{
  "type": "URL",
  "indicator": "https://www.ckq.cc",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://www.ckq.cc",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 4265159256,
      "indicator": "https://www.ckq.cc",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 2,
      "pulses": [
        {
          "id": "69cf1115225832368c9af150",
          "name": "URLert Daily Threat Intel \u2014 2026-04-03",
          "description": "URLert Daily Threat Intel \u2014 2026-04-03\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 165 | Indicators: 334\nConfirmed: 47 | Likely: 117 | Domain intel: 1\nTop threats: Phishing (148), Malware Hosting (12), Dropper (3), Scanning Host (1), RAT (1)\nDomains: 1cpmspv.top, 1drv.ms, 40gmail.com, 756193.xin, adescargar.net, adobe.com, ankergames.net, as-nfd.top, betioh.com, blogspot.com, bodyshopca.com, bv-dienstleistungen.de, ca-page.cyou, ca-pag...\n\n165 unique threats producing 334 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-03T00:28:39.989000",
          "created": "2026-04-03T01:00:05.191000",
          "tags": [
            "2fa-harvesting",
            "adult-app-distribution",
            "adult-content",
            "adware",
            "adware-risk",
            "agoda-impersonation",
            "ai-sweden-impersonation",
            "alaska",
            "alaska-dmv",
            "android-malware",
            "anonymous-sales",
            "apk-distribution",
            "apk-malware",
            "automated-scan",
            "blockchain-casino",
            "booking-com",
            "brand-impersonation",
            "brazil",
            "bulk-email-distribution",
            "california",
            "california-dmv-impersonation",
            "cloaking",
            "cloud-hosting",
            "cloudflare-abuse",
            "code-obfuscation",
            "combell-impersonation",
            "combosquatting",
            "compromised-government-site",
            "controlled-substances",
            "credential-harvesting",
            "credit-card-harvesting",
            "credit-card-scam",
            "credit-card-theft",
            "crypto-casino",
            "crypto-payments",
            "crypto-scam",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "dao-impersonation",
            "dao-services",
            "data-harvesting",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-landing-page",
            "deceptive-landing-pages",
            "deceptive-sales-tactics",
            "deceptive-site",
            "delivery-exception",
            "delivery-failure-scam",
            "delivery-scam",
            "device-access-attempt",
            "dhl",
            "digital-infrastructure-marketplace",
            "discord-impersonation",
            "discount-scam",
            "dmv",
            "document-lure",
            "document-sharing-scam",
            "docusign-impersonation",
            "domain-classification",
            "domain-squatting",
            "dpd",
            "dpd-impersonation",
            "dropper",
            "educational-content-piracy",
            "email-credentials",
            "evasion-technique",
            "facebook",
            "fake-captcha",
            "fake-checkout",
            "fake-citation",
            "fake-delivery-notice",
            "fake-delivery-notification",
            "fake-delivery-scam",
            "fake-document",
            "fake-document-preview",
            "fake-giveaway",
            "fake-income-opportunity",
            "fake-invoices",
            "fake-login",
            "fake-login-page",
            "fake-login-portal",
            "fake-online-store",
            "fake-payment-portal",
            "fake-profiles",
            "fake-security-check",
            "fake-store",
            "fake-toll",
            "fake-toll-notice",
            "fake-toll-scam",
            "fake-tracking-page",
            "fake-warning",
            "fanbox",
            "fantia-impersonation",
            "fifa",
            "file-sharing-impersonation",
            "financial-information-theft",
            "financial-institution-impersonation",
            "financial-scam",
            "fiverr",
            "foot-locker-impersonation",
            "footlocker",
            "forced-installation",
            "fraudulent",
            "fraudulent-operation",
            "gamers",
            "gibberish-domain",
            "gift-voucher-scam",
            "github-pages",
            "giveaway-scam",
            "glp-1-agonists",
            "gmail-impersonation",
            "google-docs",
            "google-impersonation",
            "google-sheets-impersonation",
            "government-impersonation",
            "government-services",
            "grayware",
            "high-abuse-domain",
            "high-risk-domain",
            "high-risk-downloads",
            "high-risk-tld",
            "high-traffic-site",
            "hospitality-targeting",
            "ic-markets-impersonation",
            "illegal-pharmacy",
            "impersonation",
            "information-gathering",
            "information-harvesting",
            "intelcom",
            "invite-code-scam",
            "ipfs-abuse",
            "israel-post",
            "law-firm-impersonation",
            "legitimate-domain-abuse",
            "legitimate-service-abuse",
            "login-page",
            "login-portal",
            "logistics",
            "logistics-delivery",
            "logistics-scam",
            "logistics-sector",
            "logistics-supply-chain",
            "louisiana-omv-impersonation",
            "malicious-domain",
            "malicious-link-shortener",
            "malicious-links",
            "malicious-redirect",
            "malicious-redirector",
            "malicious-redirects",
            "malvertising",
            "malware-delivery",
            "malware-distribution",
            "malware-hosting",
            "malware-risk",
            "maryland-mva",
            "media-markt-impersonation",
            "mediamarkt",
            "microsoft",
            "microsoft-forms-abuse",
            "microsoft-impersonation",
            "mobile-malware",
            "modified-apk-distribution",
            "nacex-impersonation",
            "ncdot",
            "nebula-x-impersonation",
            "netlify-abuse",
            "netlify-hosting",
            "new-domain",
            "newly-registered-domain",
            "nft-platform",
            "oklahoma-department-of-public-safety",
            "online-casino",
            "online-scam",
            "oxycodone",
            "package-delivery-scam",
            "payment-bypass",
            "payment-harvesting",
            "payment-information-harvesting",
            "payment-scam",
            "paypal-impersonation",
            "pennsylvania",
            "personal-data-harvesting",
            "personal-information-collection",
            "personal-information-harvesting",
            "personal-information-theft",
            "phishing",
            "phishing-infrastructure",
            "phishing-kit",
            "phishing-landing-page",
            "phishing-lure",
            "phishing-page",
            "phishing-site",
            "phone-number-collection",
            "piracy",
            "pirated-software",
            "privacy-invasion",
            "prize-scam",
            "project-proposal-scam",
            "pw-thor",
            "rapid-links-net",
            "recently-registered-domain",
            "reconnaissance",
            "redirect",
            "redirect-chain",
            "redirector",
            "refund-scam",
            "replit-abuse",
            "retail-impersonation",
            "retail-scam",
            "retail-targeting",
            "roblox",
            "roblox-impersonation",
            "rom-hosting",
            "romania",
            "roundcube-webmail",
            "sameday-impersonation",
            "scam",
            "scam-domain",
            "scam-pages",
            "scam-site",
            "scanner-evasion",
            "schylling",
            "security-bypass",
            "security-challenge-bypass",
            "serviceontario",
            "serviceontario-impersonation",
            "shein-impersonation",
            "slide-to-verify",
            "smishing",
            "social-media-impersonation",
            "software-piracy",
            "spam-distribution",
            "spam-facilitation",
            "spyware",
            "steam",
            "steam-account-theft",
            "stolen-credit-cards",
            "suspicious-domain",
            "suspicious-domain-extension",
            "suspicious-downloads",
            "targeted-attack",
            "technology-sector",
            "telegram-impersonation",
            "telegram-verification-scam",
            "tesco",
            "tesco-impersonation",
            "tiktok",
            "tiktok-impersonation",
            "tiktok-shop-impersonation",
            "tk-shop",
            "toll-scam",
            "traffic-citation-scam",
            "typosquatting",
            "unaccountable-infrastructure",
            "unauthorized-access",
            "unauthorized-content",
            "unauthorized-prescription-drugs",
            "university-brescia",
            "unrealistic-discounts",
            "unscanned-files",
            "unverified-software",
            "unwanted-programs",
            "unwanted-software",
            "urgency-scam",
            "urgency-tactics",
            "url-obscurity",
            "url-shortener",
            "url-shortener-abuse",
            "urlert",
            "video-downloader",
            "vitkac-impersonation",
            "vulnerability-scanning",
            "weebly-abuse",
            "youtube-spam"
          ],
          "references": [
            "https://urlert.com/domain/1cpmspv.top",
            "https://urlert.com/domain/1drv.ms",
            "https://urlert.com/domain/40gmail.com",
            "https://urlert.com/domain/756193.xin",
            "https://urlert.com/domain/adescargar.net",
            "https://urlert.com/domain/adobe.com",
            "https://urlert.com/domain/ankergames.net",
            "https://urlert.com/domain/as-nfd.top",
            "https://urlert.com/domain/betioh.com",
            "https://urlert.com/domain/blogspot.com",
            "https://urlert.com/domain/bodyshopca.com",
            "https://urlert.com/domain/bv-dienstleistungen.de",
            "https://urlert.com/domain/ca-page.cyou",
            "https://urlert.com/domain/ca-page.shop",
            "https://urlert.com/domain/cgod.shop",
            "https://urlert.com/domain/ckq.cc",
            "https://urlert.com/domain/com-azije.cc",
            "https://urlert.com/domain/communityitemarts.co",
            "https://urlert.com/domain/create-logo-maker.net",
            "https://urlert.com/domain/cvmr.life"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Financial Services",
            "Government",
            "Healthcare",
            "Hospitality",
            "Legal Services",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Real Estate",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 98,
            "hostname": 55,
            "URL": 104
          },
          "indicator_count": 257,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "28 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69b60494534a1a876fffd17c",
          "name": "URLert Daily Threat Intel \u2014 2026-03-15",
          "description": "URLert Daily Threat Intel \u2014 2026-03-15\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 50 | Indicators: 86\nConfirmed: 17 | Likely: 25 | Domain intel: 8\nTop threats: Phishing (39), Malware Hosting (6), Malvertising (3), Dropper (1), Unknown (1)\nDomains: av4me.bond, canva.com, chamsswitch.com, ckq.cc, correos-seguimiento.site, cottabase.com, csiae.com, deltaexploits.gg, digitboost.site, dmca-alert.report, eph.cc, fnudprime.com, garmins.gr,...\n\n50 unique threats producing 86 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-04-13T23:56:17.348000",
          "created": "2026-03-15T01:00:04.668000",
          "tags": [
            "abuse-of-legitimate-platform",
            "adult-dating-scam",
            "advance-fee-fraud",
            "affinity-scam",
            "aggressive-advertising",
            "apk-malware",
            "arizona-dmv-impersonation",
            "automated-scan",
            "brand-impersonation",
            "browser-extension-distribution",
            "burn-domain",
            "cloaking",
            "cloudfare-impersonation",
            "cloudflare",
            "coca-cola-impersonation",
            "combosquatting",
            "credential-harvesting",
            "crypto-scam",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "deceptive-buttons",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-giveaway",
            "deceptive-lure",
            "deceptive-payment-practices",
            "deceptive-practices",
            "deceptive-site",
            "deceptive-tactics",
            "deceptive-url",
            "dmca-scam",
            "domain-classification",
            "domain-rotation",
            "dropper",
            "ecommerce-fraud",
            "employment-fraud",
            "etsy-impersonation",
            "evasive-tactics",
            "exit-scam",
            "explicit-content",
            "fake-alert",
            "fake-checkout",
            "fake-exchange",
            "fake-investment-scheme",
            "fake-promotion",
            "file-sharing-platform",
            "financial-fraud",
            "financial-scam",
            "financial-sector",
            "financial-services",
            "fraud",
            "fraudulent-identity",
            "fraudulent-marketplace",
            "game-exploits",
            "gaming-community",
            "garmin-impersonation",
            "get-rich-quick-scheme",
            "google-impersonation",
            "high-risk-tld",
            "icu-domain",
            "impersonation",
            "invalid-certificate",
            "logistics-phishing",
            "lookalike-domain",
            "malicious-infrastructure",
            "malicious-redirection",
            "malicious-redirects",
            "malvertising",
            "malware-bundling",
            "malware-delivery",
            "malware-distribution",
            "malware-download",
            "minecraft",
            "misspelled-domain",
            "mobile-malware",
            "nebula-x",
            "new-domain",
            "newly-registered-domain",
            "online-gaming",
            "online-marketplace",
            "payment-card-harvesting",
            "pennsylvania",
            "phishing",
            "phishing-site",
            "pig-butchering",
            "pig-butchering-scam",
            "pii-harvesting",
            "pirated-software",
            "questionnaire-scam",
            "recently-registered-domain",
            "recruitment-phishing",
            "redirect-gateway",
            "redirector",
            "retail",
            "roblox",
            "roblox-impersonation",
            "scam",
            "scam-app",
            "scam-ecommerce",
            "scam-operations",
            "scam-pages",
            "scam-site",
            "shell-site",
            "sms-phishing",
            "social-engineering",
            "spam-distribution",
            "spam-promoted",
            "suspicious-domain",
            "suspicious-scripts",
            "tech-support-phishing",
            "telegram",
            "telegram-impersonation",
            "tesco-impersonation",
            "tld-squatting",
            "toll-scam",
            "traffic-redirection",
            "typosquatting",
            "unregulated-gambling",
            "unsecured-content",
            "unsecured-hosting",
            "unverifiable-leadership",
            "unwanted-software",
            "url-shortener",
            "urlert",
            "usdt",
            "youtube"
          ],
          "references": [
            "https://urlert.com/domain/av4me.bond",
            "https://urlert.com/domain/canva.com",
            "https://urlert.com/domain/chamsswitch.com",
            "https://urlert.com/domain/ckq.cc",
            "https://urlert.com/domain/correos-seguimiento.site",
            "https://urlert.com/domain/cottabase.com",
            "https://urlert.com/domain/csiae.com",
            "https://urlert.com/domain/deltaexploits.gg",
            "https://urlert.com/domain/digitboost.site",
            "https://urlert.com/domain/dmca-alert.report",
            "https://urlert.com/domain/eph.cc",
            "https://urlert.com/domain/fnudprime.com",
            "https://urlert.com/domain/garmins.gr",
            "https://urlert.com/domain/gotstar.net",
            "https://urlert.com/domain/govrtci.help",
            "https://urlert.com/domain/gyweiyd.top",
            "https://urlert.com/domain/hermes-maketting.com",
            "https://urlert.com/domain/kec.az",
            "https://urlert.com/domain/ln.run",
            "https://urlert.com/domain/lvuuqr.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Financial Services",
            "Government",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 32,
            "URL": 27,
            "hostname": 11
          },
          "indicator_count": 70,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "47 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://urlert.com/domain/adescargar.net",
        "https://urlert.com/domain/1cpmspv.top",
        "https://urlert.com/domain/hermes-maketting.com",
        "https://urlert.com/domain/adobe.com",
        "https://urlert.com/domain/garmins.gr",
        "https://urlert.com/domain/deltaexploits.gg",
        "https://urlert.com/domain/ankergames.net",
        "https://urlert.com/domain/govrtci.help",
        "https://urlert.com/domain/csiae.com",
        "https://urlert.com/domain/com-azije.cc",
        "https://urlert.com/domain/as-nfd.top",
        "https://urlert.com/domain/communityitemarts.co",
        "https://urlert.com/domain/canva.com",
        "https://urlert.com/domain/digitboost.site",
        "https://urlert.com/domain/756193.xin",
        "https://urlert.com/domain/cgod.shop",
        "https://urlert.com/domain/ln.run",
        "https://urlert.com/domain/bodyshopca.com",
        "https://urlert.com/domain/eph.cc",
        "https://urlert.com/domain/correos-seguimiento.site",
        "https://urlert.com/domain/ca-page.cyou",
        "https://urlert.com/domain/create-logo-maker.net",
        "https://urlert.com/domain/cottabase.com",
        "https://urlert.com/domain/betioh.com",
        "https://urlert.com/domain/40gmail.com",
        "https://urlert.com/domain/blogspot.com",
        "https://urlert.com/domain/ckq.cc",
        "https://urlert.com/domain/av4me.bond",
        "https://urlert.com/domain/dmca-alert.report",
        "https://urlert.com/domain/gotstar.net",
        "https://urlert.com/domain/ca-page.shop",
        "https://urlert.com/domain/1drv.ms",
        "https://urlert.com/domain/kec.az",
        "https://urlert.com/domain/cvmr.life",
        "https://urlert.com/domain/fnudprime.com",
        "https://urlert.com/domain/gyweiyd.top",
        "https://urlert.com/domain/chamsswitch.com",
        "https://urlert.com/domain/lvuuqr.com",
        "https://urlert.com/domain/bv-dienstleistungen.de"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [
            "Logistics / supply chain",
            "Technology",
            "Government",
            "Education",
            "Real estate",
            "Legal services",
            "Retail / e-commerce",
            "Media / entertainment",
            "Healthcare",
            "Financial services",
            "Hospitality"
          ],
          "unique_indicators": 411
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/ckq.cc",
    "whois": "http://whois.domaintools.com/ckq.cc",
    "domain": "ckq.cc",
    "hostname": "www.ckq.cc"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 2,
  "pulses": [
    {
      "id": "69cf1115225832368c9af150",
      "name": "URLert Daily Threat Intel \u2014 2026-04-03",
      "description": "URLert Daily Threat Intel \u2014 2026-04-03\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 165 | Indicators: 334\nConfirmed: 47 | Likely: 117 | Domain intel: 1\nTop threats: Phishing (148), Malware Hosting (12), Dropper (3), Scanning Host (1), RAT (1)\nDomains: 1cpmspv.top, 1drv.ms, 40gmail.com, 756193.xin, adescargar.net, adobe.com, ankergames.net, as-nfd.top, betioh.com, blogspot.com, bodyshopca.com, bv-dienstleistungen.de, ca-page.cyou, ca-pag...\n\n165 unique threats producing 334 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-03T00:28:39.989000",
      "created": "2026-04-03T01:00:05.191000",
      "tags": [
        "2fa-harvesting",
        "adult-app-distribution",
        "adult-content",
        "adware",
        "adware-risk",
        "agoda-impersonation",
        "ai-sweden-impersonation",
        "alaska",
        "alaska-dmv",
        "android-malware",
        "anonymous-sales",
        "apk-distribution",
        "apk-malware",
        "automated-scan",
        "blockchain-casino",
        "booking-com",
        "brand-impersonation",
        "brazil",
        "bulk-email-distribution",
        "california",
        "california-dmv-impersonation",
        "cloaking",
        "cloud-hosting",
        "cloudflare-abuse",
        "code-obfuscation",
        "combell-impersonation",
        "combosquatting",
        "compromised-government-site",
        "controlled-substances",
        "credential-harvesting",
        "credit-card-harvesting",
        "credit-card-scam",
        "credit-card-theft",
        "crypto-casino",
        "crypto-payments",
        "crypto-scam",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "dao-impersonation",
        "dao-services",
        "data-harvesting",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-landing-page",
        "deceptive-landing-pages",
        "deceptive-sales-tactics",
        "deceptive-site",
        "delivery-exception",
        "delivery-failure-scam",
        "delivery-scam",
        "device-access-attempt",
        "dhl",
        "digital-infrastructure-marketplace",
        "discord-impersonation",
        "discount-scam",
        "dmv",
        "document-lure",
        "document-sharing-scam",
        "docusign-impersonation",
        "domain-classification",
        "domain-squatting",
        "dpd",
        "dpd-impersonation",
        "dropper",
        "educational-content-piracy",
        "email-credentials",
        "evasion-technique",
        "facebook",
        "fake-captcha",
        "fake-checkout",
        "fake-citation",
        "fake-delivery-notice",
        "fake-delivery-notification",
        "fake-delivery-scam",
        "fake-document",
        "fake-document-preview",
        "fake-giveaway",
        "fake-income-opportunity",
        "fake-invoices",
        "fake-login",
        "fake-login-page",
        "fake-login-portal",
        "fake-online-store",
        "fake-payment-portal",
        "fake-profiles",
        "fake-security-check",
        "fake-store",
        "fake-toll",
        "fake-toll-notice",
        "fake-toll-scam",
        "fake-tracking-page",
        "fake-warning",
        "fanbox",
        "fantia-impersonation",
        "fifa",
        "file-sharing-impersonation",
        "financial-information-theft",
        "financial-institution-impersonation",
        "financial-scam",
        "fiverr",
        "foot-locker-impersonation",
        "footlocker",
        "forced-installation",
        "fraudulent",
        "fraudulent-operation",
        "gamers",
        "gibberish-domain",
        "gift-voucher-scam",
        "github-pages",
        "giveaway-scam",
        "glp-1-agonists",
        "gmail-impersonation",
        "google-docs",
        "google-impersonation",
        "google-sheets-impersonation",
        "government-impersonation",
        "government-services",
        "grayware",
        "high-abuse-domain",
        "high-risk-domain",
        "high-risk-downloads",
        "high-risk-tld",
        "high-traffic-site",
        "hospitality-targeting",
        "ic-markets-impersonation",
        "illegal-pharmacy",
        "impersonation",
        "information-gathering",
        "information-harvesting",
        "intelcom",
        "invite-code-scam",
        "ipfs-abuse",
        "israel-post",
        "law-firm-impersonation",
        "legitimate-domain-abuse",
        "legitimate-service-abuse",
        "login-page",
        "login-portal",
        "logistics",
        "logistics-delivery",
        "logistics-scam",
        "logistics-sector",
        "logistics-supply-chain",
        "louisiana-omv-impersonation",
        "malicious-domain",
        "malicious-link-shortener",
        "malicious-links",
        "malicious-redirect",
        "malicious-redirector",
        "malicious-redirects",
        "malvertising",
        "malware-delivery",
        "malware-distribution",
        "malware-hosting",
        "malware-risk",
        "maryland-mva",
        "media-markt-impersonation",
        "mediamarkt",
        "microsoft",
        "microsoft-forms-abuse",
        "microsoft-impersonation",
        "mobile-malware",
        "modified-apk-distribution",
        "nacex-impersonation",
        "ncdot",
        "nebula-x-impersonation",
        "netlify-abuse",
        "netlify-hosting",
        "new-domain",
        "newly-registered-domain",
        "nft-platform",
        "oklahoma-department-of-public-safety",
        "online-casino",
        "online-scam",
        "oxycodone",
        "package-delivery-scam",
        "payment-bypass",
        "payment-harvesting",
        "payment-information-harvesting",
        "payment-scam",
        "paypal-impersonation",
        "pennsylvania",
        "personal-data-harvesting",
        "personal-information-collection",
        "personal-information-harvesting",
        "personal-information-theft",
        "phishing",
        "phishing-infrastructure",
        "phishing-kit",
        "phishing-landing-page",
        "phishing-lure",
        "phishing-page",
        "phishing-site",
        "phone-number-collection",
        "piracy",
        "pirated-software",
        "privacy-invasion",
        "prize-scam",
        "project-proposal-scam",
        "pw-thor",
        "rapid-links-net",
        "recently-registered-domain",
        "reconnaissance",
        "redirect",
        "redirect-chain",
        "redirector",
        "refund-scam",
        "replit-abuse",
        "retail-impersonation",
        "retail-scam",
        "retail-targeting",
        "roblox",
        "roblox-impersonation",
        "rom-hosting",
        "romania",
        "roundcube-webmail",
        "sameday-impersonation",
        "scam",
        "scam-domain",
        "scam-pages",
        "scam-site",
        "scanner-evasion",
        "schylling",
        "security-bypass",
        "security-challenge-bypass",
        "serviceontario",
        "serviceontario-impersonation",
        "shein-impersonation",
        "slide-to-verify",
        "smishing",
        "social-media-impersonation",
        "software-piracy",
        "spam-distribution",
        "spam-facilitation",
        "spyware",
        "steam",
        "steam-account-theft",
        "stolen-credit-cards",
        "suspicious-domain",
        "suspicious-domain-extension",
        "suspicious-downloads",
        "targeted-attack",
        "technology-sector",
        "telegram-impersonation",
        "telegram-verification-scam",
        "tesco",
        "tesco-impersonation",
        "tiktok",
        "tiktok-impersonation",
        "tiktok-shop-impersonation",
        "tk-shop",
        "toll-scam",
        "traffic-citation-scam",
        "typosquatting",
        "unaccountable-infrastructure",
        "unauthorized-access",
        "unauthorized-content",
        "unauthorized-prescription-drugs",
        "university-brescia",
        "unrealistic-discounts",
        "unscanned-files",
        "unverified-software",
        "unwanted-programs",
        "unwanted-software",
        "urgency-scam",
        "urgency-tactics",
        "url-obscurity",
        "url-shortener",
        "url-shortener-abuse",
        "urlert",
        "video-downloader",
        "vitkac-impersonation",
        "vulnerability-scanning",
        "weebly-abuse",
        "youtube-spam"
      ],
      "references": [
        "https://urlert.com/domain/1cpmspv.top",
        "https://urlert.com/domain/1drv.ms",
        "https://urlert.com/domain/40gmail.com",
        "https://urlert.com/domain/756193.xin",
        "https://urlert.com/domain/adescargar.net",
        "https://urlert.com/domain/adobe.com",
        "https://urlert.com/domain/ankergames.net",
        "https://urlert.com/domain/as-nfd.top",
        "https://urlert.com/domain/betioh.com",
        "https://urlert.com/domain/blogspot.com",
        "https://urlert.com/domain/bodyshopca.com",
        "https://urlert.com/domain/bv-dienstleistungen.de",
        "https://urlert.com/domain/ca-page.cyou",
        "https://urlert.com/domain/ca-page.shop",
        "https://urlert.com/domain/cgod.shop",
        "https://urlert.com/domain/ckq.cc",
        "https://urlert.com/domain/com-azije.cc",
        "https://urlert.com/domain/communityitemarts.co",
        "https://urlert.com/domain/create-logo-maker.net",
        "https://urlert.com/domain/cvmr.life"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Financial Services",
        "Government",
        "Healthcare",
        "Hospitality",
        "Legal Services",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Real Estate",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 98,
        "hostname": 55,
        "URL": 104
      },
      "indicator_count": 257,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "28 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69b60494534a1a876fffd17c",
      "name": "URLert Daily Threat Intel \u2014 2026-03-15",
      "description": "URLert Daily Threat Intel \u2014 2026-03-15\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 50 | Indicators: 86\nConfirmed: 17 | Likely: 25 | Domain intel: 8\nTop threats: Phishing (39), Malware Hosting (6), Malvertising (3), Dropper (1), Unknown (1)\nDomains: av4me.bond, canva.com, chamsswitch.com, ckq.cc, correos-seguimiento.site, cottabase.com, csiae.com, deltaexploits.gg, digitboost.site, dmca-alert.report, eph.cc, fnudprime.com, garmins.gr,...\n\n50 unique threats producing 86 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-04-13T23:56:17.348000",
      "created": "2026-03-15T01:00:04.668000",
      "tags": [
        "abuse-of-legitimate-platform",
        "adult-dating-scam",
        "advance-fee-fraud",
        "affinity-scam",
        "aggressive-advertising",
        "apk-malware",
        "arizona-dmv-impersonation",
        "automated-scan",
        "brand-impersonation",
        "browser-extension-distribution",
        "burn-domain",
        "cloaking",
        "cloudfare-impersonation",
        "cloudflare",
        "coca-cola-impersonation",
        "combosquatting",
        "credential-harvesting",
        "crypto-scam",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "deceptive-buttons",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-giveaway",
        "deceptive-lure",
        "deceptive-payment-practices",
        "deceptive-practices",
        "deceptive-site",
        "deceptive-tactics",
        "deceptive-url",
        "dmca-scam",
        "domain-classification",
        "domain-rotation",
        "dropper",
        "ecommerce-fraud",
        "employment-fraud",
        "etsy-impersonation",
        "evasive-tactics",
        "exit-scam",
        "explicit-content",
        "fake-alert",
        "fake-checkout",
        "fake-exchange",
        "fake-investment-scheme",
        "fake-promotion",
        "file-sharing-platform",
        "financial-fraud",
        "financial-scam",
        "financial-sector",
        "financial-services",
        "fraud",
        "fraudulent-identity",
        "fraudulent-marketplace",
        "game-exploits",
        "gaming-community",
        "garmin-impersonation",
        "get-rich-quick-scheme",
        "google-impersonation",
        "high-risk-tld",
        "icu-domain",
        "impersonation",
        "invalid-certificate",
        "logistics-phishing",
        "lookalike-domain",
        "malicious-infrastructure",
        "malicious-redirection",
        "malicious-redirects",
        "malvertising",
        "malware-bundling",
        "malware-delivery",
        "malware-distribution",
        "malware-download",
        "minecraft",
        "misspelled-domain",
        "mobile-malware",
        "nebula-x",
        "new-domain",
        "newly-registered-domain",
        "online-gaming",
        "online-marketplace",
        "payment-card-harvesting",
        "pennsylvania",
        "phishing",
        "phishing-site",
        "pig-butchering",
        "pig-butchering-scam",
        "pii-harvesting",
        "pirated-software",
        "questionnaire-scam",
        "recently-registered-domain",
        "recruitment-phishing",
        "redirect-gateway",
        "redirector",
        "retail",
        "roblox",
        "roblox-impersonation",
        "scam",
        "scam-app",
        "scam-ecommerce",
        "scam-operations",
        "scam-pages",
        "scam-site",
        "shell-site",
        "sms-phishing",
        "social-engineering",
        "spam-distribution",
        "spam-promoted",
        "suspicious-domain",
        "suspicious-scripts",
        "tech-support-phishing",
        "telegram",
        "telegram-impersonation",
        "tesco-impersonation",
        "tld-squatting",
        "toll-scam",
        "traffic-redirection",
        "typosquatting",
        "unregulated-gambling",
        "unsecured-content",
        "unsecured-hosting",
        "unverifiable-leadership",
        "unwanted-software",
        "url-shortener",
        "urlert",
        "usdt",
        "youtube"
      ],
      "references": [
        "https://urlert.com/domain/av4me.bond",
        "https://urlert.com/domain/canva.com",
        "https://urlert.com/domain/chamsswitch.com",
        "https://urlert.com/domain/ckq.cc",
        "https://urlert.com/domain/correos-seguimiento.site",
        "https://urlert.com/domain/cottabase.com",
        "https://urlert.com/domain/csiae.com",
        "https://urlert.com/domain/deltaexploits.gg",
        "https://urlert.com/domain/digitboost.site",
        "https://urlert.com/domain/dmca-alert.report",
        "https://urlert.com/domain/eph.cc",
        "https://urlert.com/domain/fnudprime.com",
        "https://urlert.com/domain/garmins.gr",
        "https://urlert.com/domain/gotstar.net",
        "https://urlert.com/domain/govrtci.help",
        "https://urlert.com/domain/gyweiyd.top",
        "https://urlert.com/domain/hermes-maketting.com",
        "https://urlert.com/domain/kec.az",
        "https://urlert.com/domain/ln.run",
        "https://urlert.com/domain/lvuuqr.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Financial Services",
        "Government",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 32,
        "URL": 27,
        "hostname": 11
      },
      "indicator_count": 70,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "47 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://www.ckq.cc",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://www.ckq.cc",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780224631.8884804
}