{
  "type": "Domain",
  "indicator": "wpclick.cc",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/wpclick.cc",
    "alexa": "http://www.alexa.com/siteinfo/wpclick.cc",
    "indicator": "wpclick.cc",
    "type": "domain",
    "type_title": "Domain",
    "validation": [],
    "base_indicator": {
      "id": 4077791002,
      "indicator": "wpclick.cc",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 7,
      "pulses": [
        {
          "id": "653e8484ba7c285929cb5e0d",
          "name": "CERT.PL list of malicious domains",
          "description": "See: https://cert.pl/en/warning-list/\n\n(archived version here: https://web.archive.org/web/20231029161224/https://cert.pl/en/posts/2020/03/malicious_domains/)",
          "modified": "2026-05-30T07:58:43.913000",
          "created": "2023-10-29T16:12:52.580000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "Poland"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 169181,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "tomtomalien",
            "id": "258713",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_258713/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 156498,
            "domain": 371707
          },
          "indicator_count": 528205,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 474,
          "modified_text": "1 day ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69dee3140bd99e9baf014779",
          "name": "URLert Daily Threat Intel \u2014 2026-04-15",
          "description": "URLert Daily Threat Intel \u2014 2026-04-15\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 67 | Indicators: 121\nConfirmed: 20 | Likely: 43 | Domain intel: 4\nTop threats: Phishing (55), Malware Hosting (6), Dropper (3), Unknown (2), Malvertising (1)\nDomains: 0nlyfans.es, acccat.com, aceimg.com, alert-micro.com, allwatch.id, apidoge.com, asusnext.us, belladobe.com, bunnyband.com, carziqo.net, clearentry.pro, cloudnext.pro, cs2challengemode.com,...\n\n67 unique threats producing 121 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-15T00:53:50.005000",
          "created": "2026-04-15T01:00:04.655000",
          "tags": [
            "5eplay",
            "account-recovery-scam",
            "adult-content-lure",
            "affiliate-fraud",
            "aggressive-advertising",
            "aliexpress-impersonation",
            "allegro-impersonation",
            "apk-distribution",
            "automated-scan",
            "banking-credentials",
            "betting-scam",
            "brand-impersonation",
            "cfd-trading",
            "clickbait",
            "combosquatting",
            "credential-harvesting",
            "credit-card-harvesting",
            "credit-card-theft",
            "crypto-gambling",
            "cryptocurrency",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "dao-impersonation",
            "data-harvesting",
            "dating-scam",
            "deceptive-advertising",
            "deceptive-downloads",
            "deceptive-landing-page",
            "deceptive-marketing",
            "deceptive-redirect",
            "deceptive-redirects",
            "deceptive-scam",
            "deceptive-tactics",
            "delivery-scam",
            "document-sharing-phishing",
            "domain-classification",
            "ecommerce-scam",
            "elon-musk",
            "email-lookup",
            "email-redirect",
            "employment-scam",
            "esports-platform-impersonation",
            "explicit-content",
            "fake-app-store",
            "fake-mining",
            "fake-news",
            "fake-profiles",
            "fake-toll-notice",
            "fake-tracking",
            "file-distribution",
            "file-hosting",
            "financial-deception",
            "financial-fraud",
            "financial-phishing",
            "financial-scam",
            "fiverr",
            "fiverr-impersonation",
            "forex-trading",
            "fraudulent-investment",
            "fraudulent-platform",
            "fraudulent-website",
            "free-hosting-abuse",
            "freelancer-targeting",
            "game-scam",
            "gaming",
            "get-rich-quick",
            "gibberish-domain",
            "gift-card-scam",
            "google-impersonation",
            "government-impersonation",
            "h-and-m",
            "hetzner-hosting",
            "high-risk-tld",
            "hospitality-targeting",
            "income-scheme",
            "information-harvesting",
            "infostealer-logs",
            "investment-scam",
            "irish-government",
            "lead-generation",
            "link-shortener",
            "live-sports-streaming",
            "malicious-file-hosting",
            "malicious-redirection",
            "malware-distribution",
            "malware-hosting",
            "mexc-impersonation",
            "movie-download-scam",
            "mtn-impersonation",
            "mygovid",
            "new-domain",
            "newly-observed-domain",
            "newly-registered-domain",
            "online-banking",
            "online-gaming",
            "outlook-safelink",
            "payload-delivery",
            "payment-scam",
            "pentavida",
            "personal-information-collection",
            "phishing",
            "phishing-campaign",
            "phishing-infrastructure",
            "phishing-scam",
            "phishing-site",
            "phone-number-harvesting",
            "pig-butchering-scam",
            "ponzi-scheme",
            "privacy-risk",
            "pyramid-scheme",
            "raw-binary-serving",
            "redirect",
            "redirect-chain",
            "scam",
            "scam-allegations",
            "scam-landing-page",
            "seo-poisoning",
            "social-engineering",
            "social-media-scam",
            "software-piracy-scam",
            "spam",
            "spotahome",
            "spotify",
            "steam-credentials",
            "survey-scam",
            "suspicious-domain",
            "suspicious-infrastructure",
            "targeted-phishing",
            "task-based-earning-scam",
            "task-scam",
            "team-visma-lease-a-bike",
            "throwaway-domain",
            "trading-platform",
            "typosquatting",
            "unsolicited-messages",
            "unvetted-content",
            "urlert",
            "username-harvesting",
            "username-password-collection",
            "voucher-scam",
            "wallet-draining",
            "wanda-cinemas",
            "whatsapp-group-scam",
            "whatsapp-lure",
            "withdrawal-scam",
            "x-twitter"
          ],
          "references": [
            "https://urlert.com/domain/0nlyfans.es",
            "https://urlert.com/domain/acccat.com",
            "https://urlert.com/domain/aceimg.com",
            "https://urlert.com/domain/alert-micro.com",
            "https://urlert.com/domain/allwatch.id",
            "https://urlert.com/domain/apidoge.com",
            "https://urlert.com/domain/asusnext.us",
            "https://urlert.com/domain/belladobe.com",
            "https://urlert.com/domain/bunnyband.com",
            "https://urlert.com/domain/carziqo.net",
            "https://urlert.com/domain/clearentry.pro",
            "https://urlert.com/domain/cloudnext.pro",
            "https://urlert.com/domain/cs2challengemode.com",
            "https://urlert.com/domain/ct.ws",
            "https://urlert.com/domain/dao-kd.com",
            "https://urlert.com/domain/demoteam.ch",
            "https://urlert.com/domain/es-long-rent-apartments-4567885553.homes",
            "https://urlert.com/domain/freefunhere.com",
            "https://urlert.com/domain/geeduu.com",
            "https://urlert.com/domain/getmysocial.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Automotive",
            "Financial Services",
            "Government",
            "Hospitality",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Real Estate",
            "Retail / E-Commerce",
            "Technology",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 42,
            "hostname": 13,
            "URL": 43
          },
          "indicator_count": 98,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "16 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d5a89569e0095158da2a9c",
          "name": "URLert Daily Threat Intel \u2014 2026-04-08",
          "description": "URLert Daily Threat Intel \u2014 2026-04-08\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 139 | Indicators: 264\nConfirmed: 43 | Likely: 94 | Domain intel: 2\nTop threats: Phishing (109), Malvertising (9), Unknown (8), Malware Hosting (7), Dropper (5)\nDomains: 472hico.lat, acccat.com, aipixelss.com, allerides.shop, alpiyd.help, ankergames.net, authpadi.com, awstrack.me, besowin.com, beyondclosetstore.com, bfhix.buzz, blogspot.com, bookscloud.net...\n\n139 unique threats producing 264 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-07T23:19:25.182000",
          "created": "2026-04-08T01:00:05.017000",
          "tags": [
            "2fa-bypass",
            "4-72",
            "4-72-impersonation",
            "abuse-hosting",
            "account-checker",
            "account-reactivation",
            "activity-viewer",
            "adac",
            "adult-affiliate",
            "adult-scam",
            "affiliate-network",
            "aggressive-advertising",
            "ai-platform-abuse",
            "an-post",
            "android-malware",
            "anti-analysis",
            "apk-download",
            "apk-malware",
            "app-update-lure",
            "automated-scan",
            "automatic-download",
            "blank-landing-page",
            "blogspot",
            "booking-com",
            "booking-com-impersonation",
            "bpi-impersonation",
            "brand-impersonation",
            "browser-extension",
            "california-dmv",
            "california-government-impersonation",
            "celebrity-impersonation",
            "cloaking",
            "cloudflare-impersonation",
            "colombia",
            "combosquatting",
            "command-and-control-communication",
            "compromised-site",
            "content-gating",
            "content-locker-scam",
            "cracking",
            "credential-harvesting",
            "crypto-casino",
            "cryptocurrency-phishing",
            "cryptocurrency-scam",
            "cybercrime-tools",
            "daily-threat-intel",
            "dating-scam",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-download",
            "deceptive-lure",
            "deceptive-overlay",
            "deceptive-practices",
            "deceptive-redirect",
            "deceptive-redirects",
            "deceptive-registration",
            "deceptive-tactics",
            "delivery-scam",
            "detection-evasion",
            "developer-tool-evasion",
            "dhl",
            "dhl-impersonation",
            "discord",
            "discord-bot-users",
            "disposable-infrastructure",
            "domain-classification",
            "download-link",
            "dpd",
            "dpd-impersonation",
            "dpd-local",
            "e-commerce-scam",
            "evasion",
            "evasion-technique",
            "evasion-techniques",
            "evasive-technique",
            "evasive-techniques",
            "facebook-impersonation",
            "fake-account-creation",
            "fake-cloudflare-challenge",
            "fake-domain",
            "fake-government-service",
            "fake-login-portal",
            "fake-payment",
            "fake-paywall",
            "fake-questionnaire",
            "fake-security-challenge",
            "fake-security-verification",
            "fake-service",
            "fake-toll-charge",
            "fake-toll-scam",
            "fake-voucher",
            "financial-harvesting",
            "financial-loss",
            "financial-theft",
            "fiverr",
            "fiverr-impersonation",
            "fortnite-impersonation",
            "fraudulent-activity",
            "fraudulent-gambling",
            "fraudulent-investment-platform",
            "fraudulent-platform",
            "fraudulent-store",
            "gambling-scam",
            "gamers",
            "generic-login-form",
            "georgia-dds",
            "germany",
            "gibberish-domain",
            "gmail-impersonation",
            "google",
            "government-impersonation",
            "grabify-logging",
            "grayware",
            "hamilton-fraser",
            "high-pressure-sales",
            "high-risk-subdomain",
            "high-risk-tld",
            "hookup-scam",
            "hr-block-impersonation",
            "identity-verification",
            "impersonation-scam",
            "inactive-infrastructure",
            "information-harvesting",
            "instagram",
            "invalid-certificate",
            "investment-scam",
            "invitation-code-required",
            "invite-code",
            "israel-post-impersonation",
            "javascript-delivery",
            "keyword-stuffing",
            "lead-generation",
            "link-shortener",
            "logistics",
            "logistics-impersonation",
            "logistics-scam",
            "logistics-sector",
            "lookalike-domain",
            "low-reputation-domain",
            "malicious-advertising-network",
            "malicious-extensions",
            "malicious-infrastructure",
            "malicious-redirection",
            "malicious-redirects",
            "malicious-site",
            "malvertising",
            "malware-bundling",
            "malware-delivery",
            "malware-distribution",
            "mercadopago",
            "microsoft-impersonation",
            "microsoft-sharepoint-impersonation",
            "misleading-ui",
            "mobile-phishing",
            "modded-applications",
            "monetized-url-shortener",
            "netlify-abuse",
            "nevada-dmv",
            "new-domain",
            "newly-registered-domain",
            "non-legitimate-site",
            "online-casino",
            "passport-data-theft",
            "payment-card-theft",
            "payment-harvesting",
            "payment-information-harvesting",
            "payment-information-theft",
            "payment-scam",
            "payroll-scam",
            "personal-information-harvesting",
            "phishing",
            "phishing-lure",
            "phishing-page",
            "phishing-site",
            "pig-butchering-scam",
            "pii-collection",
            "pirated-software",
            "ponzi-scheme",
            "pop-unders",
            "posta-kenya-impersonation",
            "potentially-malicious-domain",
            "privacy-risk",
            "profile-visitor-tracking",
            "pua",
            "random-subdomain",
            "recent-domain",
            "redirect-chain",
            "redirector",
            "refund-service",
            "retail-scam",
            "retail-sector",
            "roblox",
            "roblox-accounts",
            "roblox-impersonation",
            "scam",
            "scam-distribution",
            "scam-gateway",
            "scam-infrastructure",
            "scam-site",
            "scam-website",
            "script-hosting",
            "security-bypass",
            "seo-spam",
            "serviceontario",
            "shipping-protection-scam",
            "sms-verification-bypass",
            "social-engineering",
            "social-media-scam",
            "software-piracy",
            "spam-infrastructure",
            "spyware",
            "steam",
            "student-targeting",
            "surveillance-tools",
            "survey-scam",
            "suspicious-domain",
            "suspicious-file-type",
            "suspicious-pricing",
            "suspicious-subdomain",
            "template-based-storefront",
            "tiktok-impersonation",
            "tiktok-shop",
            "toll-charge",
            "toll-scam",
            "tracking",
            "traffic-citations",
            "traffic-direction-system",
            "traffic-distribution-system",
            "traffic-diversion",
            "traffic-redirection",
            "travel-scam",
            "travel-sector",
            "trojan",
            "trojanized-app",
            "twitter-impersonation",
            "txdmv",
            "txdmv-impersonation",
            "typosquatting",
            "uk-eta-visa",
            "unauthorized-tracking",
            "unofficial-app-distribution",
            "unreachable",
            "unverified-software-download",
            "unwanted-content",
            "unwanted-programs",
            "unwanted-software",
            "url-redirect",
            "url-redirector",
            "url-shortener",
            "urlert",
            "usdt",
            "usps",
            "vbucks-scam",
            "webcam-capture",
            "webcam360",
            "weebly-abuse",
            "wetransfer",
            "wetransfer-impersonation",
            "whatsapp-impersonation",
            "wisconsin-dot",
            "withdrawal-scam"
          ],
          "references": [
            "https://urlert.com/domain/472hico.lat",
            "https://urlert.com/domain/acccat.com",
            "https://urlert.com/domain/aipixelss.com",
            "https://urlert.com/domain/allerides.shop",
            "https://urlert.com/domain/alpiyd.help",
            "https://urlert.com/domain/ankergames.net",
            "https://urlert.com/domain/authpadi.com",
            "https://urlert.com/domain/awstrack.me",
            "https://urlert.com/domain/besowin.com",
            "https://urlert.com/domain/beyondclosetstore.com",
            "https://urlert.com/domain/bfhix.buzz",
            "https://urlert.com/domain/blogspot.com",
            "https://urlert.com/domain/bookscloud.net",
            "https://urlert.com/domain/boxstatusr.cfd",
            "https://urlert.com/domain/bpidirecto.top",
            "https://urlert.com/domain/bringitonmsg.com",
            "https://urlert.com/domain/ca-pagel.cyou",
            "https://urlert.com/domain/ca-pagel.icu",
            "https://urlert.com/domain/ca-pagel.sbs",
            "https://urlert.com/domain/ca-pages.biz.id"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Automotive",
            "Education",
            "Financial Services",
            "Government",
            "Hospitality",
            "Insurance",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 78,
            "URL": 80,
            "hostname": 42
          },
          "indicator_count": 200,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 33,
          "modified_text": "23 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d1b41832db3e0db5b36117",
          "name": "URLert Daily Threat Intel \u2014 2026-04-05",
          "description": "URLert Daily Threat Intel \u2014 2026-04-05\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 85 | Indicators: 175\nConfirmed: 27 | Likely: 51 | Domain intel: 7\nTop threats: Phishing (74), Malware Hosting (7), Malvertising (3), Dropper (1)\nDomains: 364829.xin, aiciinromania.com, aixldc10.shop, alert-micro.com, amazonv8.com, b2wditxn.cc, backmart.cyou, baremineralsstore.com, bfhix.buzz, bibtly.cc, bolt.host, boxpoint.cfd, bybusdt.cc, ...\n\n85 unique threats producing 175 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-04T23:09:18.301000",
          "created": "2026-04-05T01:00:08.578000",
          "tags": [
            ".cyou-tld",
            "account-hijacking",
            "account-scam",
            "account-takeover",
            "adult-content-lure",
            "advance-fee-scam",
            "aggressive-advertising",
            "agoda-impersonation",
            "amazon-impersonation",
            "android-malware",
            "apple-app-store",
            "apple-impersonation",
            "application-download",
            "asset-theft",
            "automated-scan",
            "brand-impersonation",
            "brand-in-subdomain",
            "browser-extension-malware",
            "canon-cameras",
            "cloudflare-obfuscation",
            "colombia-targeting",
            "colorado-department-of-revenue",
            "combosquatting",
            "compromised-site",
            "counterfeit-goods",
            "counterfeit-watches",
            "cracked-games",
            "credential-harvesting",
            "credential-sharing",
            "credit-card-harvesting",
            "crypto-scam",
            "cryptocurrency",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-harvesting",
            "deceptive-ads",
            "deceptive-advertising",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-ecommerce",
            "deceptive-lead-generation",
            "deceptive-marketing",
            "deceptive-practices",
            "deceptive-redirect",
            "deceptive-redirect-chain",
            "deceptive-redirects",
            "deceptive-site",
            "deceptive-tactics",
            "deceptive-trust-indicators",
            "deepfake-generation",
            "delivery-scam",
            "discord-account-theft",
            "disposable-infrastructure",
            "dmv-impersonation",
            "domain-classification",
            "download-button",
            "dpd",
            "dpd-impersonation",
            "e-commerce-scam",
            "easter-egg-hunt-scam",
            "edeka",
            "enterprise-certificate-trust",
            "epic-games",
            "evasive-maneuvers",
            "fake-app-store",
            "fake-credit-generator",
            "fake-discount",
            "fake-giveaway",
            "fake-government-site",
            "fake-platform",
            "fake-rewards",
            "fake-security-check",
            "fake-transactions",
            "fake-virus-warning",
            "financial-scam",
            "fortnite",
            "fraudulent-activity",
            "fraudulent-gambling",
            "fraudulent-network",
            "fraudulent-portal",
            "fraudulent-pricing",
            "fraudulent-store",
            "fraudulent-webshop",
            "fund-harvesting",
            "game-lure",
            "game-modding",
            "game-reward-scam",
            "gaming",
            "gaming-scam",
            "gibberish-domain",
            "gmail-impersonation",
            "government-impersonation",
            "grayware",
            "high-risk-domain",
            "high-risk-domain-extension",
            "high-risk-tld",
            "ibm",
            "identity-theft",
            "illegal-content-lure",
            "investment-scam",
            "jbl",
            "job-scam",
            "keylogger",
            "ledger",
            "ledger-impersonation",
            "lidl-impersonation",
            "logged-tg",
            "malicious-code-execution",
            "malicious-infrastructure",
            "malicious-redirect",
            "malicious-redirector",
            "malicious-script",
            "malvertising",
            "malware-distribution",
            "malware-hosting",
            "malware-vector",
            "mercado-pago-impersonation",
            "mercadopago",
            "microsoft-impersonation",
            "mobile-malware",
            "modded-apk",
            "new-domain",
            "newly-registered",
            "newly-registered-domain",
            "non-consensual-imagery",
            "olx-impersonation",
            "online-earning-scheme",
            "onlyfans-impersonation",
            "password-stealing",
            "payment-harvesting",
            "payment-information-theft",
            "payment-portal-impersonation",
            "personal-information-collection",
            "personal-information-gathering",
            "personal-information-theft",
            "phishing",
            "phishing-infrastructure",
            "phishing-kit",
            "phishing-page",
            "phishing-site",
            "pirated-software",
            "pop-up-scam",
            "privacy-risk",
            "prize-scam",
            "redirect-chain",
            "redirect-cloaking",
            "redirector",
            "retail-e-commerce",
            "retail-impersonation",
            "retail-scam",
            "roblox",
            "roblox-impersonation",
            "roblox-users",
            "scam",
            "scam-distribution",
            "scam-link-generation",
            "scam-site",
            "scam-store",
            "security-bypass",
            "serviceontario-impersonation",
            "sexually-explicit-content",
            "shared-account-directory",
            "shipping-fee-scam",
            "shopify-subdomain",
            "sixt",
            "social-engineering",
            "social-media-scam",
            "solana",
            "steam",
            "steam-credential-phishing",
            "sumup-impersonation",
            "suspicious-domain",
            "sviluppo-host",
            "tantis-pl-impersonation",
            "tech-support-scam",
            "telegram-bot",
            "telegram-impersonation",
            "tracking-domains",
            "travel-booking",
            "trojan",
            "twitter",
            "typosquatting",
            "unauthorized-software",
            "unauthorized-software-distribution",
            "unofficial-app-distribution",
            "unrealistic-pricing",
            "unwanted-software",
            "unwanted-subscriptions",
            "urlert",
            "usdt-scam",
            "wallet-drainer",
            "walmart-impersonation",
            "withdrawal-theft",
            "young-domain",
            "youtube"
          ],
          "references": [
            "https://urlert.com/domain/364829.xin",
            "https://urlert.com/domain/aiciinromania.com",
            "https://urlert.com/domain/aixldc10.shop",
            "https://urlert.com/domain/alert-micro.com",
            "https://urlert.com/domain/amazonv8.com",
            "https://urlert.com/domain/b2wditxn.cc",
            "https://urlert.com/domain/backmart.cyou",
            "https://urlert.com/domain/baremineralsstore.com",
            "https://urlert.com/domain/bfhix.buzz",
            "https://urlert.com/domain/bibtly.cc",
            "https://urlert.com/domain/bolt.host",
            "https://urlert.com/domain/boxpoint.cfd",
            "https://urlert.com/domain/bybusdt.cc",
            "https://urlert.com/domain/cgebq.buzz",
            "https://urlert.com/domain/cloudfront.net",
            "https://urlert.com/domain/courierdesk.cfd",
            "https://urlert.com/domain/d9s3x4.com",
            "https://urlert.com/domain/dailed.gg",
            "https://urlert.com/domain/effectivegatecpm.com",
            "https://urlert.com/domain/ffs8.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Automotive",
            "Financial Services",
            "Government",
            "Hospitality",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 61,
            "URL": 55,
            "hostname": 24
          },
          "indicator_count": 140,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 32,
          "modified_text": "26 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d06294c6426930704edb6f",
          "name": "URLert Daily Threat Intel \u2014 2026-04-04",
          "description": "URLert Daily Threat Intel \u2014 2026-04-04\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 170 | Indicators: 326\nConfirmed: 46 | Likely: 120 | Domain intel: 4\nTop threats: Phishing (154), Malware Hosting (10), Dropper (4), Malvertising (1), Unknown (1)\nDomains: 690914.help, acers.net, afflat3a1.com, amendes-justice-gov.co, an1.com, as-isr.top, as-jes.top, as-jeu.top, as-vse.top, aviroohome.com, axiomvelox.online, b-cdn.net, bit.ly, booking-page82...\n\n170 unique threats producing 326 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-04T00:19:44.565000",
          "created": "2026-04-04T01:00:04.991000",
          "tags": [
            "abuse-cdn",
            "abused-platform",
            "account-recovery-scam",
            "adult-content",
            "adult-content-lure",
            "adult-scam",
            "advance-fees",
            "affiliate-marketing-scam",
            "allegro",
            "android-apk",
            "android-malware",
            "apk-distribution",
            "apk-malware",
            "automated-scan",
            "bank-impersonation",
            "banking-scam",
            "bookmarklet",
            "bookmarklet-malware",
            "brand-impersonation",
            "bypass-filters",
            "checkout-forms",
            "cloaking",
            "cloudflare-impersonation",
            "combosquatting",
            "compromised-site",
            "content-locker",
            "counterfeit-goods",
            "cracked-games",
            "credential-harvesting",
            "credit-monitoring-scam",
            "crypto-scam",
            "crypto-theft",
            "cryptocurrency",
            "cryptocurrency-scam",
            "cryptocurrency-theft",
            "daily-threat-intel",
            "dao",
            "dao-impersonation",
            "data-harvesting",
            "dating-site-scam",
            "ddb",
            "deception",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-downloads",
            "deceptive-facade",
            "deceptive-interface",
            "deceptive-label",
            "deceptive-login",
            "deceptive-practices",
            "deceptive-pricing",
            "deceptive-site",
            "delivery-exception-scam",
            "delivery-scam",
            "delivery-service-impersonation",
            "delivery-service-scam",
            "denmark",
            "direct-download",
            "discord",
            "discord-credential-harvesting",
            "discord-impersonation",
            "dmv-impersonation",
            "domain-classification",
            "dpd",
            "dpd-impersonation",
            "e-commerce-scam",
            "easter-egg-hunt-scam",
            "easter-scam",
            "education-sector",
            "efax-impersonation",
            "electronics-scam",
            "evasion-technique",
            "facebook-impersonation",
            "fake-app-install",
            "fake-checkout",
            "fake-countdown-timer",
            "fake-deletion-scam",
            "fake-discounts",
            "fake-domain",
            "fake-ecommerce",
            "fake-endorsements",
            "fake-feature",
            "fake-game",
            "fake-giveaway",
            "fake-investment-platform",
            "fake-login",
            "fake-login-page",
            "fake-online-store",
            "fake-parking-fee",
            "fake-parking-penalty",
            "fake-payment",
            "fake-refund",
            "fake-rewards",
            "fake-shopping-site",
            "fake-timer",
            "fake-toll",
            "fake-toll-notice",
            "fake-toll-payment",
            "fake-toll-scam",
            "fake-urgency",
            "fake-verification",
            "fake-warning",
            "fake-website",
            "financial-fraud",
            "financial-information-theft",
            "financial-scam",
            "form-builder-abuse",
            "fraudulent-e-commerce",
            "fraudulent-ecommerce",
            "fraudulent-operation",
            "fraudulent-platform",
            "fraudulent-reward-schemes",
            "fraudulent-website",
            "free-hosting",
            "gambling-scam",
            "game-impersonation",
            "game-mods",
            "gaming",
            "giveaway-scam",
            "google-credentials",
            "google-drive-impersonation",
            "google-impersonation",
            "government-impersonation",
            "government-services",
            "high-risk-domain",
            "high-risk-hosting",
            "high-risk-tld",
            "human-verification",
            "hungarian-fishing-brand",
            "icloud-bypass",
            "information-gathering",
            "investment-scam",
            "iowa-dot",
            "job-scam",
            "link-shortening-scam",
            "login-page",
            "logistics-scam",
            "logistics-sector",
            "lookalike-domain",
            "lure",
            "malicious-redirect",
            "malicious-redirection",
            "malicious-redirects",
            "malvertising",
            "malware-delivery",
            "malware-distribution",
            "malware-download",
            "malware-hosting",
            "malware-vector",
            "medi-markt",
            "media-markt",
            "media-markt-impersonation",
            "mediamarkt",
            "mediemarkt",
            "mercado-pago-impersonation",
            "microsoft-365",
            "microsoft-office365-impersonation",
            "migros",
            "mobile-data-scam",
            "mobile-malware",
            "mod-apps",
            "modded-apps",
            "modified-apk",
            "modified-apps",
            "morocco",
            "ncdot-impersonation",
            "netherlands",
            "new-domain",
            "new-york-dmv",
            "newly-registered-domain",
            "nike",
            "north-carolina-dmv",
            "notification-hijacking",
            "offer-wall",
            "office365",
            "online-purchase-scams",
            "online-store-scam",
            "ontario",
            "oxo-impersonation",
            "package-delivery-scam",
            "parking-penalty-scam",
            "payload-delivery",
            "payment-harvesting",
            "payment-information-harvesting",
            "payment-information-theft",
            "personal-data-harvesting",
            "personal-information-harvesting",
            "personal-information-theft",
            "pertemps",
            "phishing",
            "phishing-campaign",
            "phishing-kit",
            "phishing-lure",
            "phishing-page",
            "phishing-scam",
            "phishing-scheme",
            "phishing-site",
            "pii-collection",
            "piracy",
            "pirated-software",
            "pirated-software-malware",
            "powerschool",
            "powershell-execution",
            "privacy-risk",
            "prize-scam",
            "product-scam",
            "random-domain",
            "recent-domain",
            "recruitment-fraud",
            "recruitment-scam",
            "redirect-chain",
            "redirection",
            "retail-ecommerce",
            "retail-fraud",
            "retail-impersonation",
            "retail-scam",
            "roblox",
            "roblox-impersonation",
            "rvo-nl",
            "scam",
            "scam-tactics",
            "session-hijacking",
            "shopping-scam",
            "smishing-tactic",
            "social-engineering",
            "social-media-impersonation",
            "sofi-impersonation",
            "software-distribution",
            "spam-promoted",
            "state-of-alaska",
            "steam",
            "streaming-piracy",
            "survey-scam",
            "suspicious-domain",
            "suspicious-file-sharing",
            "suspicious-redirect",
            "suspicious-service",
            "technology",
            "telegram-impersonation",
            "texas-dmv",
            "ticketone-impersonation",
            "tikko-impersonation",
            "tiktok",
            "toll-scam",
            "trading-scam",
            "traffic-fines",
            "traffic-redirection",
            "typo-squatting",
            "typosquatting",
            "unauthorized-media-distribution",
            "unauthorized-software",
            "unrealistic-rewards",
            "unregulated-gambling",
            "unsecured-uploads",
            "unwanted-software",
            "urgency-scam",
            "url-redirection",
            "url-shortener",
            "urlert",
            "vercel-hosting",
            "verification-challenge",
            "verification-screen",
            "visionpro-impersonation",
            "wallet-draining",
            "withdrawal-scam",
            "work-from-home-scam",
            "zoom-impersonation"
          ],
          "references": [
            "https://urlert.com/domain/690914.help",
            "https://urlert.com/domain/acers.net",
            "https://urlert.com/domain/afflat3a1.com",
            "https://urlert.com/domain/amendes-justice-gov.co",
            "https://urlert.com/domain/an1.com",
            "https://urlert.com/domain/as-isr.top",
            "https://urlert.com/domain/as-jes.top",
            "https://urlert.com/domain/as-jeu.top",
            "https://urlert.com/domain/as-vse.top",
            "https://urlert.com/domain/aviroohome.com",
            "https://urlert.com/domain/axiomvelox.online",
            "https://urlert.com/domain/b-cdn.net",
            "https://urlert.com/domain/bit.ly",
            "https://urlert.com/domain/booking-page8282461.top",
            "https://urlert.com/domain/boxtrack.cfd",
            "https://urlert.com/domain/britetodo.com",
            "https://urlert.com/domain/citithankyoucard.com",
            "https://urlert.com/domain/clicksmart365.com",
            "https://urlert.com/domain/clickup.com",
            "https://urlert.com/domain/cloudspire-works.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Financial Services",
            "Government",
            "Hospitality",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 105,
            "hostname": 55,
            "URL": 107
          },
          "indicator_count": 267,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "27 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69cf1115225832368c9af150",
          "name": "URLert Daily Threat Intel \u2014 2026-04-03",
          "description": "URLert Daily Threat Intel \u2014 2026-04-03\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 165 | Indicators: 334\nConfirmed: 47 | Likely: 117 | Domain intel: 1\nTop threats: Phishing (148), Malware Hosting (12), Dropper (3), Scanning Host (1), RAT (1)\nDomains: 1cpmspv.top, 1drv.ms, 40gmail.com, 756193.xin, adescargar.net, adobe.com, ankergames.net, as-nfd.top, betioh.com, blogspot.com, bodyshopca.com, bv-dienstleistungen.de, ca-page.cyou, ca-pag...\n\n165 unique threats producing 334 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-03T00:28:39.989000",
          "created": "2026-04-03T01:00:05.191000",
          "tags": [
            "2fa-harvesting",
            "adult-app-distribution",
            "adult-content",
            "adware",
            "adware-risk",
            "agoda-impersonation",
            "ai-sweden-impersonation",
            "alaska",
            "alaska-dmv",
            "android-malware",
            "anonymous-sales",
            "apk-distribution",
            "apk-malware",
            "automated-scan",
            "blockchain-casino",
            "booking-com",
            "brand-impersonation",
            "brazil",
            "bulk-email-distribution",
            "california",
            "california-dmv-impersonation",
            "cloaking",
            "cloud-hosting",
            "cloudflare-abuse",
            "code-obfuscation",
            "combell-impersonation",
            "combosquatting",
            "compromised-government-site",
            "controlled-substances",
            "credential-harvesting",
            "credit-card-harvesting",
            "credit-card-scam",
            "credit-card-theft",
            "crypto-casino",
            "crypto-payments",
            "crypto-scam",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "dao-impersonation",
            "dao-services",
            "data-harvesting",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-landing-page",
            "deceptive-landing-pages",
            "deceptive-sales-tactics",
            "deceptive-site",
            "delivery-exception",
            "delivery-failure-scam",
            "delivery-scam",
            "device-access-attempt",
            "dhl",
            "digital-infrastructure-marketplace",
            "discord-impersonation",
            "discount-scam",
            "dmv",
            "document-lure",
            "document-sharing-scam",
            "docusign-impersonation",
            "domain-classification",
            "domain-squatting",
            "dpd",
            "dpd-impersonation",
            "dropper",
            "educational-content-piracy",
            "email-credentials",
            "evasion-technique",
            "facebook",
            "fake-captcha",
            "fake-checkout",
            "fake-citation",
            "fake-delivery-notice",
            "fake-delivery-notification",
            "fake-delivery-scam",
            "fake-document",
            "fake-document-preview",
            "fake-giveaway",
            "fake-income-opportunity",
            "fake-invoices",
            "fake-login",
            "fake-login-page",
            "fake-login-portal",
            "fake-online-store",
            "fake-payment-portal",
            "fake-profiles",
            "fake-security-check",
            "fake-store",
            "fake-toll",
            "fake-toll-notice",
            "fake-toll-scam",
            "fake-tracking-page",
            "fake-warning",
            "fanbox",
            "fantia-impersonation",
            "fifa",
            "file-sharing-impersonation",
            "financial-information-theft",
            "financial-institution-impersonation",
            "financial-scam",
            "fiverr",
            "foot-locker-impersonation",
            "footlocker",
            "forced-installation",
            "fraudulent",
            "fraudulent-operation",
            "gamers",
            "gibberish-domain",
            "gift-voucher-scam",
            "github-pages",
            "giveaway-scam",
            "glp-1-agonists",
            "gmail-impersonation",
            "google-docs",
            "google-impersonation",
            "google-sheets-impersonation",
            "government-impersonation",
            "government-services",
            "grayware",
            "high-abuse-domain",
            "high-risk-domain",
            "high-risk-downloads",
            "high-risk-tld",
            "high-traffic-site",
            "hospitality-targeting",
            "ic-markets-impersonation",
            "illegal-pharmacy",
            "impersonation",
            "information-gathering",
            "information-harvesting",
            "intelcom",
            "invite-code-scam",
            "ipfs-abuse",
            "israel-post",
            "law-firm-impersonation",
            "legitimate-domain-abuse",
            "legitimate-service-abuse",
            "login-page",
            "login-portal",
            "logistics",
            "logistics-delivery",
            "logistics-scam",
            "logistics-sector",
            "logistics-supply-chain",
            "louisiana-omv-impersonation",
            "malicious-domain",
            "malicious-link-shortener",
            "malicious-links",
            "malicious-redirect",
            "malicious-redirector",
            "malicious-redirects",
            "malvertising",
            "malware-delivery",
            "malware-distribution",
            "malware-hosting",
            "malware-risk",
            "maryland-mva",
            "media-markt-impersonation",
            "mediamarkt",
            "microsoft",
            "microsoft-forms-abuse",
            "microsoft-impersonation",
            "mobile-malware",
            "modified-apk-distribution",
            "nacex-impersonation",
            "ncdot",
            "nebula-x-impersonation",
            "netlify-abuse",
            "netlify-hosting",
            "new-domain",
            "newly-registered-domain",
            "nft-platform",
            "oklahoma-department-of-public-safety",
            "online-casino",
            "online-scam",
            "oxycodone",
            "package-delivery-scam",
            "payment-bypass",
            "payment-harvesting",
            "payment-information-harvesting",
            "payment-scam",
            "paypal-impersonation",
            "pennsylvania",
            "personal-data-harvesting",
            "personal-information-collection",
            "personal-information-harvesting",
            "personal-information-theft",
            "phishing",
            "phishing-infrastructure",
            "phishing-kit",
            "phishing-landing-page",
            "phishing-lure",
            "phishing-page",
            "phishing-site",
            "phone-number-collection",
            "piracy",
            "pirated-software",
            "privacy-invasion",
            "prize-scam",
            "project-proposal-scam",
            "pw-thor",
            "rapid-links-net",
            "recently-registered-domain",
            "reconnaissance",
            "redirect",
            "redirect-chain",
            "redirector",
            "refund-scam",
            "replit-abuse",
            "retail-impersonation",
            "retail-scam",
            "retail-targeting",
            "roblox",
            "roblox-impersonation",
            "rom-hosting",
            "romania",
            "roundcube-webmail",
            "sameday-impersonation",
            "scam",
            "scam-domain",
            "scam-pages",
            "scam-site",
            "scanner-evasion",
            "schylling",
            "security-bypass",
            "security-challenge-bypass",
            "serviceontario",
            "serviceontario-impersonation",
            "shein-impersonation",
            "slide-to-verify",
            "smishing",
            "social-media-impersonation",
            "software-piracy",
            "spam-distribution",
            "spam-facilitation",
            "spyware",
            "steam",
            "steam-account-theft",
            "stolen-credit-cards",
            "suspicious-domain",
            "suspicious-domain-extension",
            "suspicious-downloads",
            "targeted-attack",
            "technology-sector",
            "telegram-impersonation",
            "telegram-verification-scam",
            "tesco",
            "tesco-impersonation",
            "tiktok",
            "tiktok-impersonation",
            "tiktok-shop-impersonation",
            "tk-shop",
            "toll-scam",
            "traffic-citation-scam",
            "typosquatting",
            "unaccountable-infrastructure",
            "unauthorized-access",
            "unauthorized-content",
            "unauthorized-prescription-drugs",
            "university-brescia",
            "unrealistic-discounts",
            "unscanned-files",
            "unverified-software",
            "unwanted-programs",
            "unwanted-software",
            "urgency-scam",
            "urgency-tactics",
            "url-obscurity",
            "url-shortener",
            "url-shortener-abuse",
            "urlert",
            "video-downloader",
            "vitkac-impersonation",
            "vulnerability-scanning",
            "weebly-abuse",
            "youtube-spam"
          ],
          "references": [
            "https://urlert.com/domain/1cpmspv.top",
            "https://urlert.com/domain/1drv.ms",
            "https://urlert.com/domain/40gmail.com",
            "https://urlert.com/domain/756193.xin",
            "https://urlert.com/domain/adescargar.net",
            "https://urlert.com/domain/adobe.com",
            "https://urlert.com/domain/ankergames.net",
            "https://urlert.com/domain/as-nfd.top",
            "https://urlert.com/domain/betioh.com",
            "https://urlert.com/domain/blogspot.com",
            "https://urlert.com/domain/bodyshopca.com",
            "https://urlert.com/domain/bv-dienstleistungen.de",
            "https://urlert.com/domain/ca-page.cyou",
            "https://urlert.com/domain/ca-page.shop",
            "https://urlert.com/domain/cgod.shop",
            "https://urlert.com/domain/ckq.cc",
            "https://urlert.com/domain/com-azije.cc",
            "https://urlert.com/domain/communityitemarts.co",
            "https://urlert.com/domain/create-logo-maker.net",
            "https://urlert.com/domain/cvmr.life"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education",
            "Financial Services",
            "Government",
            "Healthcare",
            "Hospitality",
            "Legal Services",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Real Estate",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 98,
            "hostname": 55,
            "URL": 104
          },
          "indicator_count": 257,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 30,
          "modified_text": "28 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6944b2fb58e81f2e5ab243bc",
          "name": "Malware Filter - Phishing List - 18-12-2025",
          "description": "",
          "modified": "2025-12-19T02:05:47.922000",
          "created": "2025-12-19T02:05:47.922000",
          "tags": [],
          "references": [
            "https://malware-filter.gitlab.io/malware-filter/phishing-filter-domains.txt"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "CyberHunterAutoFeed",
            "id": "182496",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 136,
            "hostname": 345
          },
          "indicator_count": 481,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 1622,
          "modified_text": "163 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://urlert.com/domain/ankergames.net",
        "https://urlert.com/domain/d9s3x4.com",
        "https://urlert.com/domain/dao-kd.com",
        "https://urlert.com/domain/cs2challengemode.com",
        "https://urlert.com/domain/boxstatusr.cfd",
        "https://urlert.com/domain/1drv.ms",
        "https://urlert.com/domain/blogspot.com",
        "https://urlert.com/domain/cloudspire-works.com",
        "https://urlert.com/domain/amendes-justice-gov.co",
        "https://urlert.com/domain/472hico.lat",
        "https://urlert.com/domain/cgebq.buzz",
        "https://urlert.com/domain/1cpmspv.top",
        "https://urlert.com/domain/ca-pagel.cyou",
        "https://urlert.com/domain/364829.xin",
        "https://urlert.com/domain/baremineralsstore.com",
        "https://urlert.com/domain/cgod.shop",
        "https://urlert.com/domain/amazonv8.com",
        "https://urlert.com/domain/ct.ws",
        "https://urlert.com/domain/bybusdt.cc",
        "https://urlert.com/domain/bv-dienstleistungen.de",
        "https://urlert.com/domain/alert-micro.com",
        "https://urlert.com/domain/com-azije.cc",
        "https://urlert.com/domain/cloudnext.pro",
        "https://urlert.com/domain/bolt.host",
        "https://urlert.com/domain/bpidirecto.top",
        "https://urlert.com/domain/boxtrack.cfd",
        "https://urlert.com/domain/bringitonmsg.com",
        "https://urlert.com/domain/beyondclosetstore.com",
        "https://urlert.com/domain/ca-pages.biz.id",
        "https://urlert.com/domain/ca-page.shop",
        "https://urlert.com/domain/756193.xin",
        "https://urlert.com/domain/clearentry.pro",
        "https://urlert.com/domain/as-nfd.top",
        "https://urlert.com/domain/backmart.cyou",
        "https://urlert.com/domain/ckq.cc",
        "https://urlert.com/domain/apidoge.com",
        "https://urlert.com/domain/afflat3a1.com",
        "https://urlert.com/domain/adobe.com",
        "https://urlert.com/domain/clickup.com",
        "https://urlert.com/domain/dailed.gg",
        "https://urlert.com/domain/belladobe.com",
        "https://urlert.com/domain/alpiyd.help",
        "https://urlert.com/domain/b2wditxn.cc",
        "https://urlert.com/domain/ca-page.cyou",
        "https://urlert.com/domain/bookscloud.net",
        "https://urlert.com/domain/courierdesk.cfd",
        "https://urlert.com/domain/carziqo.net",
        "https://urlert.com/domain/acers.net",
        "https://urlert.com/domain/boxpoint.cfd",
        "https://malware-filter.gitlab.io/malware-filter/phishing-filter-domains.txt",
        "https://urlert.com/domain/acccat.com",
        "https://urlert.com/domain/asusnext.us",
        "https://urlert.com/domain/effectivegatecpm.com",
        "https://urlert.com/domain/bfhix.buzz",
        "https://urlert.com/domain/aviroohome.com",
        "https://urlert.com/domain/0nlyfans.es",
        "https://urlert.com/domain/b-cdn.net",
        "https://urlert.com/domain/aiciinromania.com",
        "https://urlert.com/domain/es-long-rent-apartments-4567885553.homes",
        "https://urlert.com/domain/booking-page8282461.top",
        "https://urlert.com/domain/allerides.shop",
        "https://urlert.com/domain/cloudfront.net",
        "https://urlert.com/domain/getmysocial.com",
        "https://urlert.com/domain/as-isr.top",
        "https://urlert.com/domain/cvmr.life",
        "https://urlert.com/domain/bodyshopca.com",
        "https://urlert.com/domain/ffs8.com",
        "https://urlert.com/domain/axiomvelox.online",
        "https://urlert.com/domain/adescargar.net",
        "https://urlert.com/domain/bunnyband.com",
        "https://urlert.com/domain/create-logo-maker.net",
        "https://urlert.com/domain/bit.ly",
        "https://urlert.com/domain/authpadi.com",
        "https://urlert.com/domain/awstrack.me",
        "https://urlert.com/domain/allwatch.id",
        "https://urlert.com/domain/ca-pagel.sbs",
        "https://urlert.com/domain/as-vse.top",
        "https://urlert.com/domain/demoteam.ch",
        "https://urlert.com/domain/communityitemarts.co",
        "https://urlert.com/domain/betioh.com",
        "https://urlert.com/domain/as-jes.top",
        "https://urlert.com/domain/aipixelss.com",
        "https://urlert.com/domain/clicksmart365.com",
        "https://urlert.com/domain/besowin.com",
        "https://urlert.com/domain/an1.com",
        "https://urlert.com/domain/690914.help",
        "https://urlert.com/domain/aixldc10.shop",
        "https://urlert.com/domain/as-jeu.top",
        "https://urlert.com/domain/freefunhere.com",
        "https://urlert.com/domain/geeduu.com",
        "https://urlert.com/domain/ca-pagel.icu",
        "https://urlert.com/domain/britetodo.com",
        "https://urlert.com/domain/citithankyoucard.com",
        "https://urlert.com/domain/40gmail.com",
        "https://urlert.com/domain/bibtly.cc",
        "https://urlert.com/domain/aceimg.com"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [
            "Education",
            "Logistics / supply chain",
            "Retail / e-commerce",
            "Legal services",
            "Technology",
            "Healthcare",
            "Financial services",
            "Automotive",
            "Government",
            "Insurance",
            "Media / entertainment",
            "Real estate",
            "Telecommunications",
            "Hospitality"
          ]
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 7,
  "pulses": [
    {
      "id": "653e8484ba7c285929cb5e0d",
      "name": "CERT.PL list of malicious domains",
      "description": "See: https://cert.pl/en/warning-list/\n\n(archived version here: https://web.archive.org/web/20231029161224/https://cert.pl/en/posts/2020/03/malicious_domains/)",
      "modified": "2026-05-30T07:58:43.913000",
      "created": "2023-10-29T16:12:52.580000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "Poland"
      ],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 169181,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 1,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "tomtomalien",
        "id": "258713",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_258713/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 156498,
        "domain": 371707
      },
      "indicator_count": 528205,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 474,
      "modified_text": "1 day ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69dee3140bd99e9baf014779",
      "name": "URLert Daily Threat Intel \u2014 2026-04-15",
      "description": "URLert Daily Threat Intel \u2014 2026-04-15\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 67 | Indicators: 121\nConfirmed: 20 | Likely: 43 | Domain intel: 4\nTop threats: Phishing (55), Malware Hosting (6), Dropper (3), Unknown (2), Malvertising (1)\nDomains: 0nlyfans.es, acccat.com, aceimg.com, alert-micro.com, allwatch.id, apidoge.com, asusnext.us, belladobe.com, bunnyband.com, carziqo.net, clearentry.pro, cloudnext.pro, cs2challengemode.com,...\n\n67 unique threats producing 121 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-15T00:53:50.005000",
      "created": "2026-04-15T01:00:04.655000",
      "tags": [
        "5eplay",
        "account-recovery-scam",
        "adult-content-lure",
        "affiliate-fraud",
        "aggressive-advertising",
        "aliexpress-impersonation",
        "allegro-impersonation",
        "apk-distribution",
        "automated-scan",
        "banking-credentials",
        "betting-scam",
        "brand-impersonation",
        "cfd-trading",
        "clickbait",
        "combosquatting",
        "credential-harvesting",
        "credit-card-harvesting",
        "credit-card-theft",
        "crypto-gambling",
        "cryptocurrency",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "dao-impersonation",
        "data-harvesting",
        "dating-scam",
        "deceptive-advertising",
        "deceptive-downloads",
        "deceptive-landing-page",
        "deceptive-marketing",
        "deceptive-redirect",
        "deceptive-redirects",
        "deceptive-scam",
        "deceptive-tactics",
        "delivery-scam",
        "document-sharing-phishing",
        "domain-classification",
        "ecommerce-scam",
        "elon-musk",
        "email-lookup",
        "email-redirect",
        "employment-scam",
        "esports-platform-impersonation",
        "explicit-content",
        "fake-app-store",
        "fake-mining",
        "fake-news",
        "fake-profiles",
        "fake-toll-notice",
        "fake-tracking",
        "file-distribution",
        "file-hosting",
        "financial-deception",
        "financial-fraud",
        "financial-phishing",
        "financial-scam",
        "fiverr",
        "fiverr-impersonation",
        "forex-trading",
        "fraudulent-investment",
        "fraudulent-platform",
        "fraudulent-website",
        "free-hosting-abuse",
        "freelancer-targeting",
        "game-scam",
        "gaming",
        "get-rich-quick",
        "gibberish-domain",
        "gift-card-scam",
        "google-impersonation",
        "government-impersonation",
        "h-and-m",
        "hetzner-hosting",
        "high-risk-tld",
        "hospitality-targeting",
        "income-scheme",
        "information-harvesting",
        "infostealer-logs",
        "investment-scam",
        "irish-government",
        "lead-generation",
        "link-shortener",
        "live-sports-streaming",
        "malicious-file-hosting",
        "malicious-redirection",
        "malware-distribution",
        "malware-hosting",
        "mexc-impersonation",
        "movie-download-scam",
        "mtn-impersonation",
        "mygovid",
        "new-domain",
        "newly-observed-domain",
        "newly-registered-domain",
        "online-banking",
        "online-gaming",
        "outlook-safelink",
        "payload-delivery",
        "payment-scam",
        "pentavida",
        "personal-information-collection",
        "phishing",
        "phishing-campaign",
        "phishing-infrastructure",
        "phishing-scam",
        "phishing-site",
        "phone-number-harvesting",
        "pig-butchering-scam",
        "ponzi-scheme",
        "privacy-risk",
        "pyramid-scheme",
        "raw-binary-serving",
        "redirect",
        "redirect-chain",
        "scam",
        "scam-allegations",
        "scam-landing-page",
        "seo-poisoning",
        "social-engineering",
        "social-media-scam",
        "software-piracy-scam",
        "spam",
        "spotahome",
        "spotify",
        "steam-credentials",
        "survey-scam",
        "suspicious-domain",
        "suspicious-infrastructure",
        "targeted-phishing",
        "task-based-earning-scam",
        "task-scam",
        "team-visma-lease-a-bike",
        "throwaway-domain",
        "trading-platform",
        "typosquatting",
        "unsolicited-messages",
        "unvetted-content",
        "urlert",
        "username-harvesting",
        "username-password-collection",
        "voucher-scam",
        "wallet-draining",
        "wanda-cinemas",
        "whatsapp-group-scam",
        "whatsapp-lure",
        "withdrawal-scam",
        "x-twitter"
      ],
      "references": [
        "https://urlert.com/domain/0nlyfans.es",
        "https://urlert.com/domain/acccat.com",
        "https://urlert.com/domain/aceimg.com",
        "https://urlert.com/domain/alert-micro.com",
        "https://urlert.com/domain/allwatch.id",
        "https://urlert.com/domain/apidoge.com",
        "https://urlert.com/domain/asusnext.us",
        "https://urlert.com/domain/belladobe.com",
        "https://urlert.com/domain/bunnyband.com",
        "https://urlert.com/domain/carziqo.net",
        "https://urlert.com/domain/clearentry.pro",
        "https://urlert.com/domain/cloudnext.pro",
        "https://urlert.com/domain/cs2challengemode.com",
        "https://urlert.com/domain/ct.ws",
        "https://urlert.com/domain/dao-kd.com",
        "https://urlert.com/domain/demoteam.ch",
        "https://urlert.com/domain/es-long-rent-apartments-4567885553.homes",
        "https://urlert.com/domain/freefunhere.com",
        "https://urlert.com/domain/geeduu.com",
        "https://urlert.com/domain/getmysocial.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Automotive",
        "Financial Services",
        "Government",
        "Hospitality",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Real Estate",
        "Retail / E-Commerce",
        "Technology",
        "Telecommunications"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 42,
        "hostname": 13,
        "URL": 43
      },
      "indicator_count": 98,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "16 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d5a89569e0095158da2a9c",
      "name": "URLert Daily Threat Intel \u2014 2026-04-08",
      "description": "URLert Daily Threat Intel \u2014 2026-04-08\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 139 | Indicators: 264\nConfirmed: 43 | Likely: 94 | Domain intel: 2\nTop threats: Phishing (109), Malvertising (9), Unknown (8), Malware Hosting (7), Dropper (5)\nDomains: 472hico.lat, acccat.com, aipixelss.com, allerides.shop, alpiyd.help, ankergames.net, authpadi.com, awstrack.me, besowin.com, beyondclosetstore.com, bfhix.buzz, blogspot.com, bookscloud.net...\n\n139 unique threats producing 264 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-07T23:19:25.182000",
      "created": "2026-04-08T01:00:05.017000",
      "tags": [
        "2fa-bypass",
        "4-72",
        "4-72-impersonation",
        "abuse-hosting",
        "account-checker",
        "account-reactivation",
        "activity-viewer",
        "adac",
        "adult-affiliate",
        "adult-scam",
        "affiliate-network",
        "aggressive-advertising",
        "ai-platform-abuse",
        "an-post",
        "android-malware",
        "anti-analysis",
        "apk-download",
        "apk-malware",
        "app-update-lure",
        "automated-scan",
        "automatic-download",
        "blank-landing-page",
        "blogspot",
        "booking-com",
        "booking-com-impersonation",
        "bpi-impersonation",
        "brand-impersonation",
        "browser-extension",
        "california-dmv",
        "california-government-impersonation",
        "celebrity-impersonation",
        "cloaking",
        "cloudflare-impersonation",
        "colombia",
        "combosquatting",
        "command-and-control-communication",
        "compromised-site",
        "content-gating",
        "content-locker-scam",
        "cracking",
        "credential-harvesting",
        "crypto-casino",
        "cryptocurrency-phishing",
        "cryptocurrency-scam",
        "cybercrime-tools",
        "daily-threat-intel",
        "dating-scam",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-download",
        "deceptive-lure",
        "deceptive-overlay",
        "deceptive-practices",
        "deceptive-redirect",
        "deceptive-redirects",
        "deceptive-registration",
        "deceptive-tactics",
        "delivery-scam",
        "detection-evasion",
        "developer-tool-evasion",
        "dhl",
        "dhl-impersonation",
        "discord",
        "discord-bot-users",
        "disposable-infrastructure",
        "domain-classification",
        "download-link",
        "dpd",
        "dpd-impersonation",
        "dpd-local",
        "e-commerce-scam",
        "evasion",
        "evasion-technique",
        "evasion-techniques",
        "evasive-technique",
        "evasive-techniques",
        "facebook-impersonation",
        "fake-account-creation",
        "fake-cloudflare-challenge",
        "fake-domain",
        "fake-government-service",
        "fake-login-portal",
        "fake-payment",
        "fake-paywall",
        "fake-questionnaire",
        "fake-security-challenge",
        "fake-security-verification",
        "fake-service",
        "fake-toll-charge",
        "fake-toll-scam",
        "fake-voucher",
        "financial-harvesting",
        "financial-loss",
        "financial-theft",
        "fiverr",
        "fiverr-impersonation",
        "fortnite-impersonation",
        "fraudulent-activity",
        "fraudulent-gambling",
        "fraudulent-investment-platform",
        "fraudulent-platform",
        "fraudulent-store",
        "gambling-scam",
        "gamers",
        "generic-login-form",
        "georgia-dds",
        "germany",
        "gibberish-domain",
        "gmail-impersonation",
        "google",
        "government-impersonation",
        "grabify-logging",
        "grayware",
        "hamilton-fraser",
        "high-pressure-sales",
        "high-risk-subdomain",
        "high-risk-tld",
        "hookup-scam",
        "hr-block-impersonation",
        "identity-verification",
        "impersonation-scam",
        "inactive-infrastructure",
        "information-harvesting",
        "instagram",
        "invalid-certificate",
        "investment-scam",
        "invitation-code-required",
        "invite-code",
        "israel-post-impersonation",
        "javascript-delivery",
        "keyword-stuffing",
        "lead-generation",
        "link-shortener",
        "logistics",
        "logistics-impersonation",
        "logistics-scam",
        "logistics-sector",
        "lookalike-domain",
        "low-reputation-domain",
        "malicious-advertising-network",
        "malicious-extensions",
        "malicious-infrastructure",
        "malicious-redirection",
        "malicious-redirects",
        "malicious-site",
        "malvertising",
        "malware-bundling",
        "malware-delivery",
        "malware-distribution",
        "mercadopago",
        "microsoft-impersonation",
        "microsoft-sharepoint-impersonation",
        "misleading-ui",
        "mobile-phishing",
        "modded-applications",
        "monetized-url-shortener",
        "netlify-abuse",
        "nevada-dmv",
        "new-domain",
        "newly-registered-domain",
        "non-legitimate-site",
        "online-casino",
        "passport-data-theft",
        "payment-card-theft",
        "payment-harvesting",
        "payment-information-harvesting",
        "payment-information-theft",
        "payment-scam",
        "payroll-scam",
        "personal-information-harvesting",
        "phishing",
        "phishing-lure",
        "phishing-page",
        "phishing-site",
        "pig-butchering-scam",
        "pii-collection",
        "pirated-software",
        "ponzi-scheme",
        "pop-unders",
        "posta-kenya-impersonation",
        "potentially-malicious-domain",
        "privacy-risk",
        "profile-visitor-tracking",
        "pua",
        "random-subdomain",
        "recent-domain",
        "redirect-chain",
        "redirector",
        "refund-service",
        "retail-scam",
        "retail-sector",
        "roblox",
        "roblox-accounts",
        "roblox-impersonation",
        "scam",
        "scam-distribution",
        "scam-gateway",
        "scam-infrastructure",
        "scam-site",
        "scam-website",
        "script-hosting",
        "security-bypass",
        "seo-spam",
        "serviceontario",
        "shipping-protection-scam",
        "sms-verification-bypass",
        "social-engineering",
        "social-media-scam",
        "software-piracy",
        "spam-infrastructure",
        "spyware",
        "steam",
        "student-targeting",
        "surveillance-tools",
        "survey-scam",
        "suspicious-domain",
        "suspicious-file-type",
        "suspicious-pricing",
        "suspicious-subdomain",
        "template-based-storefront",
        "tiktok-impersonation",
        "tiktok-shop",
        "toll-charge",
        "toll-scam",
        "tracking",
        "traffic-citations",
        "traffic-direction-system",
        "traffic-distribution-system",
        "traffic-diversion",
        "traffic-redirection",
        "travel-scam",
        "travel-sector",
        "trojan",
        "trojanized-app",
        "twitter-impersonation",
        "txdmv",
        "txdmv-impersonation",
        "typosquatting",
        "uk-eta-visa",
        "unauthorized-tracking",
        "unofficial-app-distribution",
        "unreachable",
        "unverified-software-download",
        "unwanted-content",
        "unwanted-programs",
        "unwanted-software",
        "url-redirect",
        "url-redirector",
        "url-shortener",
        "urlert",
        "usdt",
        "usps",
        "vbucks-scam",
        "webcam-capture",
        "webcam360",
        "weebly-abuse",
        "wetransfer",
        "wetransfer-impersonation",
        "whatsapp-impersonation",
        "wisconsin-dot",
        "withdrawal-scam"
      ],
      "references": [
        "https://urlert.com/domain/472hico.lat",
        "https://urlert.com/domain/acccat.com",
        "https://urlert.com/domain/aipixelss.com",
        "https://urlert.com/domain/allerides.shop",
        "https://urlert.com/domain/alpiyd.help",
        "https://urlert.com/domain/ankergames.net",
        "https://urlert.com/domain/authpadi.com",
        "https://urlert.com/domain/awstrack.me",
        "https://urlert.com/domain/besowin.com",
        "https://urlert.com/domain/beyondclosetstore.com",
        "https://urlert.com/domain/bfhix.buzz",
        "https://urlert.com/domain/blogspot.com",
        "https://urlert.com/domain/bookscloud.net",
        "https://urlert.com/domain/boxstatusr.cfd",
        "https://urlert.com/domain/bpidirecto.top",
        "https://urlert.com/domain/bringitonmsg.com",
        "https://urlert.com/domain/ca-pagel.cyou",
        "https://urlert.com/domain/ca-pagel.icu",
        "https://urlert.com/domain/ca-pagel.sbs",
        "https://urlert.com/domain/ca-pages.biz.id"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Automotive",
        "Education",
        "Financial Services",
        "Government",
        "Hospitality",
        "Insurance",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 78,
        "URL": 80,
        "hostname": 42
      },
      "indicator_count": 200,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 33,
      "modified_text": "23 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d1b41832db3e0db5b36117",
      "name": "URLert Daily Threat Intel \u2014 2026-04-05",
      "description": "URLert Daily Threat Intel \u2014 2026-04-05\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 85 | Indicators: 175\nConfirmed: 27 | Likely: 51 | Domain intel: 7\nTop threats: Phishing (74), Malware Hosting (7), Malvertising (3), Dropper (1)\nDomains: 364829.xin, aiciinromania.com, aixldc10.shop, alert-micro.com, amazonv8.com, b2wditxn.cc, backmart.cyou, baremineralsstore.com, bfhix.buzz, bibtly.cc, bolt.host, boxpoint.cfd, bybusdt.cc, ...\n\n85 unique threats producing 175 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-04T23:09:18.301000",
      "created": "2026-04-05T01:00:08.578000",
      "tags": [
        ".cyou-tld",
        "account-hijacking",
        "account-scam",
        "account-takeover",
        "adult-content-lure",
        "advance-fee-scam",
        "aggressive-advertising",
        "agoda-impersonation",
        "amazon-impersonation",
        "android-malware",
        "apple-app-store",
        "apple-impersonation",
        "application-download",
        "asset-theft",
        "automated-scan",
        "brand-impersonation",
        "brand-in-subdomain",
        "browser-extension-malware",
        "canon-cameras",
        "cloudflare-obfuscation",
        "colombia-targeting",
        "colorado-department-of-revenue",
        "combosquatting",
        "compromised-site",
        "counterfeit-goods",
        "counterfeit-watches",
        "cracked-games",
        "credential-harvesting",
        "credential-sharing",
        "credit-card-harvesting",
        "crypto-scam",
        "cryptocurrency",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-harvesting",
        "deceptive-ads",
        "deceptive-advertising",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-ecommerce",
        "deceptive-lead-generation",
        "deceptive-marketing",
        "deceptive-practices",
        "deceptive-redirect",
        "deceptive-redirect-chain",
        "deceptive-redirects",
        "deceptive-site",
        "deceptive-tactics",
        "deceptive-trust-indicators",
        "deepfake-generation",
        "delivery-scam",
        "discord-account-theft",
        "disposable-infrastructure",
        "dmv-impersonation",
        "domain-classification",
        "download-button",
        "dpd",
        "dpd-impersonation",
        "e-commerce-scam",
        "easter-egg-hunt-scam",
        "edeka",
        "enterprise-certificate-trust",
        "epic-games",
        "evasive-maneuvers",
        "fake-app-store",
        "fake-credit-generator",
        "fake-discount",
        "fake-giveaway",
        "fake-government-site",
        "fake-platform",
        "fake-rewards",
        "fake-security-check",
        "fake-transactions",
        "fake-virus-warning",
        "financial-scam",
        "fortnite",
        "fraudulent-activity",
        "fraudulent-gambling",
        "fraudulent-network",
        "fraudulent-portal",
        "fraudulent-pricing",
        "fraudulent-store",
        "fraudulent-webshop",
        "fund-harvesting",
        "game-lure",
        "game-modding",
        "game-reward-scam",
        "gaming",
        "gaming-scam",
        "gibberish-domain",
        "gmail-impersonation",
        "government-impersonation",
        "grayware",
        "high-risk-domain",
        "high-risk-domain-extension",
        "high-risk-tld",
        "ibm",
        "identity-theft",
        "illegal-content-lure",
        "investment-scam",
        "jbl",
        "job-scam",
        "keylogger",
        "ledger",
        "ledger-impersonation",
        "lidl-impersonation",
        "logged-tg",
        "malicious-code-execution",
        "malicious-infrastructure",
        "malicious-redirect",
        "malicious-redirector",
        "malicious-script",
        "malvertising",
        "malware-distribution",
        "malware-hosting",
        "malware-vector",
        "mercado-pago-impersonation",
        "mercadopago",
        "microsoft-impersonation",
        "mobile-malware",
        "modded-apk",
        "new-domain",
        "newly-registered",
        "newly-registered-domain",
        "non-consensual-imagery",
        "olx-impersonation",
        "online-earning-scheme",
        "onlyfans-impersonation",
        "password-stealing",
        "payment-harvesting",
        "payment-information-theft",
        "payment-portal-impersonation",
        "personal-information-collection",
        "personal-information-gathering",
        "personal-information-theft",
        "phishing",
        "phishing-infrastructure",
        "phishing-kit",
        "phishing-page",
        "phishing-site",
        "pirated-software",
        "pop-up-scam",
        "privacy-risk",
        "prize-scam",
        "redirect-chain",
        "redirect-cloaking",
        "redirector",
        "retail-e-commerce",
        "retail-impersonation",
        "retail-scam",
        "roblox",
        "roblox-impersonation",
        "roblox-users",
        "scam",
        "scam-distribution",
        "scam-link-generation",
        "scam-site",
        "scam-store",
        "security-bypass",
        "serviceontario-impersonation",
        "sexually-explicit-content",
        "shared-account-directory",
        "shipping-fee-scam",
        "shopify-subdomain",
        "sixt",
        "social-engineering",
        "social-media-scam",
        "solana",
        "steam",
        "steam-credential-phishing",
        "sumup-impersonation",
        "suspicious-domain",
        "sviluppo-host",
        "tantis-pl-impersonation",
        "tech-support-scam",
        "telegram-bot",
        "telegram-impersonation",
        "tracking-domains",
        "travel-booking",
        "trojan",
        "twitter",
        "typosquatting",
        "unauthorized-software",
        "unauthorized-software-distribution",
        "unofficial-app-distribution",
        "unrealistic-pricing",
        "unwanted-software",
        "unwanted-subscriptions",
        "urlert",
        "usdt-scam",
        "wallet-drainer",
        "walmart-impersonation",
        "withdrawal-theft",
        "young-domain",
        "youtube"
      ],
      "references": [
        "https://urlert.com/domain/364829.xin",
        "https://urlert.com/domain/aiciinromania.com",
        "https://urlert.com/domain/aixldc10.shop",
        "https://urlert.com/domain/alert-micro.com",
        "https://urlert.com/domain/amazonv8.com",
        "https://urlert.com/domain/b2wditxn.cc",
        "https://urlert.com/domain/backmart.cyou",
        "https://urlert.com/domain/baremineralsstore.com",
        "https://urlert.com/domain/bfhix.buzz",
        "https://urlert.com/domain/bibtly.cc",
        "https://urlert.com/domain/bolt.host",
        "https://urlert.com/domain/boxpoint.cfd",
        "https://urlert.com/domain/bybusdt.cc",
        "https://urlert.com/domain/cgebq.buzz",
        "https://urlert.com/domain/cloudfront.net",
        "https://urlert.com/domain/courierdesk.cfd",
        "https://urlert.com/domain/d9s3x4.com",
        "https://urlert.com/domain/dailed.gg",
        "https://urlert.com/domain/effectivegatecpm.com",
        "https://urlert.com/domain/ffs8.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Automotive",
        "Financial Services",
        "Government",
        "Hospitality",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 2,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 61,
        "URL": 55,
        "hostname": 24
      },
      "indicator_count": 140,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 32,
      "modified_text": "26 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d06294c6426930704edb6f",
      "name": "URLert Daily Threat Intel \u2014 2026-04-04",
      "description": "URLert Daily Threat Intel \u2014 2026-04-04\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 170 | Indicators: 326\nConfirmed: 46 | Likely: 120 | Domain intel: 4\nTop threats: Phishing (154), Malware Hosting (10), Dropper (4), Malvertising (1), Unknown (1)\nDomains: 690914.help, acers.net, afflat3a1.com, amendes-justice-gov.co, an1.com, as-isr.top, as-jes.top, as-jeu.top, as-vse.top, aviroohome.com, axiomvelox.online, b-cdn.net, bit.ly, booking-page82...\n\n170 unique threats producing 326 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-04T00:19:44.565000",
      "created": "2026-04-04T01:00:04.991000",
      "tags": [
        "abuse-cdn",
        "abused-platform",
        "account-recovery-scam",
        "adult-content",
        "adult-content-lure",
        "adult-scam",
        "advance-fees",
        "affiliate-marketing-scam",
        "allegro",
        "android-apk",
        "android-malware",
        "apk-distribution",
        "apk-malware",
        "automated-scan",
        "bank-impersonation",
        "banking-scam",
        "bookmarklet",
        "bookmarklet-malware",
        "brand-impersonation",
        "bypass-filters",
        "checkout-forms",
        "cloaking",
        "cloudflare-impersonation",
        "combosquatting",
        "compromised-site",
        "content-locker",
        "counterfeit-goods",
        "cracked-games",
        "credential-harvesting",
        "credit-monitoring-scam",
        "crypto-scam",
        "crypto-theft",
        "cryptocurrency",
        "cryptocurrency-scam",
        "cryptocurrency-theft",
        "daily-threat-intel",
        "dao",
        "dao-impersonation",
        "data-harvesting",
        "dating-site-scam",
        "ddb",
        "deception",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-downloads",
        "deceptive-facade",
        "deceptive-interface",
        "deceptive-label",
        "deceptive-login",
        "deceptive-practices",
        "deceptive-pricing",
        "deceptive-site",
        "delivery-exception-scam",
        "delivery-scam",
        "delivery-service-impersonation",
        "delivery-service-scam",
        "denmark",
        "direct-download",
        "discord",
        "discord-credential-harvesting",
        "discord-impersonation",
        "dmv-impersonation",
        "domain-classification",
        "dpd",
        "dpd-impersonation",
        "e-commerce-scam",
        "easter-egg-hunt-scam",
        "easter-scam",
        "education-sector",
        "efax-impersonation",
        "electronics-scam",
        "evasion-technique",
        "facebook-impersonation",
        "fake-app-install",
        "fake-checkout",
        "fake-countdown-timer",
        "fake-deletion-scam",
        "fake-discounts",
        "fake-domain",
        "fake-ecommerce",
        "fake-endorsements",
        "fake-feature",
        "fake-game",
        "fake-giveaway",
        "fake-investment-platform",
        "fake-login",
        "fake-login-page",
        "fake-online-store",
        "fake-parking-fee",
        "fake-parking-penalty",
        "fake-payment",
        "fake-refund",
        "fake-rewards",
        "fake-shopping-site",
        "fake-timer",
        "fake-toll",
        "fake-toll-notice",
        "fake-toll-payment",
        "fake-toll-scam",
        "fake-urgency",
        "fake-verification",
        "fake-warning",
        "fake-website",
        "financial-fraud",
        "financial-information-theft",
        "financial-scam",
        "form-builder-abuse",
        "fraudulent-e-commerce",
        "fraudulent-ecommerce",
        "fraudulent-operation",
        "fraudulent-platform",
        "fraudulent-reward-schemes",
        "fraudulent-website",
        "free-hosting",
        "gambling-scam",
        "game-impersonation",
        "game-mods",
        "gaming",
        "giveaway-scam",
        "google-credentials",
        "google-drive-impersonation",
        "google-impersonation",
        "government-impersonation",
        "government-services",
        "high-risk-domain",
        "high-risk-hosting",
        "high-risk-tld",
        "human-verification",
        "hungarian-fishing-brand",
        "icloud-bypass",
        "information-gathering",
        "investment-scam",
        "iowa-dot",
        "job-scam",
        "link-shortening-scam",
        "login-page",
        "logistics-scam",
        "logistics-sector",
        "lookalike-domain",
        "lure",
        "malicious-redirect",
        "malicious-redirection",
        "malicious-redirects",
        "malvertising",
        "malware-delivery",
        "malware-distribution",
        "malware-download",
        "malware-hosting",
        "malware-vector",
        "medi-markt",
        "media-markt",
        "media-markt-impersonation",
        "mediamarkt",
        "mediemarkt",
        "mercado-pago-impersonation",
        "microsoft-365",
        "microsoft-office365-impersonation",
        "migros",
        "mobile-data-scam",
        "mobile-malware",
        "mod-apps",
        "modded-apps",
        "modified-apk",
        "modified-apps",
        "morocco",
        "ncdot-impersonation",
        "netherlands",
        "new-domain",
        "new-york-dmv",
        "newly-registered-domain",
        "nike",
        "north-carolina-dmv",
        "notification-hijacking",
        "offer-wall",
        "office365",
        "online-purchase-scams",
        "online-store-scam",
        "ontario",
        "oxo-impersonation",
        "package-delivery-scam",
        "parking-penalty-scam",
        "payload-delivery",
        "payment-harvesting",
        "payment-information-harvesting",
        "payment-information-theft",
        "personal-data-harvesting",
        "personal-information-harvesting",
        "personal-information-theft",
        "pertemps",
        "phishing",
        "phishing-campaign",
        "phishing-kit",
        "phishing-lure",
        "phishing-page",
        "phishing-scam",
        "phishing-scheme",
        "phishing-site",
        "pii-collection",
        "piracy",
        "pirated-software",
        "pirated-software-malware",
        "powerschool",
        "powershell-execution",
        "privacy-risk",
        "prize-scam",
        "product-scam",
        "random-domain",
        "recent-domain",
        "recruitment-fraud",
        "recruitment-scam",
        "redirect-chain",
        "redirection",
        "retail-ecommerce",
        "retail-fraud",
        "retail-impersonation",
        "retail-scam",
        "roblox",
        "roblox-impersonation",
        "rvo-nl",
        "scam",
        "scam-tactics",
        "session-hijacking",
        "shopping-scam",
        "smishing-tactic",
        "social-engineering",
        "social-media-impersonation",
        "sofi-impersonation",
        "software-distribution",
        "spam-promoted",
        "state-of-alaska",
        "steam",
        "streaming-piracy",
        "survey-scam",
        "suspicious-domain",
        "suspicious-file-sharing",
        "suspicious-redirect",
        "suspicious-service",
        "technology",
        "telegram-impersonation",
        "texas-dmv",
        "ticketone-impersonation",
        "tikko-impersonation",
        "tiktok",
        "toll-scam",
        "trading-scam",
        "traffic-fines",
        "traffic-redirection",
        "typo-squatting",
        "typosquatting",
        "unauthorized-media-distribution",
        "unauthorized-software",
        "unrealistic-rewards",
        "unregulated-gambling",
        "unsecured-uploads",
        "unwanted-software",
        "urgency-scam",
        "url-redirection",
        "url-shortener",
        "urlert",
        "vercel-hosting",
        "verification-challenge",
        "verification-screen",
        "visionpro-impersonation",
        "wallet-draining",
        "withdrawal-scam",
        "work-from-home-scam",
        "zoom-impersonation"
      ],
      "references": [
        "https://urlert.com/domain/690914.help",
        "https://urlert.com/domain/acers.net",
        "https://urlert.com/domain/afflat3a1.com",
        "https://urlert.com/domain/amendes-justice-gov.co",
        "https://urlert.com/domain/an1.com",
        "https://urlert.com/domain/as-isr.top",
        "https://urlert.com/domain/as-jes.top",
        "https://urlert.com/domain/as-jeu.top",
        "https://urlert.com/domain/as-vse.top",
        "https://urlert.com/domain/aviroohome.com",
        "https://urlert.com/domain/axiomvelox.online",
        "https://urlert.com/domain/b-cdn.net",
        "https://urlert.com/domain/bit.ly",
        "https://urlert.com/domain/booking-page8282461.top",
        "https://urlert.com/domain/boxtrack.cfd",
        "https://urlert.com/domain/britetodo.com",
        "https://urlert.com/domain/citithankyoucard.com",
        "https://urlert.com/domain/clicksmart365.com",
        "https://urlert.com/domain/clickup.com",
        "https://urlert.com/domain/cloudspire-works.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Financial Services",
        "Government",
        "Hospitality",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology",
        "Telecommunications"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 105,
        "hostname": 55,
        "URL": 107
      },
      "indicator_count": 267,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "27 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69cf1115225832368c9af150",
      "name": "URLert Daily Threat Intel \u2014 2026-04-03",
      "description": "URLert Daily Threat Intel \u2014 2026-04-03\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 165 | Indicators: 334\nConfirmed: 47 | Likely: 117 | Domain intel: 1\nTop threats: Phishing (148), Malware Hosting (12), Dropper (3), Scanning Host (1), RAT (1)\nDomains: 1cpmspv.top, 1drv.ms, 40gmail.com, 756193.xin, adescargar.net, adobe.com, ankergames.net, as-nfd.top, betioh.com, blogspot.com, bodyshopca.com, bv-dienstleistungen.de, ca-page.cyou, ca-pag...\n\n165 unique threats producing 334 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-03T00:28:39.989000",
      "created": "2026-04-03T01:00:05.191000",
      "tags": [
        "2fa-harvesting",
        "adult-app-distribution",
        "adult-content",
        "adware",
        "adware-risk",
        "agoda-impersonation",
        "ai-sweden-impersonation",
        "alaska",
        "alaska-dmv",
        "android-malware",
        "anonymous-sales",
        "apk-distribution",
        "apk-malware",
        "automated-scan",
        "blockchain-casino",
        "booking-com",
        "brand-impersonation",
        "brazil",
        "bulk-email-distribution",
        "california",
        "california-dmv-impersonation",
        "cloaking",
        "cloud-hosting",
        "cloudflare-abuse",
        "code-obfuscation",
        "combell-impersonation",
        "combosquatting",
        "compromised-government-site",
        "controlled-substances",
        "credential-harvesting",
        "credit-card-harvesting",
        "credit-card-scam",
        "credit-card-theft",
        "crypto-casino",
        "crypto-payments",
        "crypto-scam",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "dao-impersonation",
        "dao-services",
        "data-harvesting",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-landing-page",
        "deceptive-landing-pages",
        "deceptive-sales-tactics",
        "deceptive-site",
        "delivery-exception",
        "delivery-failure-scam",
        "delivery-scam",
        "device-access-attempt",
        "dhl",
        "digital-infrastructure-marketplace",
        "discord-impersonation",
        "discount-scam",
        "dmv",
        "document-lure",
        "document-sharing-scam",
        "docusign-impersonation",
        "domain-classification",
        "domain-squatting",
        "dpd",
        "dpd-impersonation",
        "dropper",
        "educational-content-piracy",
        "email-credentials",
        "evasion-technique",
        "facebook",
        "fake-captcha",
        "fake-checkout",
        "fake-citation",
        "fake-delivery-notice",
        "fake-delivery-notification",
        "fake-delivery-scam",
        "fake-document",
        "fake-document-preview",
        "fake-giveaway",
        "fake-income-opportunity",
        "fake-invoices",
        "fake-login",
        "fake-login-page",
        "fake-login-portal",
        "fake-online-store",
        "fake-payment-portal",
        "fake-profiles",
        "fake-security-check",
        "fake-store",
        "fake-toll",
        "fake-toll-notice",
        "fake-toll-scam",
        "fake-tracking-page",
        "fake-warning",
        "fanbox",
        "fantia-impersonation",
        "fifa",
        "file-sharing-impersonation",
        "financial-information-theft",
        "financial-institution-impersonation",
        "financial-scam",
        "fiverr",
        "foot-locker-impersonation",
        "footlocker",
        "forced-installation",
        "fraudulent",
        "fraudulent-operation",
        "gamers",
        "gibberish-domain",
        "gift-voucher-scam",
        "github-pages",
        "giveaway-scam",
        "glp-1-agonists",
        "gmail-impersonation",
        "google-docs",
        "google-impersonation",
        "google-sheets-impersonation",
        "government-impersonation",
        "government-services",
        "grayware",
        "high-abuse-domain",
        "high-risk-domain",
        "high-risk-downloads",
        "high-risk-tld",
        "high-traffic-site",
        "hospitality-targeting",
        "ic-markets-impersonation",
        "illegal-pharmacy",
        "impersonation",
        "information-gathering",
        "information-harvesting",
        "intelcom",
        "invite-code-scam",
        "ipfs-abuse",
        "israel-post",
        "law-firm-impersonation",
        "legitimate-domain-abuse",
        "legitimate-service-abuse",
        "login-page",
        "login-portal",
        "logistics",
        "logistics-delivery",
        "logistics-scam",
        "logistics-sector",
        "logistics-supply-chain",
        "louisiana-omv-impersonation",
        "malicious-domain",
        "malicious-link-shortener",
        "malicious-links",
        "malicious-redirect",
        "malicious-redirector",
        "malicious-redirects",
        "malvertising",
        "malware-delivery",
        "malware-distribution",
        "malware-hosting",
        "malware-risk",
        "maryland-mva",
        "media-markt-impersonation",
        "mediamarkt",
        "microsoft",
        "microsoft-forms-abuse",
        "microsoft-impersonation",
        "mobile-malware",
        "modified-apk-distribution",
        "nacex-impersonation",
        "ncdot",
        "nebula-x-impersonation",
        "netlify-abuse",
        "netlify-hosting",
        "new-domain",
        "newly-registered-domain",
        "nft-platform",
        "oklahoma-department-of-public-safety",
        "online-casino",
        "online-scam",
        "oxycodone",
        "package-delivery-scam",
        "payment-bypass",
        "payment-harvesting",
        "payment-information-harvesting",
        "payment-scam",
        "paypal-impersonation",
        "pennsylvania",
        "personal-data-harvesting",
        "personal-information-collection",
        "personal-information-harvesting",
        "personal-information-theft",
        "phishing",
        "phishing-infrastructure",
        "phishing-kit",
        "phishing-landing-page",
        "phishing-lure",
        "phishing-page",
        "phishing-site",
        "phone-number-collection",
        "piracy",
        "pirated-software",
        "privacy-invasion",
        "prize-scam",
        "project-proposal-scam",
        "pw-thor",
        "rapid-links-net",
        "recently-registered-domain",
        "reconnaissance",
        "redirect",
        "redirect-chain",
        "redirector",
        "refund-scam",
        "replit-abuse",
        "retail-impersonation",
        "retail-scam",
        "retail-targeting",
        "roblox",
        "roblox-impersonation",
        "rom-hosting",
        "romania",
        "roundcube-webmail",
        "sameday-impersonation",
        "scam",
        "scam-domain",
        "scam-pages",
        "scam-site",
        "scanner-evasion",
        "schylling",
        "security-bypass",
        "security-challenge-bypass",
        "serviceontario",
        "serviceontario-impersonation",
        "shein-impersonation",
        "slide-to-verify",
        "smishing",
        "social-media-impersonation",
        "software-piracy",
        "spam-distribution",
        "spam-facilitation",
        "spyware",
        "steam",
        "steam-account-theft",
        "stolen-credit-cards",
        "suspicious-domain",
        "suspicious-domain-extension",
        "suspicious-downloads",
        "targeted-attack",
        "technology-sector",
        "telegram-impersonation",
        "telegram-verification-scam",
        "tesco",
        "tesco-impersonation",
        "tiktok",
        "tiktok-impersonation",
        "tiktok-shop-impersonation",
        "tk-shop",
        "toll-scam",
        "traffic-citation-scam",
        "typosquatting",
        "unaccountable-infrastructure",
        "unauthorized-access",
        "unauthorized-content",
        "unauthorized-prescription-drugs",
        "university-brescia",
        "unrealistic-discounts",
        "unscanned-files",
        "unverified-software",
        "unwanted-programs",
        "unwanted-software",
        "urgency-scam",
        "urgency-tactics",
        "url-obscurity",
        "url-shortener",
        "url-shortener-abuse",
        "urlert",
        "video-downloader",
        "vitkac-impersonation",
        "vulnerability-scanning",
        "weebly-abuse",
        "youtube-spam"
      ],
      "references": [
        "https://urlert.com/domain/1cpmspv.top",
        "https://urlert.com/domain/1drv.ms",
        "https://urlert.com/domain/40gmail.com",
        "https://urlert.com/domain/756193.xin",
        "https://urlert.com/domain/adescargar.net",
        "https://urlert.com/domain/adobe.com",
        "https://urlert.com/domain/ankergames.net",
        "https://urlert.com/domain/as-nfd.top",
        "https://urlert.com/domain/betioh.com",
        "https://urlert.com/domain/blogspot.com",
        "https://urlert.com/domain/bodyshopca.com",
        "https://urlert.com/domain/bv-dienstleistungen.de",
        "https://urlert.com/domain/ca-page.cyou",
        "https://urlert.com/domain/ca-page.shop",
        "https://urlert.com/domain/cgod.shop",
        "https://urlert.com/domain/ckq.cc",
        "https://urlert.com/domain/com-azije.cc",
        "https://urlert.com/domain/communityitemarts.co",
        "https://urlert.com/domain/create-logo-maker.net",
        "https://urlert.com/domain/cvmr.life"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education",
        "Financial Services",
        "Government",
        "Healthcare",
        "Hospitality",
        "Legal Services",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Real Estate",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 98,
        "hostname": 55,
        "URL": 104
      },
      "indicator_count": 257,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 30,
      "modified_text": "28 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6944b2fb58e81f2e5ab243bc",
      "name": "Malware Filter - Phishing List - 18-12-2025",
      "description": "",
      "modified": "2025-12-19T02:05:47.922000",
      "created": "2025-12-19T02:05:47.922000",
      "tags": [],
      "references": [
        "https://malware-filter.gitlab.io/malware-filter/phishing-filter-domains.txt"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 2,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "CyberHunterAutoFeed",
        "id": "182496",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 136,
        "hostname": 345
      },
      "indicator_count": 481,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 1622,
      "modified_text": "163 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "wpclick.cc",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "wpclick.cc",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780214759.1699288
}