{ "type": "URL", "indicator": "https://www.ngvaneck.vip/ORFVPBQL", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.ngvaneck.vip/ORFVPBQL", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4325639632, "indicator": "https://www.ngvaneck.vip/ORFVPBQL", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "69eac0b35a25642499b24fa1", "name": "URLert Daily Threat Intel \u2014 2026-04-24", "description": "URLert Daily Threat Intel \u2014 2026-04-24\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 49 | Indicators: 94\nConfirmed: 12 | Likely: 37\nTop threats: Phishing (41), Dropper (3), Malvertising (2), Malware Hosting (2), Unknown (1)\nDomains: ag4.top, amazon-prime.my, ameli-monespace.com, aqui-reclamesac.info, b2wditxn.cc, buff.ly, bunnyband.com, bzzhr.to, ca-pagew.help, dpdlocadp.shop, dpdlocads.top, dpdlocasv.top, eseateams.c...\n\n49 unique threats producing 94 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-23T23:44:47.381000", "created": "2026-04-24T01:00:35.942000", "tags": [ "account-theft", "adult-content", "adult-scam", "affiliate-fraud", "aggressive-advertising", "amazon-prime", "automated-scan", "brand-impersonation", "brawl-stars", "brazil", "browser-extension-distribution", "chrome-hearts-impersonation", "cloud-storage-abuse", "content-locker", "costco", "credential-harvesting", "cutt-ly", "daily-threat-intel", "deception", "deceptive-advertising", "deceptive-domain", "deceptive-download-site", "deceptive-downloads", "deceptive-hosting", "deceptive-marketing", "deceptive-scam", "deceptive-site", "denmark", "dot-shop-tld", "download-wrapper", "dpd", "dpd-impersonation", "e-commerce-scam", "faceit-impersonation", "fake-download", "fake-store", "fake-testimonials", "financial-fraud", "financial-information-theft", "financial-scam", "france", "fraud", "fraud-alert", "fraudulent-services", "free-hosting", "gambling-scam", "gaming-scam", "gaming-sector", "giveaway-scam", "google-cloud-storage", "government-impersonation", "high-risk-domain-extension", "hookup-scam", "hospitality-sector", "impersonation", "information-stealing", "investment-scam", "invite-code-scam", "job-scam", "locaweb-impersonation", "malicious-redirects", "malvertising", "malware-delivery", "malware-distribution", "malware-lure", "marktplaats", "memecoin-scam", "meta", "microsoft-365", "microsoft-forms", "microsoft-impersonation", "microsoft-sharepoint-impersonation", "misspelled-domain", "mondelez-international", "netlify-abuse", "new-domain", "newly-registered-domain", "package-delivery-scam", "payment-scam", "payment-service", "personal-information-harvesting", "petrom", "phishing", "phishing-domain", "phishing-infrastructure", "pix", "rar-archive", "recently-registered-domain", "redirect", "redirect-chain", "retailer-impersonation", "roblox-scam", "scam", "seekda-impersonation", "shipping-impersonation", "social-engineering", "steamrip-distribution", "subscription-trap", "survey-scam", "suspicious-domain", "t-mobile", "task-based-earning-scam", "task-based-scam", "task-scam", "tinder-impersonation", "toll-scam", "unwanted-software", "url-shortener", "urlert", "user-exploitation", "usps", "vercel", "webmail-impersonation", "young-domain" ], "references": [ "https://urlert.com/domain/ag4.top", "https://urlert.com/domain/amazon-prime.my", "https://urlert.com/domain/ameli-monespace.com", "https://urlert.com/domain/aqui-reclamesac.info", "https://urlert.com/domain/b2wditxn.cc", "https://urlert.com/domain/buff.ly", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/bzzhr.to", "https://urlert.com/domain/ca-pagew.help", "https://urlert.com/domain/dpdlocadp.shop", "https://urlert.com/domain/dpdlocads.top", "https://urlert.com/domain/dpdlocasv.top", "https://urlert.com/domain/eseateams.com", "https://urlert.com/domain/filedownloadz.my", "https://urlert.com/domain/googleapis.com", "https://urlert.com/domain/goveipl.shop", "https://urlert.com/domain/govmdq.autos", "https://urlert.com/domain/iceiy.com", "https://urlert.com/domain/id8214982.live", "https://urlert.com/domain/linkbrawlstars.store" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Energy", "Financial Services", "Government", "Healthcare", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 27, "hostname": 10, "URL": 29 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://urlert.com/domain/dpdlocasv.top", "https://urlert.com/domain/bzzhr.to", "https://urlert.com/domain/amazon-prime.my", "https://urlert.com/domain/linkbrawlstars.store", "https://urlert.com/domain/ameli-monespace.com", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/dpdlocadp.shop", "https://urlert.com/domain/iceiy.com", "https://urlert.com/domain/ca-pagew.help", "https://urlert.com/domain/b2wditxn.cc", "https://urlert.com/domain/aqui-reclamesac.info", "https://urlert.com/domain/ag4.top", "https://urlert.com/domain/eseateams.com", "https://urlert.com/domain/id8214982.live", "https://urlert.com/domain/goveipl.shop", "https://urlert.com/domain/buff.ly", "https://urlert.com/domain/filedownloadz.my", "https://urlert.com/domain/govmdq.autos", "https://urlert.com/domain/googleapis.com", "https://urlert.com/domain/dpdlocads.top" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [ "Financial services", "Technology", "Media / entertainment", "Healthcare", "Government", "Energy", "Retail / e-commerce", "Logistics / supply chain", "Telecommunications", "Hospitality" ], "unique_indicators": 87 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/ngvaneck.vip", "whois": "http://whois.domaintools.com/ngvaneck.vip", "domain": "ngvaneck.vip", "hostname": "www.ngvaneck.vip" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "69eac0b35a25642499b24fa1", "name": "URLert Daily Threat Intel \u2014 2026-04-24", "description": "URLert Daily Threat Intel \u2014 2026-04-24\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 49 | Indicators: 94\nConfirmed: 12 | Likely: 37\nTop threats: Phishing (41), Dropper (3), Malvertising (2), Malware Hosting (2), Unknown (1)\nDomains: ag4.top, amazon-prime.my, ameli-monespace.com, aqui-reclamesac.info, b2wditxn.cc, buff.ly, bunnyband.com, bzzhr.to, ca-pagew.help, dpdlocadp.shop, dpdlocads.top, dpdlocasv.top, eseateams.c...\n\n49 unique threats producing 94 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-23T23:44:47.381000", "created": "2026-04-24T01:00:35.942000", "tags": [ "account-theft", "adult-content", "adult-scam", "affiliate-fraud", "aggressive-advertising", "amazon-prime", "automated-scan", "brand-impersonation", "brawl-stars", "brazil", "browser-extension-distribution", "chrome-hearts-impersonation", "cloud-storage-abuse", "content-locker", "costco", "credential-harvesting", "cutt-ly", "daily-threat-intel", "deception", "deceptive-advertising", "deceptive-domain", "deceptive-download-site", "deceptive-downloads", "deceptive-hosting", "deceptive-marketing", "deceptive-scam", "deceptive-site", "denmark", "dot-shop-tld", "download-wrapper", "dpd", "dpd-impersonation", "e-commerce-scam", "faceit-impersonation", "fake-download", "fake-store", "fake-testimonials", "financial-fraud", "financial-information-theft", "financial-scam", "france", "fraud", "fraud-alert", "fraudulent-services", "free-hosting", "gambling-scam", "gaming-scam", "gaming-sector", "giveaway-scam", "google-cloud-storage", "government-impersonation", "high-risk-domain-extension", "hookup-scam", "hospitality-sector", "impersonation", "information-stealing", "investment-scam", "invite-code-scam", "job-scam", "locaweb-impersonation", "malicious-redirects", "malvertising", "malware-delivery", "malware-distribution", "malware-lure", "marktplaats", "memecoin-scam", "meta", "microsoft-365", "microsoft-forms", "microsoft-impersonation", "microsoft-sharepoint-impersonation", "misspelled-domain", "mondelez-international", "netlify-abuse", "new-domain", "newly-registered-domain", "package-delivery-scam", "payment-scam", "payment-service", "personal-information-harvesting", "petrom", "phishing", "phishing-domain", "phishing-infrastructure", "pix", "rar-archive", "recently-registered-domain", "redirect", "redirect-chain", "retailer-impersonation", "roblox-scam", "scam", "seekda-impersonation", "shipping-impersonation", "social-engineering", "steamrip-distribution", "subscription-trap", "survey-scam", "suspicious-domain", "t-mobile", "task-based-earning-scam", "task-based-scam", "task-scam", "tinder-impersonation", "toll-scam", "unwanted-software", "url-shortener", "urlert", "user-exploitation", "usps", "vercel", "webmail-impersonation", "young-domain" ], "references": [ "https://urlert.com/domain/ag4.top", "https://urlert.com/domain/amazon-prime.my", "https://urlert.com/domain/ameli-monespace.com", "https://urlert.com/domain/aqui-reclamesac.info", "https://urlert.com/domain/b2wditxn.cc", "https://urlert.com/domain/buff.ly", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/bzzhr.to", "https://urlert.com/domain/ca-pagew.help", "https://urlert.com/domain/dpdlocadp.shop", "https://urlert.com/domain/dpdlocads.top", "https://urlert.com/domain/dpdlocasv.top", "https://urlert.com/domain/eseateams.com", "https://urlert.com/domain/filedownloadz.my", "https://urlert.com/domain/googleapis.com", "https://urlert.com/domain/goveipl.shop", "https://urlert.com/domain/govmdq.autos", "https://urlert.com/domain/iceiy.com", "https://urlert.com/domain/id8214982.live", "https://urlert.com/domain/linkbrawlstars.store" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Energy", "Financial Services", "Government", "Healthcare", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 27, "hostname": 10, "URL": 29 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.ngvaneck.vip/ORFVPBQL", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.ngvaneck.vip/ORFVPBQL", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780235600.652664 }