://urlert.com/domain/2351e.cyou",
            "https://urlert.com/domain/42web.io",
            "https://urlert.com/domain/731045.xin",
            "https://urlert.com/domain/aftdy.com",
            "https://urlert.com/domain/amctheatersvip.com",
            "https://urlert.com/domain/autocreds.com",
            "https://urlert.com/domain/bcr-hr.com",
            "https://urlert.com/domain/bx.vc",
            "https://urlert.com/domain/byh.cc",
            "https://urlert.com/domain/cadastro2026.online",
            "https://urlert.com/domain/capitaloneshopping.com",
            "https://urlert.com/domain/carnivalcart.shop",
            "https://urlert.com/domain/chicvo.com",
            "https://urlert.com/domain/chnaapro.com",
            "https://urlert.com/domain/cloudfront.net",
            "https://urlert.com/domain/corruptoregon.com",
            "https://urlert.com/domain/creativeconor.com",
            "https://urlert.com/domain/deliverystation.cfd",
            "https://urlert.com/domain/deltaexploits.gg"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Financial Services",
            "Government",
            "Hospitality",
            "Insurance",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 55,
            "hostname": 26,
            "URL": 55
          },
          "indicator_count": 136,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "31 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://urlert.com/domain/bcr-hr.com",
        "https://urlert.com/domain/corruptoregon.com",
        "https://urlert.com/domain/2351e.cyou",
        "https://urlert.com/domain/deltaexploits.gg",
        "https://urlert.com/domain/bx.vc",
        "https://urlert.com/domain/472hico.lat",
        "https://urlert.com/domain/chicvo.com",
        "https://urlert.com/domain/chnaapro.com",
        "https://urlert.com/domain/authpadi.com",
        "https://urlert.com/domain/awstrack.me",
        "https://urlert.com/domain/03198.sale",
        "https://urlert.com/domain/cadastro2026.online",
        "https://urlert.com/domain/ca-pagel.icu",
        "https://urlert.com/domain/autocreds.com",
        "https://urlert.com/domain/besowin.com",
        "https://urlert.com/domain/acccat.com",
        "https://urlert.com/domain/bfhix.buzz",
        "https://urlert.com/domain/blogspot.com",
        "https://urlert.com/domain/42web.io",
        "https://urlert.com/domain/carnivalcart.shop",
        "https://urlert.com/domain/beyondclosetstore.com",
        "https://urlert.com/domain/aipixelss.com",
        "https://urlert.com/domain/bringitonmsg.com",
        "https://urlert.com/domain/amctheatersvip.com",
        "https://urlert.com/domain/cloudfront.net",
        "https://urlert.com/domain/allerides.shop",
        "https://urlert.com/domain/aftdy.com",
        "https://urlert.com/domain/byh.cc",
        "https://urlert.com/domain/deliverystation.cfd",
        "https://urlert.com/domain/ca-pagel.sbs",
        "https://urlert.com/domain/ankergames.net",
        "https://urlert.com/domain/ca-pagel.cyou",
        "https://urlert.com/domain/bpidirecto.top",
        "https://urlert.com/domain/bookscloud.net",
        "https://urlert.com/domain/boxstatusr.cfd",
        "https://urlert.com/domain/731045.xin",
        "https://urlert.com/domain/ca-pages.biz.id",
        "https://urlert.com/domain/alpiyd.help",
        "https://urlert.com/domain/creativeconor.com",
        "https://urlert.com/domain/capitaloneshopping.com"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [
            "Automotive",
            "Insurance",
            "Logistics / supply chain",
            "Retail / e-commerce",
            "Financial services",
            "Telecommunications",
            "Media / entertainment",
            "Technology",
            "Government",
            "Hospitality",
            "Education"
          ],
          "unique_indicators": 424
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/steamdrops.net",
    "whois": "http://whois.domaintools.com/steamdrops.net",
    "domain": "steamdrops.net",
    "hostname": "Unavailable"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 2,
  "pulses": [
    {
      "id": "69d5a89569e0095158da2a9c",
      "name": "URLert Daily Threat Intel \u2014 2026-04-08",
      "description": "URLert Daily Threat Intel \u2014 2026-04-08\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 139 | Indicators: 264\nConfirmed: 43 | Likely: 94 | Domain intel: 2\nTop threats: Phishing (109), Malvertising (9), Unknown (8), Malware Hosting (7), Dropper (5)\nDomains: 472hico.lat, acccat.com, aipixelss.com, allerides.shop, alpiyd.help, ankergames.net, authpadi.com, awstrack.me, besowin.com, beyondclosetstore.com, bfhix.buzz, blogspot.com, bookscloud.net...\n\n139 unique threats producing 264 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-07T23:19:25.182000",
      "created": "2026-04-08T01:00:05.017000",
      "tags": [
        "2fa-bypass",
        "4-72",
        "4-72-impersonation",
        "abuse-hosting",
        "account-checker",
        "account-reactivation",
        "activity-viewer",
        "adac",
        "adult-affiliate",
        "adult-scam",
        "affiliate-network",
        "aggressive-advertising",
        "ai-platform-abuse",
        "an-post",
        "android-malware",
        "anti-analysis",
        "apk-download",
        "apk-malware",
        "app-update-lure",
        "automated-scan",
        "automatic-download",
        "blank-landing-page",
        "blogspot",
        "booking-com",
        "booking-com-impersonation",
        "bpi-impersonation",
        "brand-impersonation",
        "browser-extension",
        "california-dmv",
        "california-government-impersonation",
        "celebrity-impersonation",
        "cloaking",
        "cloudflare-impersonation",
        "colombia",
        "combosquatting",
        "command-and-control-communication",
        "compromised-site",
        "content-gating",
        "content-locker-scam",
        "cracking",
        "credential-harvesting",
        "crypto-casino",
        "cryptocurrency-phishing",
        "cryptocurrency-scam",
        "cybercrime-tools",
        "daily-threat-intel",
        "dating-scam",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-download",
        "deceptive-lure",
        "deceptive-overlay",
        "deceptive-practices",
        "deceptive-redirect",
        "deceptive-redirects",
        "deceptive-registration",
        "deceptive-tactics",
        "delivery-scam",
        "detection-evasion",
        "developer-tool-evasion",
        "dhl",
        "dhl-impersonation",
        "discord",
        "discord-bot-users",
        "disposable-infrastructure",
        "domain-classification",
        "download-link",
        "dpd",
        "dpd-impersonation",
        "dpd-local",
        "e-commerce-scam",
        "evasion",
        "evasion-technique",
        "evasion-techniques",
        "evasive-technique",
        "evasive-techniques",
        "facebook-impersonation",
        "fake-account-creation",
        "fake-cloudflare-challenge",
        "fake-domain",
        "fake-government-service",
        "fake-login-portal",
        "fake-payment",
        "fake-paywall",
        "fake-questionnaire",
        "fake-security-challenge",
        "fake-security-verification",
        "fake-service",
        "fake-toll-charge",
        "fake-toll-scam",
        "fake-voucher",
        "financial-harvesting",
        "financial-loss",
        "financial-theft",
        "fiverr",
        "fiverr-impersonation",
        "fortnite-impersonation",
        "fraudulent-activity",
        "fraudulent-gambling",
        "fraudulent-investment-platform",
        "fraudulent-platform",
        "fraudulent-store",
        "gambling-scam",
        "gamers",
        "generic-login-form",
        "georgia-dds",
        "germany",
        "gibberish-domain",
        "gmail-impersonation",
        "google",
        "government-impersonation",
        "grabify-logging",
        "grayware",
        "hamilton-fraser",
        "high-pressure-sales",
        "high-risk-subdomain",
        "high-risk-tld",
        "hookup-scam",
        "hr-block-impersonation",
        "identity-verification",
        "impersonation-scam",
        "inactive-infrastructure",
        "information-harvesting",
        "instagram",
        "invalid-certificate",
        "investment-scam",
        "invitation-code-required",
        "invite-code",
        "israel-post-impersonation",
        "javascript-delivery",
        "keyword-stuffing",
        "lead-generation",
        "link-shortener",
        "logistics",
        "logistics-impersonation",
        "logistics-scam",
        "logistics-sector",
        "lookalike-domain",
        "low-reputation-domain",
        "malicious-advertising-network",
        "malicious-extensions",
        "malicious-infrastructure",
        "malicious-redirection",
        "malicious-redirects",
        "malicious-site",
        "malvertising",
        "malware-bundling",
        "malware-delivery",
        "malware-distribution",
        "mercadopago",
        "microsoft-impersonation",
        "microsoft-sharepoint-impersonation",
        "misleading-ui",
        "mobile-phishing",
        "modded-applications",
        "monetized-url-shortener",
        "netlify-abuse",
        "nevada-dmv",
        "new-domain",
        "newly-registered-domain",
        "non-legitimate-site",
        "online-casino",
        "passport-data-theft",
        "payment-card-theft",
        "payment-harvesting",
        "payment-information-harvesting",
        "payment-information-theft",
        "payment-scam",
        "payroll-scam",
        "personal-information-harvesting",
        "phishing",
        "phishing-lure",
        "phishing-page",
        "phishing-site",
        "pig-butchering-scam",
        "pii-collection",
        "pirated-software",
        "ponzi-scheme",
        "pop-unders",
        "posta-kenya-impersonation",
        "potentially-malicious-domain",
        "privacy-risk",
        "profile-visitor-tracking",
        "pua",
        "random-subdomain",
        "recent-domain",
        "redirect-chain",
        "redirector",
        "refund-service",
        "retail-scam",
        "retail-sector",
        "roblox",
        "roblox-accounts",
        "roblox-impersonation",
        "scam",
        "scam-distribution",
        "scam-gateway",
        "scam-infrastructure",
        "scam-site",
        "scam-website",
        "script-hosting",
        "security-bypass",
        "seo-spam",
        "serviceontario",
        "shipping-protection-scam",
        "sms-verification-bypass",
        "social-engineering",
        "social-media-scam",
        "software-piracy",
        "spam-infrastructure",
        "spyware",
        "steam",
        "student-targeting",
        "surveillance-tools",
        "survey-scam",
        "suspicious-domain",
        "suspicious-file-type",
        "suspicious-pricing",
        "suspicious-subdomain",
        "template-based-storefront",
        "tiktok-impersonation",
        "tiktok-shop",
        "toll-charge",
        "toll-scam",
        "tracking",
        "traffic-citations",
        "traffic-direction-system",
        "traffic-distribution-system",
        "traffic-diversion",
        "traffic-redirection",
        "travel-scam",
        "travel-sector",
        "trojan",
        "trojanized-app",
        "twitter-impersonation",
        "txdmv",
        "txdmv-impersonation",
        "typosquatting",
        "uk-eta-visa",
        "unauthorized-tracking",
        "unofficial-app-distribution",
        "unreachable",
        "unverified-software-download",
        "unwanted-content",
        "unwanted-programs",
        "unwanted-software",
        "url-redirect",
        "url-redirector",
        "url-shortener",
        "urlert",
        "usdt",
        "usps",
        "vbucks-scam",
        "webcam-capture",
        "webcam360",
        "weebly-abuse",
        "wetransfer",
        "wetransfer-impersonation",
        "whatsapp-impersonation",
        "wisconsin-dot",
        "withdrawal-scam"
      ],
      "references": [
        "https://urlert.com/domain/472hico.lat",
        "https://urlert.com/domain/acccat.com",
        "https://urlert.com/domain/aipixelss.com",
        "https://urlert.com/domain/allerides.shop",
        "https://urlert.com/domain/alpiyd.help",
        "https://urlert.com/domain/ankergames.net",
        "https://urlert.com/domain/authpadi.com",
        "https://urlert.com/domain/awstrack.me",
        "https://urlert.com/domain/besowin.com",
        "https://urlert.com/domain/beyondclosetstore.com",
        "https://urlert.com/domain/bfhix.buzz",
        "https://urlert.com/domain/blogspot.com",
        "https://urlert.com/domain/bookscloud.net",
        "https://urlert.com/domain/boxstatusr.cfd",
        "https://urlert.com/domain/bpidirecto.top",
        "https://urlert.com/domain/bringitonmsg.com",
        "https://urlert.com/domain/ca-pagel.cyou",
        "https://urlert.com/domain/ca-pagel.icu",
        "https://urlert.com/domain/ca-pagel.sbs",
        "https://urlert.com/domain/ca-pages.biz.id"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Automotive",
        "Education",
        "Financial Services",
        "Government",
        "Hospitality",
        "Insurance",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 78,
        "URL": 80,
        "hostname": 42
      },
      "indicator_count": 200,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 33,
      "modified_text": "24 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69cc6e158fe4850ec735588e",
      "name": "URLert Daily Threat Intel \u2014 2026-04-01",
      "description": "URLert Daily Threat Intel \u2014 2026-04-01\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 87 | Indicators: 175\nConfirmed: 22 | Likely: 64 | Domain intel: 1\nTop threats: Phishing (76), Malware Hosting (8), Malvertising (3)\nDomains: 03198.sale, 2351e.cyou, 42web.io, 731045.xin, aftdy.com, amctheatersvip.com, autocreds.com, bcr-hr.com, bx.vc, byh.cc, cadastro2026.online, capitaloneshopping.com, carnivalcart.shop, chicv...\n\n87 unique threats producing 175 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-04-30T23:27:49.066000",
      "created": "2026-04-01T01:00:05.090000",
      "tags": [
        "account-compromise",
        "adobe-impersonation",
        "allegro-impersonation",
        "amc-theatres",
        "an-post-impersonation",
        "apk-malware",
        "app-scam",
        "apple-find-my",
        "apple-users",
        "automated-scan",
        "blocket-impersonation",
        "booking-impersonation",
        "brand-impersonation",
        "brazil",
        "california-government-impersonation",
        "cdn-abuse",
        "combosquatting",
        "compromised-site",
        "consumer-scam",
        "content-locker",
        "copyright-infringement",
        "cracked-games",
        "cracked-pc-games",
        "credential-harvesting",
        "cryptocurrency",
        "cryptocurrency-impersonation",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "deceptive-claims",
        "deceptive-domain",
        "deceptive-practices",
        "deceptive-pricing",
        "deceptive-purposes",
        "deceptive-redirects",
        "discord-impersonation",
        "disposable-domain",
        "domain-classification",
        "domain-cloaking",
        "domain-mismatch",
        "domain-rotation",
        "dpd-impersonation",
        "dpd-local",
        "ebook-scam",
        "education-targeting",
        "electronics-scam",
        "encoded-url",
        "fake-discounts",
        "fake-document-notification",
        "fake-download",
        "fake-login-page",
        "fake-payment",
        "fake-platform",
        "fake-retail",
        "fake-shopping-site",
        "fake-token-presale",
        "fake-toll-charge",
        "fake-toll-notice",
        "fake-tracking-page",
        "fake-transfer",
        "fedex",
        "financial-scam",
        "financial-services",
        "fl-studio-piracy",
        "fraudulent-marketplace",
        "fraudulent-platform",
        "fraudulent-purchases",
        "free-hosting",
        "game-distribution",
        "game-downloads",
        "game-exploits",
        "gaming-lure",
        "gibberish-domain",
        "google-apps-script",
        "google-docs",
        "google-sites",
        "government-impersonation",
        "hades-2",
        "high-risk-domain",
        "high-risk-tld",
        "impersonation",
        "intelcom-impersonation",
        "intellectual-property-infringement",
        "investment-fraud",
        "investment-scam",
        "invitation-code",
        "job-scam",
        "link-aggregator",
        "login-page-impersonation",
        "logistics-sector",
        "mailchimp",
        "malicious-campaign",
        "malicious-redirector",
        "malware-delivery",
        "malware-distribution",
        "malware-hosting",
        "marktplaats",
        "microsoft",
        "microsoft-365-impersonation",
        "microsoft-accounts",
        "microsoft-impersonation",
        "microsoft-onedrive-impersonation",
        "nebula-x-scam",
        "netto-impersonation",
        "new-domain",
        "newly-registered-domain",
        "offer-scam",
        "okta-impersonation",
        "payment-fraud",
        "payment-harvesting",
        "payment-information-harvesting",
        "payment-information-theft",
        "paypal-friends-and-family",
        "pc-games",
        "pennsylvania-dmv",
        "personal-information-harvesting",
        "phishing",
        "phishing-page",
        "pii-collection",
        "pirated-software",
        "pirated-software-distribution",
        "pornographic-links",
        "private-profile-viewer",
        "quicknode-impersonation",
        "redirect-chain",
        "redirector",
        "reported-phishing-site",
        "retail-e-commerce",
        "retail-impersonation",
        "retail-scam",
        "roblox",
        "roblox-impersonation",
        "rog-ally",
        "rune-emu",
        "scam",
        "school-credentials",
        "security-verification-scam",
        "sensitive-information-theft",
        "sexually-explicit-lure",
        "social-engineering",
        "social-media-impersonation",
        "social-media-phishing",
        "software-piracy",
        "spyware",
        "state-government",
        "steam-accounts",
        "suspicious-domain",
        "t-mobile",
        "tracking",
        "traffic-redirection-service",
        "typosquatting",
        "unauthorized-software",
        "url-shortener",
        "urlert",
        "usdt-storage-center",
        "washington-state",
        "x-impersonation",
        "xoxbox",
        "youtube-promotion",
        "zelle",
        "zip-payload"
      ],
      "references": [
        "https://urlert.com/domain/03198.sale",
        "https://urlert.com/domain/2351e.cyou",
        "https://urlert.com/domain/42web.io",
        "https://urlert.com/domain/731045.xin",
        "https://urlert.com/domain/aftdy.com",
        "https://urlert.com/domain/amctheatersvip.com",
        "https://urlert.com/domain/autocreds.com",
        "https://urlert.com/domain/bcr-hr.com",
        "https://urlert.com/domain/bx.vc",
        "https://urlert.com/domain/byh.cc",
        "https://urlert.com/domain/cadastro2026.online",
        "https://urlert.com/domain/capitaloneshopping.com",
        "https://urlert.com/domain/carnivalcart.shop",
        "https://urlert.com/domain/chicvo.com",
        "https://urlert.com/domain/chnaapro.com",
        "https://urlert.com/domain/cloudfront.net",
        "https://urlert.com/domain/corruptoregon.com",
        "https://urlert.com/domain/creativeconor.com",
        "https://urlert.com/domain/deliverystation.cfd",
        "https://urlert.com/domain/deltaexploits.gg"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Financial Services",
        "Government",
        "Hospitality",
        "Insurance",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology",
        "Telecommunications"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 55,
        "hostname": 26,
        "URL": 55
      },
      "indicator_count": 136,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "31 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://steamdrops.net/p/transparency",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://steamdrops.net/p/transparency",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780292582.6686523
}