{ "type": "Domain", "indicator": "robiox.com.gr", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/robiox.com.gr", "alexa": "http://www.alexa.com/siteinfo/robiox.com.gr", "indicator": "robiox.com.gr", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4239343977, "indicator": "robiox.com.gr", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 16, "pulses": [ { "id": "69c081afa2bd54a9599b7c07", "name": "PhishDestroy \u2014 Active Phishing & Crypto Scam Domains", "description": "Real-time feed of phishing, crypto drainer, and scam domains detected by PhishDestroy (phishdestroy.io). Updated hourly. 108K+ domains tracked, 55K+ currently active. Source: github.com/phishdestroy/destroylist", "modified": "2026-05-24T00:00:03.049000", "created": "2026-03-22T23:56:29.438000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "phishdestroy", "id": "348394", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 93266, "hostname": 57600 }, "indicator_count": 150866, "is_author": false, "is_subscribing": null, "subscriber_count": 99, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69c08867316c564ade394c69", "name": "PhishDestroy \u2014 Content Active Threats (Live)", "description": "Live feed of phishing and crypto scam domains with ACTIVE malicious content from PhishDestroy. These domains are verified to have live phishing/scam pages. Updated hourly. Source: github.com/phishdestroy/destroylist/dns/content_active.json", "modified": "2026-05-21T12:06:19.702000", "created": "2026-03-23T00:25:09.116000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy", "active", "content" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "phishdestroy", "id": "348394", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 132502, "hostname": 66217 }, "indicator_count": 198719, "is_author": false, "is_subscribing": null, "subscriber_count": 44, "modified_text": "9 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e2d7e0d1f4d391499ecdf7", "name": "URLert Daily Threat Intel \u2014 2026-04-18", "description": "URLert Daily Threat Intel \u2014 2026-04-18\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 56 | Indicators: 101\nConfirmed: 20 | Likely: 34 | Domain intel: 2\nTop threats: Phishing (47), Malvertising (3), Dropper (3), Unknown (2), Malware Hosting (1)\nDomains: atlasquantltd.top, authtickets.online, azurestaticapps.net, binx.vip, bitponix.com, bunnyband.com, byh.cc, centrestcafe.com, cloud01y.cfd, com-emi.life, com.de, comisionessinparar.com, cre...\n\n56 unique threats producing 101 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-17T23:19:43.062000", "created": "2026-04-18T01:01:20.545000", "tags": [ "2fa-harvesting", "aggressive-advertising", "android-malware", "automated-scan", "base64-encoded-tracking", "brand-impersonation", "captcha-bypass", "cashea-impersonation", "cloudflare-pages", "colorado-dmv", "credential-harvesting", "crypto-exchange", "cryptocurrency-scam", "cvv-shops", "daily-threat-intel", "dana-impersonation", "data-harvesting", "deception", "deceptive-content", "deceptive-domain", "deceptive-practices", "deceptive-prompt", "deceptive-questionnaire", "deceptive-redirects", "deceptive-scam", "deceptive-tactics", "deceptive-url", "delivery-exception-scam", "document-scam", "domain-classification", "domain-rotation", "dpd-impersonation", "earning-scam", "ecommerce-targeting", "epic-games", "evasion-tactic", "evasion-tactics", "evasion-technique", "fake-business", "fake-giveaway", "fake-login", "fake-notification", "fake-order-page", "fake-registration", "fake-rewards", "fake-security-warning", "fake-testimonials", "financial-fraud", "financial-scam", "financial-sector", "financial-theft", "fiverr", "fiverr-impersonation", "fraudulent-activity", "fraudulent-financial-service", "fraudulent-platform", "fraudulent-service", "giveaway-scam", "government-impersonation", "grayware", "high-risk-fraud", "high-risk-tld", "inaccessible-url", "information-harvesting", "information-stealing", "instagram-impersonation", "investment-scam", "invite-code-scheme", "login-page", "logistics-sector", "malicious-infrastructure", "malicious-redirect", "malicious-redirection", "malware", "malware-delivery", "malware-distribution", "mobile-data-scam", "modded-apks", "monetized-url-shortener", "nebula-x", "netlify-abuse", "new-domain", "new-phishing-infrastructure", "newly-registered-domain", "obfuscated-url", "password-reset-scam", "personal-information-harvesting", "personal-information-theft", "phishing", "phishing-document", "phishing-gate", "phishing-site", "pii-collection", "platform-abuse", "playstation-id-theft", "ponzi-scheme", "portuguese", "quantitative-trading", "rdp-access", "redirect-chain", "redirect-service", "redirector", "referral-scam", "registration-page", "retail-scam", "roblox-impersonation", "scam", "scam-site", "scam-website", "shufersal", "smishing", "social-engineering", "social-media-scam", "social-proof-manipulation", "spyware", "steam", "stolen-data", "suspicious-domain", "suspicious-monetization", "targeted-phishing", "task-scam", "telegram-phishing", "ticketmaster-impersonation", "tiendas-d1", "tm-pick-n-pay", "traffic-distribution-system", "typosquatting", "unwanted-software", "url-shortener", "urlert", "usps-impersonation" ], "references": [ "https://urlert.com/domain/atlasquantltd.top", "https://urlert.com/domain/authtickets.online", "https://urlert.com/domain/azurestaticapps.net", "https://urlert.com/domain/binx.vip", "https://urlert.com/domain/bitponix.com", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/byh.cc", "https://urlert.com/domain/centrestcafe.com", "https://urlert.com/domain/cloud01y.cfd", "https://urlert.com/domain/com-emi.life", "https://urlert.com/domain/com.de", "https://urlert.com/domain/comisionessinparar.com", "https://urlert.com/domain/create-road.my", "https://urlert.com/domain/cudasvc.com", "https://urlert.com/domain/dpd-fluxera.click", "https://urlert.com/domain/dpd-velnora.cc", "https://urlert.com/domain/epicglobalevent.world", "https://urlert.com/domain/espace-sante-ameli.com", "https://urlert.com/domain/fine-cohz.com", "https://urlert.com/domain/getmodsapk.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Government", "Healthcare", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 27, "hostname": 11, "URL": 33 }, "indicator_count": 71, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83cb0ce73bef5c452bfb0", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:29:04.332000", "created": "2026-05-04T06:29:04.332000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83caf1bef3609f0eb79e2", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:29:03.120000", "created": "2026-05-04T06:29:03.120000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83cac7d6c947de6c080f9", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:29:00.417000", "created": "2026-05-04T06:29:00.417000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83cab9769e92b3285a2b4", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:28:59.770000", "created": "2026-05-04T06:28:59.770000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83cab7e03b19c5f1078e3", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:28:59.113000", "created": "2026-05-04T06:28:59.113000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83ca9411c8ab5d294a7e2", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:28:57.479000", "created": "2026-05-04T06:28:57.479000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83ca77d6c947de6c080f8", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:28:55.093000", "created": "2026-05-04T06:28:55.093000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f69e3087bd9b0ad31be9ce", "name": "URLert Daily Threat Intel \u2014 2026-05-03", "description": "URLert Daily Threat Intel \u2014 2026-05-03\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 42 | Indicators: 87\nConfirmed: 10 | Likely: 32\nTop threats: Phishing (34), Malvertising (5), Malware Hosting (3)\nDomains: adagio.tw, asarcoamericansmeltingandrefitnxningcompany.vu, brcok.com, bunnyband.com, clicksswitch.com, ctermalls.com, due-paizq.com, fi1gqzft.sbs, fitgirl-repacks.site, github.io, giveaway...\n\n42 unique threats producing 87 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-03T01:00:32.132000", "created": "2026-05-03T01:00:32.132000", "tags": [ "access-denied-tactic", "adult-content", "adult-scam", "asarco", "asset-harvesting", "automated-scan", "brand-impersonation", "browser-locking-script", "clickbait-scam", "coca-cola", "commission-scam", "credential-harvesting", "crypto-scam", "cryptocurrency-scam", "daily-threat-intel", "deceptive-content", "deceptive-domain", "deceptive-platform", "deceptive-redirects", "deceptive-scam", "deceptive-websites", "delivery-scam", "discord-phishing", "dpd-impersonation", "ecommerce-impersonation", "ecommerce-scam", "evasion-technique", "fake-ai-persona", "fake-earning-scheme", "fake-giveaway", "fake-rewards", "fake-shop", "fake-survey", "financial-fraud", "financial-scam", "financial-transactions", "fraudulent-registration", "fraudulent-website", "gambling-platform", "gambling-scam", "gaming", "get-rich-quick-scheme", "government-impersonation", "government-targeting", "hidden-malware", "high-risk-tld", "icbc-impersonation", "information-harvesting", "investment-scam", "invite-code", "kuiu", "lidl", "lightshot-impersonation", "liquidity-provider-scam", "logistics-sector", "malicious-ads", "malicious-redirect", "malicious-site", "malicious-traffic-hub", "malvertising", "malware-distribution", "malware-hosting", "new-domain", "newly-registered-domain", "online-gambling", "payment-information-harvesting", "payment-scam", "pennsylvania-department-of-transportation", "personal-information-harvesting", "phishing", "random-domain", "redirect-chain", "redirect-service", "redirection-chain", "referral-scheme", "registration-scam", "retail-e-commerce", "riskware", "roblox", "roblox-impersonation", "roblox-scam", "scam", "scam-attempt", "scam-network", "social-engineering", "software-piracy", "spoofed-domain", "suspicious-domain", "task-based-earning-scam", "task-based-scam", "task-scam", "texas-dmv", "toll-scam", "traffic-obfuscation", "traffic-redirection", "typosquatting", "urlert", "user-manipulation", "vip-scheme" ], "references": [ "https://urlert.com/domain/adagio.tw", "https://urlert.com/domain/asarcoamericansmeltingandrefitnxningcompany.vu", "https://urlert.com/domain/brcok.com", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/clicksswitch.com", "https://urlert.com/domain/ctermalls.com", "https://urlert.com/domain/due-paizq.com", "https://urlert.com/domain/fi1gqzft.sbs", "https://urlert.com/domain/fitgirl-repacks.site", "https://urlert.com/domain/github.io", "https://urlert.com/domain/giveawaybot.cc", "https://urlert.com/domain/gov-urffs.help", "https://urlert.com/domain/gtoweriien.cfd", "https://urlert.com/domain/heizoaw3.com", "https://urlert.com/domain/httpss-www-roblox.co", "https://urlert.com/domain/icbcke.help", "https://urlert.com/domain/kindearnings.com", "https://urlert.com/domain/kksapp.org", "https://urlert.com/domain/kuiu-outletsb.shop", "https://urlert.com/domain/l19.pics" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Government", "Insurance", "Logistics / Supply Chain", "Manufacturing", "Media / Entertainment", "Retail / E-Commerce" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 30, "hostname": 18, "URL": 39 }, "indicator_count": 87, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "28 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b60494534a1a876fffd17c", "name": "URLert Daily Threat Intel \u2014 2026-03-15", "description": "URLert Daily Threat Intel \u2014 2026-03-15\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 50 | Indicators: 86\nConfirmed: 17 | Likely: 25 | Domain intel: 8\nTop threats: Phishing (39), Malware Hosting (6), Malvertising (3), Dropper (1), Unknown (1)\nDomains: av4me.bond, canva.com, chamsswitch.com, ckq.cc, correos-seguimiento.site, cottabase.com, csiae.com, deltaexploits.gg, digitboost.site, dmca-alert.report, eph.cc, fnudprime.com, garmins.gr,...\n\n50 unique threats producing 86 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-04-13T23:56:17.348000", "created": "2026-03-15T01:00:04.668000", "tags": [ "abuse-of-legitimate-platform", "adult-dating-scam", "advance-fee-fraud", "affinity-scam", "aggressive-advertising", "apk-malware", "arizona-dmv-impersonation", "automated-scan", "brand-impersonation", "browser-extension-distribution", "burn-domain", "cloaking", "cloudfare-impersonation", "cloudflare", "coca-cola-impersonation", "combosquatting", "credential-harvesting", "crypto-scam", "cryptocurrency-scam", "daily-threat-intel", "deceptive-buttons", "deceptive-content", "deceptive-domain", "deceptive-giveaway", "deceptive-lure", "deceptive-payment-practices", "deceptive-practices", "deceptive-site", "deceptive-tactics", "deceptive-url", "dmca-scam", "domain-classification", "domain-rotation", "dropper", "ecommerce-fraud", "employment-fraud", "etsy-impersonation", "evasive-tactics", "exit-scam", "explicit-content", "fake-alert", "fake-checkout", "fake-exchange", "fake-investment-scheme", "fake-promotion", "file-sharing-platform", "financial-fraud", "financial-scam", "financial-sector", "financial-services", "fraud", "fraudulent-identity", "fraudulent-marketplace", "game-exploits", "gaming-community", "garmin-impersonation", "get-rich-quick-scheme", "google-impersonation", "high-risk-tld", "icu-domain", "impersonation", "invalid-certificate", "logistics-phishing", "lookalike-domain", "malicious-infrastructure", "malicious-redirection", "malicious-redirects", "malvertising", "malware-bundling", "malware-delivery", "malware-distribution", "malware-download", "minecraft", "misspelled-domain", "mobile-malware", "nebula-x", "new-domain", "newly-registered-domain", "online-gaming", "online-marketplace", "payment-card-harvesting", "pennsylvania", "phishing", "phishing-site", "pig-butchering", "pig-butchering-scam", "pii-harvesting", "pirated-software", "questionnaire-scam", "recently-registered-domain", "recruitment-phishing", "redirect-gateway", "redirector", "retail", "roblox", "roblox-impersonation", "scam", "scam-app", "scam-ecommerce", "scam-operations", "scam-pages", "scam-site", "shell-site", "sms-phishing", "social-engineering", "spam-distribution", "spam-promoted", "suspicious-domain", "suspicious-scripts", "tech-support-phishing", "telegram", "telegram-impersonation", "tesco-impersonation", "tld-squatting", "toll-scam", "traffic-redirection", "typosquatting", "unregulated-gambling", "unsecured-content", "unsecured-hosting", "unverifiable-leadership", "unwanted-software", "url-shortener", "urlert", "usdt", "youtube" ], "references": [ "https://urlert.com/domain/av4me.bond", "https://urlert.com/domain/canva.com", "https://urlert.com/domain/chamsswitch.com", "https://urlert.com/domain/ckq.cc", "https://urlert.com/domain/correos-seguimiento.site", "https://urlert.com/domain/cottabase.com", "https://urlert.com/domain/csiae.com", "https://urlert.com/domain/deltaexploits.gg", "https://urlert.com/domain/digitboost.site", "https://urlert.com/domain/dmca-alert.report", "https://urlert.com/domain/eph.cc", "https://urlert.com/domain/fnudprime.com", "https://urlert.com/domain/garmins.gr", "https://urlert.com/domain/gotstar.net", "https://urlert.com/domain/govrtci.help", "https://urlert.com/domain/gyweiyd.top", "https://urlert.com/domain/hermes-maketting.com", "https://urlert.com/domain/kec.az", "https://urlert.com/domain/ln.run", "https://urlert.com/domain/lvuuqr.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Government", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 32, "URL": 27, "hostname": 11 }, "indicator_count": 70, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "47 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b3624084440c105b063358", "name": "URLert Daily Threat Intel \u2014 2026-03-13", "description": "URLert Daily Threat Intel \u2014 2026-03-13\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 53 | Indicators: 95\nConfirmed: 11 | Likely: 34 | Domain intel: 8\nTop threats: Phishing (46), Unknown (3), Malware Hosting (3), Malvertising (1)\nDomains: 82jh.com, alend.ng, artinm.com, bit.ly, com-onlinebanking.com, crashradar.info, dlhfs.cc, dmaqld.cyou, effectivegatecpm.com, eph.cc, eurogogogo.com, getcampa-cola.com, geudi.cn, ghostsecur...\n\n53 unique threats producing 95 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-04-11T23:36:09.493000", "created": "2026-03-13T01:02:56.457000", "tags": [ "account-takeover", "atacadao-impersonation", "automated-scan", "betting-scam", "booking-com", "booking-com-impersonation", "brand-impersonation", "bvn-harvesting", "campa-cola", "child-pornography", "cloaking", "combosquatting", "community-reported-suspicious", "compromised-site", "content-locker", "counterfeit-goods", "cpa-scam", "credential-harvesting", "crypto-drainer", "cryptocurrency", "cryptocurrency-scam", "cybercrime", "daily-threat-intel", "data-harvesting", "deceptive-data-collection", "deceptive-interface", "deceptive-landing-page", "deceptive-practice", "deceptive-urgency", "delivery-notification-scam", "dmv-impersonation", "domain-classification", "e-commerce-fraud", "e-commerce-scam", "ecommerce-scam", "eflow-impersonation", "egypt-post", "fake-giveaway", "fake-human-verification", "fake-investment", "fake-promotion", "file-sharing-site", "financial-fraud", "financial-scam", "financial-service", "financial-services", "financial-services-scam", "financial-theft", "fiverr-impersonation", "fraudulent-platform", "fraudulent-scheme", "free-hosting", "gambling-scam", "google-docs-distribution", "google-login", "government-impersonation", "high-risk-tld", "icloud-bypass", "illegal-activities", "illegal-content", "illicit-content", "impersonation", "insecure-connection", "investment-scam", "israel", "kickstarter-impersonation", "lead-generation-scam", "link-shortener", "loan-scam", "logistics-sector", "malicious-platform", "malicious-redirect", "malvertising", "malware-distribution", "malware-hosting", "mexico", "microsoft-onedrive-impersonation", "monetization", "nebula-x", "new-domain", "newly-registered-domain", "non-delivery", "olx-romania", "otp-harvesting", "package-delivery-scam", "payment-scam", "paypal-scam", "personal-information-collection", "phishing", "phishing-hosting", "phishing-infrastructure", "phishing-site", "pii-harvesting", "pirated-software", "political-outreach", "powershell", "privacy-violation", "pup", "questionnaire-scam", "redirect-cloaking", "redirect-service", "reliance-industries", "retail-sector", "roblox", "roblox-impersonation", "scam", "scam-operation", "scam-site", "security-bypass", "social-engineering", "software-bundling", "spam-campaign", "spam-promotion", "supermetrics-impersonation", "survey-scam", "suspicious-platform", "suspicious-redirects", "texas-dmv-impersonation", "tiktok-impersonation", "tld-squatting", "toll-scam", "typosquatting", "unofficial-software-source", "unscanned-files", "unwanted-software-distribution", "upfront-fee-scam", "urlert", "usdt", "vpn-scam", "wells-fargo", "withdrawal-scam", "womens-fashion" ], "references": [ "https://urlert.com/domain/82jh.com", "https://urlert.com/domain/alend.ng", "https://urlert.com/domain/artinm.com", "https://urlert.com/domain/bit.ly", "https://urlert.com/domain/com-onlinebanking.com", "https://urlert.com/domain/crashradar.info", "https://urlert.com/domain/dlhfs.cc", "https://urlert.com/domain/dmaqld.cyou", "https://urlert.com/domain/effectivegatecpm.com", "https://urlert.com/domain/eph.cc", "https://urlert.com/domain/eurogogogo.com", "https://urlert.com/domain/getcampa-cola.com", "https://urlert.com/domain/geudi.cn", "https://urlert.com/domain/ghostsecureweb.com", "https://urlert.com/domain/gls-gropp.com", "https://urlert.com/domain/google.com", "https://urlert.com/domain/gsmgermany.com", "https://urlert.com/domain/host2shark.com", "https://urlert.com/domain/id1754794.click", "https://urlert.com/domain/ie-i.link" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Automotive", "Energy", "Financial Services", "Government", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 35, "URL": 29, "hostname": 8 }, "indicator_count": 72, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "49 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b36339c53dff9ed283977b", "name": "URLert Daily Threat Intel \u2014 2026-03-13", "description": "URLert Daily Threat Intel \u2014 2026-03-13\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 53 | Indicators: 95\nConfirmed: 11 | Likely: 34 | Domain intel: 8\nTop threats: Phishing (46), Unknown (3), Malware Hosting (3), Malvertising (1)\nDomains: 82jh.com, alend.ng, artinm.com, bit.ly, com-onlinebanking.com, crashradar.info, dlhfs.cc, dmaqld.cyou, effectivegatecpm.com, eph.cc, eurogogogo.com, getcampa-cola.com, geudi.cn, ghostsecur...\n\n53 unique threats producing 95 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-04-11T23:36:09.493000", "created": "2026-03-13T01:07:05.261000", "tags": [ "account-takeover", "atacadao-impersonation", "automated-scan", "betting-scam", "booking-com", "booking-com-impersonation", "brand-impersonation", "bvn-harvesting", "campa-cola", "child-pornography", "cloaking", "combosquatting", "community-reported-suspicious", "compromised-site", "content-locker", "counterfeit-goods", "cpa-scam", "credential-harvesting", "crypto-drainer", "cryptocurrency", "cryptocurrency-scam", "cybercrime", "daily-threat-intel", "data-harvesting", "deceptive-data-collection", "deceptive-interface", "deceptive-landing-page", "deceptive-practice", "deceptive-urgency", "delivery-notification-scam", "dmv-impersonation", "domain-classification", "e-commerce-fraud", "e-commerce-scam", "ecommerce-scam", "eflow-impersonation", "egypt-post", "fake-giveaway", "fake-human-verification", "fake-investment", "fake-promotion", "file-sharing-site", "financial-fraud", "financial-scam", "financial-service", "financial-services", "financial-services-scam", "financial-theft", "fiverr-impersonation", "fraudulent-platform", "fraudulent-scheme", "free-hosting", "gambling-scam", "google-docs-distribution", "google-login", "government-impersonation", "high-risk-tld", "icloud-bypass", "illegal-activities", "illegal-content", "illicit-content", "impersonation", "insecure-connection", "investment-scam", "israel", "kickstarter-impersonation", "lead-generation-scam", "link-shortener", "loan-scam", "logistics-sector", "malicious-platform", "malicious-redirect", "malvertising", "malware-distribution", "malware-hosting", "mexico", "microsoft-onedrive-impersonation", "monetization", "nebula-x", "new-domain", "newly-registered-domain", "non-delivery", "olx-romania", "otp-harvesting", "package-delivery-scam", "payment-scam", "paypal-scam", "personal-information-collection", "phishing", "phishing-hosting", "phishing-infrastructure", "phishing-site", "pii-harvesting", "pirated-software", "political-outreach", "powershell", "privacy-violation", "pup", "questionnaire-scam", "redirect-cloaking", "redirect-service", "reliance-industries", "retail-sector", "roblox", "roblox-impersonation", "scam", "scam-operation", "scam-site", "security-bypass", "social-engineering", "software-bundling", "spam-campaign", "spam-promotion", "supermetrics-impersonation", "survey-scam", "suspicious-platform", "suspicious-redirects", "texas-dmv-impersonation", "tiktok-impersonation", "tld-squatting", "toll-scam", "typosquatting", "unofficial-software-source", "unscanned-files", "unwanted-software-distribution", "upfront-fee-scam", "urlert", "usdt", "vpn-scam", "wells-fargo", "withdrawal-scam", "womens-fashion" ], "references": [ "https://urlert.com/domain/82jh.com", "https://urlert.com/domain/alend.ng", "https://urlert.com/domain/artinm.com", "https://urlert.com/domain/bit.ly", "https://urlert.com/domain/com-onlinebanking.com", "https://urlert.com/domain/crashradar.info", "https://urlert.com/domain/dlhfs.cc", "https://urlert.com/domain/dmaqld.cyou", "https://urlert.com/domain/effectivegatecpm.com", "https://urlert.com/domain/eph.cc", "https://urlert.com/domain/eurogogogo.com", "https://urlert.com/domain/getcampa-cola.com", "https://urlert.com/domain/geudi.cn", "https://urlert.com/domain/ghostsecureweb.com", "https://urlert.com/domain/gls-gropp.com", "https://urlert.com/domain/google.com", "https://urlert.com/domain/gsmgermany.com", "https://urlert.com/domain/host2shark.com", "https://urlert.com/domain/id1754794.click", "https://urlert.com/domain/ie-i.link" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Automotive", "Energy", "Financial Services", "Government", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 35, "URL": 29, "hostname": 8 }, "indicator_count": 72, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "49 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d738fb4004a64b300ae1ed", "name": "Twitter Feed - urldna_bot - 08-04-2026", "description": "", "modified": "2026-04-09T05:28:27.092000", "created": "2026-04-09T05:28:27.092000", "tags": [], "references": [ "https://x.com/urldna_bot/status/2041667355038585310", "https://x.com/urldna_bot/status/2041697570687222101", "https://x.com/urldna_bot/status/2041727763778842948", "https://x.com/urldna_bot/status/2041757976524980317", "https://x.com/urldna_bot/status/2041788164491129153", "https://x.com/urldna_bot/status/2041818368794075260", "https://x.com/urldna_bot/status/2041848560354836956", "https://x.com/urldna_bot/status/2041878759721025922", "https://x.com/urldna_bot/status/2041908947938951413", "https://x.com/urldna_bot/status/2041939149863727406", "https://x.com/urldna_bot/status/2041969354036687209" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 2, "URL": 11, "hostname": 8 }, "indicator_count": 21, "is_author": false, "is_subscribing": null, "subscriber_count": 1622, "modified_text": "52 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69a7cd027d626e6ed2cc7014", "name": "Malware Filter - Phishing List - 03-03-2026", "description": "", "modified": "2026-03-04T06:11:14.227000", "created": "2026-03-04T06:11:14.227000", "tags": [], "references": [ "https://malware-filter.gitlab.io/malware-filter/phishing-filter-domains.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 231, "domain": 88 }, "indicator_count": 319, "is_author": false, "is_subscribing": null, "subscriber_count": 1623, "modified_text": "88 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://urlert.com/domain/binx.vip", "https://x.com/urldna_bot/status/2041757976524980317", "https://x.com/urldna_bot/status/2041667355038585310", "https://urlert.com/domain/icbcke.help", "https://urlert.com/domain/byh.cc", "https://urlert.com/domain/due-paizq.com", "https://urlert.com/domain/ckq.cc", "https://urlert.com/domain/geudi.cn", "https://urlert.com/domain/kec.az", "https://x.com/urldna_bot/status/2041788164491129153", "https://urlert.com/domain/id1754794.click", "https://urlert.com/domain/atlasquantltd.top", "https://x.com/urldna_bot/status/2041848560354836956", "https://urlert.com/domain/gyweiyd.top", "https://urlert.com/domain/dpd-fluxera.click", "https://x.com/urldna_bot/status/2041969354036687209", "https://urlert.com/domain/com-onlinebanking.com", "https://urlert.com/domain/artinm.com", "https://urlert.com/domain/dpd-velnora.cc", "https://urlert.com/domain/clicksswitch.com", "https://urlert.com/domain/cloud01y.cfd", "https://urlert.com/domain/effectivegatecpm.com", "https://urlert.com/domain/kindearnings.com", "https://x.com/urldna_bot/status/2041727763778842948", "https://urlert.com/domain/bit.ly", "https://urlert.com/domain/epicglobalevent.world", "https://urlert.com/domain/eurogogogo.com", "https://urlert.com/domain/brcok.com", "https://urlert.com/domain/host2shark.com", "https://urlert.com/domain/dlhfs.cc", "https://urlert.com/domain/ctermalls.com", "https://malware-filter.gitlab.io/malware-filter/phishing-filter-domains.txt", "https://urlert.com/domain/authtickets.online", "https://urlert.com/domain/bitponix.com", "https://urlert.com/domain/fi1gqzft.sbs", "https://urlert.com/domain/com.de", "https://urlert.com/domain/govrtci.help", "https://urlert.com/domain/cottabase.com", "https://urlert.com/domain/dmaqld.cyou", "https://urlert.com/domain/dmca-alert.report", "https://urlert.com/domain/gov-urffs.help", "https://urlert.com/domain/comisionessinparar.com", "https://urlert.com/domain/82jh.com", "https://urlert.com/domain/giveawaybot.cc", "https://urlert.com/domain/kksapp.org", "https://urlert.com/domain/google.com", "https://urlert.com/domain/correos-seguimiento.site", "https://urlert.com/domain/azurestaticapps.net", "https://urlert.com/domain/av4me.bond", "https://urlert.com/domain/centrestcafe.com", "https://urlert.com/domain/espace-sante-ameli.com", "https://urlert.com/domain/gtoweriien.cfd", "https://urlert.com/domain/gsmgermany.com", "https://x.com/urldna_bot/status/2041818368794075260", "https://urlert.com/domain/ie-i.link", "https://urlert.com/domain/asarcoamericansmeltingandrefitnxningcompany.vu", "https://urlert.com/domain/canva.com", "https://urlert.com/domain/heizoaw3.com", "https://urlert.com/domain/deltaexploits.gg", "https://x.com/urldna_bot/status/2041939149863727406", "https://urlert.com/domain/kuiu-outletsb.shop", "https://urlert.com/domain/httpss-www-roblox.co", "https://x.com/urldna_bot/status/2041878759721025922", "https://x.com/urldna_bot/status/2041908947938951413", "https://urlert.com/domain/com-emi.life", "https://urlert.com/domain/ghostsecureweb.com", "https://urlert.com/domain/getcampa-cola.com", "https://urlert.com/domain/alend.ng", "https://urlert.com/domain/csiae.com", "https://urlert.com/domain/ln.run", "https://urlert.com/domain/garmins.gr", "https://urlert.com/domain/hermes-maketting.com", "https://urlert.com/domain/crashradar.info", "https://urlert.com/domain/eph.cc", "https://urlert.com/domain/digitboost.site", "https://urlert.com/domain/getmodsapk.com", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/fitgirl-repacks.site", "https://urlert.com/domain/l19.pics", "https://urlert.com/domain/fnudprime.com", "https://urlert.com/domain/gotstar.net", "https://urlert.com/domain/create-road.my", "https://urlert.com/domain/adagio.tw", "https://urlert.com/domain/fine-cohz.com", "https://x.com/urldna_bot/status/2041697570687222101", "https://urlert.com/domain/gls-gropp.com", "https://urlert.com/domain/cudasvc.com", "https://urlert.com/domain/chamsswitch.com", "https://urlert.com/domain/github.io", "https://urlert.com/domain/lvuuqr.com" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Financial services", "Energy", "Government", "Technology", "Healthcare", "Logistics / supply chain", "Hospitality", "Manufacturing", "Automotive", "Insurance", "Media / entertainment", "Retail / e-commerce" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 16, "pulses": [ { "id": "69c081afa2bd54a9599b7c07", "name": "PhishDestroy \u2014 Active Phishing & Crypto Scam Domains", "description": "Real-time feed of phishing, crypto drainer, and scam domains detected by PhishDestroy (phishdestroy.io). Updated hourly. 108K+ domains tracked, 55K+ currently active. Source: github.com/phishdestroy/destroylist", "modified": "2026-05-24T00:00:03.049000", "created": "2026-03-22T23:56:29.438000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "phishdestroy", "id": "348394", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 93266, "hostname": 57600 }, "indicator_count": 150866, "is_author": false, "is_subscribing": null, "subscriber_count": 99, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69c08867316c564ade394c69", "name": "PhishDestroy \u2014 Content Active Threats (Live)", "description": "Live feed of phishing and crypto scam domains with ACTIVE malicious content from PhishDestroy. These domains are verified to have live phishing/scam pages. Updated hourly. Source: github.com/phishdestroy/destroylist/dns/content_active.json", "modified": "2026-05-21T12:06:19.702000", "created": "2026-03-23T00:25:09.116000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy", "active", "content" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "phishdestroy", "id": "348394", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 132502, "hostname": 66217 }, "indicator_count": 198719, "is_author": false, "is_subscribing": null, "subscriber_count": 44, "modified_text": "9 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e2d7e0d1f4d391499ecdf7", "name": "URLert Daily Threat Intel \u2014 2026-04-18", "description": "URLert Daily Threat Intel \u2014 2026-04-18\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 56 | Indicators: 101\nConfirmed: 20 | Likely: 34 | Domain intel: 2\nTop threats: Phishing (47), Malvertising (3), Dropper (3), Unknown (2), Malware Hosting (1)\nDomains: atlasquantltd.top, authtickets.online, azurestaticapps.net, binx.vip, bitponix.com, bunnyband.com, byh.cc, centrestcafe.com, cloud01y.cfd, com-emi.life, com.de, comisionessinparar.com, cre...\n\n56 unique threats producing 101 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-17T23:19:43.062000", "created": "2026-04-18T01:01:20.545000", "tags": [ "2fa-harvesting", "aggressive-advertising", "android-malware", "automated-scan", "base64-encoded-tracking", "brand-impersonation", "captcha-bypass", "cashea-impersonation", "cloudflare-pages", "colorado-dmv", "credential-harvesting", "crypto-exchange", "cryptocurrency-scam", "cvv-shops", "daily-threat-intel", "dana-impersonation", "data-harvesting", "deception", "deceptive-content", "deceptive-domain", "deceptive-practices", "deceptive-prompt", "deceptive-questionnaire", "deceptive-redirects", "deceptive-scam", "deceptive-tactics", "deceptive-url", "delivery-exception-scam", "document-scam", "domain-classification", "domain-rotation", "dpd-impersonation", "earning-scam", "ecommerce-targeting", "epic-games", "evasion-tactic", "evasion-tactics", "evasion-technique", "fake-business", "fake-giveaway", "fake-login", "fake-notification", "fake-order-page", "fake-registration", "fake-rewards", "fake-security-warning", "fake-testimonials", "financial-fraud", "financial-scam", "financial-sector", "financial-theft", "fiverr", "fiverr-impersonation", "fraudulent-activity", "fraudulent-financial-service", "fraudulent-platform", "fraudulent-service", "giveaway-scam", "government-impersonation", "grayware", "high-risk-fraud", "high-risk-tld", "inaccessible-url", "information-harvesting", "information-stealing", "instagram-impersonation", "investment-scam", "invite-code-scheme", "login-page", "logistics-sector", "malicious-infrastructure", "malicious-redirect", "malicious-redirection", "malware", "malware-delivery", "malware-distribution", "mobile-data-scam", "modded-apks", "monetized-url-shortener", "nebula-x", "netlify-abuse", "new-domain", "new-phishing-infrastructure", "newly-registered-domain", "obfuscated-url", "password-reset-scam", "personal-information-harvesting", "personal-information-theft", "phishing", "phishing-document", "phishing-gate", "phishing-site", "pii-collection", "platform-abuse", "playstation-id-theft", "ponzi-scheme", "portuguese", "quantitative-trading", "rdp-access", "redirect-chain", "redirect-service", "redirector", "referral-scam", "registration-page", "retail-scam", "roblox-impersonation", "scam", "scam-site", "scam-website", "shufersal", "smishing", "social-engineering", "social-media-scam", "social-proof-manipulation", "spyware", "steam", "stolen-data", "suspicious-domain", "suspicious-monetization", "targeted-phishing", "task-scam", "telegram-phishing", "ticketmaster-impersonation", "tiendas-d1", "tm-pick-n-pay", "traffic-distribution-system", "typosquatting", "unwanted-software", "url-shortener", "urlert", "usps-impersonation" ], "references": [ "https://urlert.com/domain/atlasquantltd.top", "https://urlert.com/domain/authtickets.online", "https://urlert.com/domain/azurestaticapps.net", "https://urlert.com/domain/binx.vip", "https://urlert.com/domain/bitponix.com", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/byh.cc", "https://urlert.com/domain/centrestcafe.com", "https://urlert.com/domain/cloud01y.cfd", "https://urlert.com/domain/com-emi.life", "https://urlert.com/domain/com.de", "https://urlert.com/domain/comisionessinparar.com", "https://urlert.com/domain/create-road.my", "https://urlert.com/domain/cudasvc.com", "https://urlert.com/domain/dpd-fluxera.click", "https://urlert.com/domain/dpd-velnora.cc", "https://urlert.com/domain/epicglobalevent.world", "https://urlert.com/domain/espace-sante-ameli.com", "https://urlert.com/domain/fine-cohz.com", "https://urlert.com/domain/getmodsapk.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Government", "Healthcare", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 27, "hostname": 11, "URL": 33 }, "indicator_count": 71, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83cb0ce73bef5c452bfb0", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:29:04.332000", "created": "2026-05-04T06:29:04.332000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83caf1bef3609f0eb79e2", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:29:03.120000", "created": "2026-05-04T06:29:03.120000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83cac7d6c947de6c080f9", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:29:00.417000", "created": "2026-05-04T06:29:00.417000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83cab9769e92b3285a2b4", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:28:59.770000", "created": "2026-05-04T06:28:59.770000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83cab7e03b19c5f1078e3", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:28:59.113000", "created": "2026-05-04T06:28:59.113000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83ca9411c8ab5d294a7e2", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:28:57.479000", "created": "2026-05-04T06:28:57.479000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83ca77d6c947de6c080f8", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:28:55.093000", "created": "2026-05-04T06:28:55.093000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "27 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "robiox.com.gr", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "robiox.com.gr", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780224559.5932503 }