{ "type": "Domain", "indicator": "wpner.cc", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/wpner.cc", "alexa": "http://www.alexa.com/siteinfo/wpner.cc", "indicator": "wpner.cc", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4147865812, "indicator": "wpner.cc", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 21, "pulses": [ { "id": "653e8484ba7c285929cb5e0d", "name": "CERT.PL list of malicious domains", "description": "See: https://cert.pl/en/warning-list/\n\n(archived version here: https://web.archive.org/web/20231029161224/https://cert.pl/en/posts/2020/03/malicious_domains/)", "modified": "2026-05-30T07:58:43.913000", "created": "2023-10-29T16:12:52.580000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Poland" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 169093, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "tomtomalien", "id": "258713", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_258713/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 156498, "domain": 371707 }, "indicator_count": 528205, "is_author": false, "is_subscribing": null, "subscriber_count": 474, "modified_text": "15 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ec121455951901fef8a045", "name": "URLert Daily Threat Intel \u2014 2026-04-25", "description": "URLert Daily Threat Intel \u2014 2026-04-25\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 63 | Indicators: 122\nConfirmed: 19 | Likely: 44\nTop threats: Phishing (51), Malware Hosting (4), Unknown (3), Dropper (3), Malvertising (2)\nDomains: 6489.pro, app.link, beacons.ai, bit.ly, bookscloud.net, brohood.my.id, bunnyband.com, ca-paget.sbs, cointerac.org, contaboserver.net, cs2by.com, ct.ws, dexo.click, dkfnvk.cfd, dpdlocafd.sh...\n\n63 unique threats producing 122 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-25T00:14:07.625000", "created": "2026-04-25T01:00:04.128000", "tags": [ "abused-hosting", "account-takeover", "adult-content-lure", "aggressive-ads", "ai-trading-bot", "anubis-challenge-service", "artificial-urgency", "automated-scan", "automatic-download", "azure-blob-storage", "booter", "brand-impersonation", "broken-site", "browser-locker", "burberry", "car-wrap-scam", "cloaking", "code-repository-impersonation", "command-execution", "complex-redirect-chain", "compromised-site", "contabo", "content-locker", "content-locker-scam", "costco-impersonation", "credential-harvesting", "crypto-scam", "cryptocurrency", "cyberattack-facilitation", "daily-threat-intel", "data-harvesting", "ddos-service", "deceptive-domain-email", "deceptive-marketing", "deceptive-practices", "deceptive-redirect", "deceptive-tactics", "deceptive-url", "delivery-scam", "dpd-impersonation", "e-commerce-fraud", "e-commerce-scam", "email-verification", "energy-crisis", "evasion-technique", "executable-malware", "extortion", "fake-discounts", "fake-download", "fake-prize", "fake-promotion", "fake-urgency", "fake-verification", "fake-virus-alert", "fanatics-impersonation", "file-sharing", "financial-data-harvesting", "financial-fraud", "financial-information-harvesting", "financial-scam", "fraudulent-infrastructure", "fraudulent-platform", "fraudulent-retail", "fraudulent-scheme", "fraudulent-sweepstakes", "fuel-voucher", "gambling-platform", "game-related-lure", "gaming", "gift-card-scam", "giveaway-scam", "google-cloud-storage-abuse", "google-impersonation", "government-impersonation", "government-targeting", "identity-theft", "impersonation", "infrastructure-misuse", "interac", "investment-scam", "lidl-impersonation", "linkvertise", "logistics-impersonation", "logistics-supply-chain", "low-reputation", "low-reputation-domain", "malicious-download", "malicious-file-delivery", "malicious-infrastructure", "malicious-redirection", "malicious-scripts", "malvertising", "malware-delivery", "malware-distribution", "mothers-day-scam", "multi-provider-phishing", "neosurf", "new-domain", "newly-registered-domain", "ontario-government", "payload-delivery", "payment-voucher-scam", "persistent-malware", "personal-information-collection", "personal-information-harvesting", "petrom", "phishing", "pii-collection", "plumeimpactor", "potentially-unwanted-software", "redirect", "roblox", "roblox-impersonation", "scam", "scam-ecommerce", "scam-site", "servientrega-impersonation", "shadow-reporting", "shein", "social-engineering", "software-piracy", "software-repository-impersonation", "spain", "spam-promotion", "spotify-impersonation", "steam", "stress-testing", "stresser", "survey-scam", "suspicious-domain", "suspicious-redirect", "suspicious-tld", "suspicious-url", "task-based-scam", "task-scam", "tech-support-scam", "technical-errors", "telegram-bot", "tracking-parameters", "trading-platform", "traffic-redirection", "transcash", "typosquatting", "uber-impersonation", "unknown-binary", "unsecured-site", "unverified-health-claims", "unwanted-software", "url-shortener", "urlert", "usps", "xyz-domain" ], "references": [ "https://urlert.com/domain/6489.pro", "https://urlert.com/domain/app.link", "https://urlert.com/domain/beacons.ai", "https://urlert.com/domain/bit.ly", "https://urlert.com/domain/bookscloud.net", "https://urlert.com/domain/brohood.my.id", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/ca-paget.sbs", "https://urlert.com/domain/cointerac.org", "https://urlert.com/domain/contaboserver.net", "https://urlert.com/domain/cs2by.com", "https://urlert.com/domain/ct.ws", "https://urlert.com/domain/dexo.click", "https://urlert.com/domain/dkfnvk.cfd", "https://urlert.com/domain/dpdlocafd.shop", "https://urlert.com/domain/e-entrega.co", "https://urlert.com/domain/ethias.be", "https://urlert.com/domain/fafda.to", "https://urlert.com/domain/futfanaticss.com", "https://urlert.com/domain/gamedrive.org" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Energy", "Financial Services", "Government", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 33, "URL": 36, "hostname": 13 }, "indicator_count": 82, "is_author": false, "is_subscribing": null, "subscriber_count": 29, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69c081afa2bd54a9599b7c07", "name": "PhishDestroy \u2014 Active Phishing & Crypto Scam Domains", "description": "Real-time feed of phishing, crypto drainer, and scam domains detected by PhishDestroy (phishdestroy.io). Updated hourly. 108K+ domains tracked, 55K+ currently active. Source: github.com/phishdestroy/destroylist", "modified": "2026-05-24T00:00:03.049000", "created": "2026-03-22T23:56:29.438000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "phishdestroy", "id": "348394", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 93266, "hostname": 57600 }, "indicator_count": 150866, "is_author": false, "is_subscribing": null, "subscriber_count": 99, "modified_text": "6 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69eac0b35a25642499b24fa1", "name": "URLert Daily Threat Intel \u2014 2026-04-24", "description": "URLert Daily Threat Intel \u2014 2026-04-24\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 49 | Indicators: 94\nConfirmed: 12 | Likely: 37\nTop threats: Phishing (41), Dropper (3), Malvertising (2), Malware Hosting (2), Unknown (1)\nDomains: ag4.top, amazon-prime.my, ameli-monespace.com, aqui-reclamesac.info, b2wditxn.cc, buff.ly, bunnyband.com, bzzhr.to, ca-pagew.help, dpdlocadp.shop, dpdlocads.top, dpdlocasv.top, eseateams.c...\n\n49 unique threats producing 94 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-23T23:44:47.381000", "created": "2026-04-24T01:00:35.942000", "tags": [ "account-theft", "adult-content", "adult-scam", "affiliate-fraud", "aggressive-advertising", "amazon-prime", "automated-scan", "brand-impersonation", "brawl-stars", "brazil", "browser-extension-distribution", "chrome-hearts-impersonation", "cloud-storage-abuse", "content-locker", "costco", "credential-harvesting", "cutt-ly", "daily-threat-intel", "deception", "deceptive-advertising", "deceptive-domain", "deceptive-download-site", "deceptive-downloads", "deceptive-hosting", "deceptive-marketing", "deceptive-scam", "deceptive-site", "denmark", "dot-shop-tld", "download-wrapper", "dpd", "dpd-impersonation", "e-commerce-scam", "faceit-impersonation", "fake-download", "fake-store", "fake-testimonials", "financial-fraud", "financial-information-theft", "financial-scam", "france", "fraud", "fraud-alert", "fraudulent-services", "free-hosting", "gambling-scam", "gaming-scam", "gaming-sector", "giveaway-scam", "google-cloud-storage", "government-impersonation", "high-risk-domain-extension", "hookup-scam", "hospitality-sector", "impersonation", "information-stealing", "investment-scam", "invite-code-scam", "job-scam", "locaweb-impersonation", "malicious-redirects", "malvertising", "malware-delivery", "malware-distribution", "malware-lure", "marktplaats", "memecoin-scam", "meta", "microsoft-365", "microsoft-forms", "microsoft-impersonation", "microsoft-sharepoint-impersonation", "misspelled-domain", "mondelez-international", "netlify-abuse", "new-domain", "newly-registered-domain", "package-delivery-scam", "payment-scam", "payment-service", "personal-information-harvesting", "petrom", "phishing", "phishing-domain", "phishing-infrastructure", "pix", "rar-archive", "recently-registered-domain", "redirect", "redirect-chain", "retailer-impersonation", "roblox-scam", "scam", "seekda-impersonation", "shipping-impersonation", "social-engineering", "steamrip-distribution", "subscription-trap", "survey-scam", "suspicious-domain", "t-mobile", "task-based-earning-scam", "task-based-scam", "task-scam", "tinder-impersonation", "toll-scam", "unwanted-software", "url-shortener", "urlert", "user-exploitation", "usps", "vercel", "webmail-impersonation", "young-domain" ], "references": [ "https://urlert.com/domain/ag4.top", "https://urlert.com/domain/amazon-prime.my", "https://urlert.com/domain/ameli-monespace.com", "https://urlert.com/domain/aqui-reclamesac.info", "https://urlert.com/domain/b2wditxn.cc", "https://urlert.com/domain/buff.ly", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/bzzhr.to", "https://urlert.com/domain/ca-pagew.help", "https://urlert.com/domain/dpdlocadp.shop", "https://urlert.com/domain/dpdlocads.top", "https://urlert.com/domain/dpdlocasv.top", "https://urlert.com/domain/eseateams.com", "https://urlert.com/domain/filedownloadz.my", "https://urlert.com/domain/googleapis.com", "https://urlert.com/domain/goveipl.shop", "https://urlert.com/domain/govmdq.autos", "https://urlert.com/domain/iceiy.com", "https://urlert.com/domain/id8214982.live", "https://urlert.com/domain/linkbrawlstars.store" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Energy", "Financial Services", "Government", "Healthcare", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 27, "hostname": 10, "URL": 29 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e96f2bc858014973680e1f", "name": "URLert Daily Threat Intel \u2014 2026-04-23", "description": "URLert Daily Threat Intel \u2014 2026-04-23\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 63 | Indicators: 117\nConfirmed: 18 | Likely: 43 | Domain intel: 2\nTop threats: Phishing (54), Malvertising (4), Dropper (2), Unknown (2), Malware Hosting (1)\nDomains: 0lprvs.click, abre.ai, bunnyband.com, ca-pageo.cyou, ca-pageo.web.id, chainvoltgrid.com, chara-gacha.com, citly.me, dpd-lanviro.link, dpdlocasa.shop, dpdlocass.shop, eu.cc, euprava-gov.lat...\n\n63 unique threats producing 117 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-23T00:06:10.121000", "created": "2026-04-23T01:00:27.807000", "tags": [ "abuse-of-legitimate-service", "account-suspended", "action", "aggressive-ads", "airbnb", "airdrop-scam", "anonymized-infrastructure", "automated-scan", "brand-impersonation", "captcha-scam", "chrome-hearts", "cloaking", "cloudflare-protected", "credential-harvesting", "crypto-casino-scam", "crypto-mining-scam", "cryptocurrency", "cryptocurrency-scam", "daily-threat-intel", "data-harvesting", "dating-scam", "deceptive-advertising", "deceptive-challenge", "deceptive-content", "deceptive-domain", "deceptive-practices", "deceptive-tactics", "delivery-scam", "domain-classification", "dpd-impersonation", "dpd-local-impersonation", "dropshipping-scam", "e-commerce-fraud", "elon-musk-impersonation", "evasion", "evasion-technique", "fake-dating-service", "fake-discounts", "fake-engagement", "fake-giveaway", "fake-login-portal", "fake-registration", "fake-security-alert", "fake-verification", "financial-fraud", "financial-impersonation", "financial-scam", "financial-scheme", "financial-sector", "financial-service-impersonation", "fiverr-impersonation", "fraud-alert", "free-hosting", "fuel-voucher-scam", "game-downloads", "get-paid-to-scheme", "gibberish-domain", "giveaway-scam", "global-futures-options-limited", "google-docs-abuse", "government", "government-impersonation", "high-risk", "high-risk-alert", "high-risk-tld", "human-verification-scam", "impersonation", "information-collection", "information-harvesting", "information-theft", "investment-scam", "israel-post-impersonation", "linkvertise", "logistics-impersonation", "low-reputation", "low-reputation-domain", "lure", "macos-impersonation", "malicious-infrastructure", "malicious-payloads", "malicious-site", "malvertising", "malvertising-gateway", "malware-delivery", "malware-distribution", "mexc-impersonation", "mining-scam", "mobile-number-harvesting", "monetized-url-shortener", "new-domain", "newly-registered-domain", "ontario-government", "package-delivery-scam", "payment-information-harvesting", "peopleperhour-impersonation", "petrom", "phishing", "phishing-page", "phishing-risk", "phishing-site", "privilege-escalation", "random-domain", "redirect", "redirect-chain", "redirect-chains", "riskware", "roblox", "roblox-impersonation", "scam", "scam-allegations", "scam-lure", "scam-storefront", "serbia", "serviceontario", "social-engineering", "suspicious-domain", "targeted-phishing", "task-based-earning-scam", "task-based-scam", "task-scam", "tiktok-impersonation", "tracking-redirect", "traffic-redirection", "trojan", "typosquatting", "unwanted-software", "unwanted-software-distribution", "url-shortener", "urlert", "user-deception", "vgen-impersonation", "wallet-draining" ], "references": [ "https://urlert.com/domain/0lprvs.click", "https://urlert.com/domain/abre.ai", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/ca-pageo.cyou", "https://urlert.com/domain/ca-pageo.web.id", "https://urlert.com/domain/chainvoltgrid.com", "https://urlert.com/domain/chara-gacha.com", "https://urlert.com/domain/citly.me", "https://urlert.com/domain/dpd-lanviro.link", "https://urlert.com/domain/dpdlocasa.shop", "https://urlert.com/domain/dpdlocass.shop", "https://urlert.com/domain/eu.cc", "https://urlert.com/domain/euprava-gov.lat", "https://urlert.com/domain/flowtrackr.site", "https://urlert.com/domain/geeduu.com", "https://urlert.com/domain/go2wa.cc", "https://urlert.com/domain/google.com", "https://urlert.com/domain/homebnb.sbs", "https://urlert.com/domain/httpps-www-roblox.co", "https://urlert.com/domain/huighaverlag.nl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Government", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 37, "URL": 40, "hostname": 13 }, "indicator_count": 90, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69c08867316c564ade394c69", "name": "PhishDestroy \u2014 Content Active Threats (Live)", "description": "Live feed of phishing and crypto scam domains with ACTIVE malicious content from PhishDestroy. These domains are verified to have live phishing/scam pages. Updated hourly. Source: github.com/phishdestroy/destroylist/dns/content_active.json", "modified": "2026-05-21T12:06:19.702000", "created": "2026-03-23T00:25:09.116000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy", "active", "content" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "phishdestroy", "id": "348394", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 132502, "hostname": 66217 }, "indicator_count": 198719, "is_author": false, "is_subscribing": null, "subscriber_count": 44, "modified_text": "9 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d45715d6b6bd82356b2bd8", "name": "URLert Daily Threat Intel \u2014 2026-04-07", "description": "URLert Daily Threat Intel \u2014 2026-04-07\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 88 | Indicators: 164\nConfirmed: 20 | Likely: 61 | Domain intel: 7\nTop threats: Phishing (78), Malvertising (4), Unknown (2), Malware Hosting (2), Hacking Tool (1)\nDomains: 3my.live, amazon.co, aurelaboutique.co, awigkz.info, beastara.com, besowin156.pro, bitbyea.com, blogspot.com, byh.cc, clickspulse.online, cmacked.com, com-hs.in, ct.ws, dao-re.top, darkvps...\n\n88 unique threats producing 164 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-07T01:01:09.875000", "created": "2026-04-07T01:00:05.086000", "tags": [ "2dehands", "account-recovery-fraud", "account-theft", "ad-network-redirector", "ad-redirector", "adobe-impersonation", "adult-content", "adult-content-lure", "adult-scam", "advance-fee-scam", "affiliate-tracking", "amazon", "android-malware", "anonymous-hosting", "anti-analysis", "app-impersonation", "apple-airpods-max", "asset-theft", "automated-scan", "blogspot-com", "brand-impersonation", "browser-hijacking", "bulletproof-hosting", "camera-access", "celebrity-impersonation", "cloudflare-pages", "content-hiding", "content-locking", "controlled-substances", "counterfeit-site", "cracked-software", "credential-harvesting", "credential-theft", "crypto-scam", "cryptocurrency-payments", "cryptocurrency-scam", "daily-threat-intel", "dating-scam", "deceptive-domain", "deceptive-financial-platform", "deceptive-front", "deceptive-infrastructure", "deceptive-longevity", "deceptive-practices", "deceptive-redirect", "deceptive-reviews", "deceptive-security-claims", "deceptive-site", "denmark", "deposit-theft", "disposable-domain", "dji", "dmca-ignored", "domain-classification", "drm-circumvention", "e-commerce-scam", "ecommerce-sector", "education", "education-sector", "email-credential-harvesting", "fake-app-store", "fake-contest-lure", "fake-financial-credentials", "fake-giveaway", "fake-government-grants", "fake-login", "fake-login-pages", "fake-login-portal", "fake-payment", "fake-prize-scam", "fake-shop", "fake-statistics", "fake-store", "fake-storefront", "fake-trading", "fake-trading-platform", "financial-fraud", "financial-information-harvesting", "financial-scam", "financial-sector", "fraudulent-charges", "fraudulent-crypto-investment", "fraudulent-marketplace", "fraudulent-platform", "fund-theft", "gambling-scam", "game-hacking", "game-mods", "gaming-scam", "google-forms", "google-login", "google-maps-impersonation", "government-impersonation", "high-risk-tld", "highway-6", "hyip", "iaet-bank", "illegal-content", "illicit-marketplace", "information-harvesting", "instagram-phishing", "investment-scam", "iphone-scam", "israel", "job-scam", "leroy-merlin", "lidl", "live-video-chat", "login-form", "logistics-sector", "lottery-scam", "low-price-scam", "macos-malware", "malicious-ad-network", "malicious-advertising-network", "malicious-redirect", "malicious-redirector", "malvertising", "malware", "malware-distribution", "maryland-mva", "microsoft-phishing", "microsoft-sharepoint", "multi-redirect", "namecheap", "nebula-x", "netlify-abuse", "new-domain", "newly-registered", "newly-registered-domain", "no-withdrawal-scam", "north-carolina", "offshore-hosting", "online-crime", "online-gambling", "online-gambling-scam", "online-scam", "online-shopping-scam", "onlyfans-impersonation", "payment-harvesting", "payment-scam", "personal-information-harvesting", "phishing", "phishing-page", "phishing-redirect", "phishing-site", "pig-butchering", "ponynet", "ponzi-scheme", "pop-up-scam", "prediction-market", "pubg-mobile", "qr-code-scam", "random-subdomain", "redirect", "redirect-chain", "remote-script-execution", "remote-task-scam", "retail-scam", "revanced-impersonation", "risky-payment-methods", "roblox", "roblox-impersonation", "runescape", "scam", "scam-platform", "scam-website", "scareware", "sexually-explicit-content", "shortened-url", "social-engineering", "social-media-phishing", "steam", "steam-security-bypass", "steroid-sales", "survey-scam", "suspicious-redirects", "t-mobile", "task-based-investment-scam", "task-based-scam", "task-scam", "telecommunications", "texas-dmv", "third-party-abuse", "timberland-impersonation", "tld-squatting", "traffic-redirection", "travel-scam", "typosquatting", "undelivered-orders", "union-ai", "university-of-brescia", "url-redirection", "url-shortener", "urlert", "usdt-storage", "valorant", "verified-scam", "whatsapp-impersonation", "youtube" ], "references": [ "https://urlert.com/domain/3my.live", "https://urlert.com/domain/amazon.co", "https://urlert.com/domain/aurelaboutique.co", "https://urlert.com/domain/awigkz.info", "https://urlert.com/domain/beastara.com", "https://urlert.com/domain/besowin156.pro", "https://urlert.com/domain/bitbyea.com", "https://urlert.com/domain/blogspot.com", "https://urlert.com/domain/byh.cc", "https://urlert.com/domain/clickspulse.online", "https://urlert.com/domain/cmacked.com", "https://urlert.com/domain/com-hs.in", "https://urlert.com/domain/ct.ws", "https://urlert.com/domain/dao-re.top", "https://urlert.com/domain/darkvps.pro", "https://urlert.com/domain/djiusa.com", "https://urlert.com/domain/getmysocial.com", "https://urlert.com/domain/gov-bnnkw.top", "https://urlert.com/domain/govanta.help", "https://urlert.com/domain/goveogr.cfd" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Financial Services", "Government", "Hospitality", "Logistics / Supply Chain", "Media & Entertainment", "Media / Entertainment", "Retail / E-Commerce", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 52, "URL": 44, "hostname": 17 }, "indicator_count": 113, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d30594f707d5c78dd0db9d", "name": "URLert Daily Threat Intel \u2014 2026-04-06", "description": "URLert Daily Threat Intel \u2014 2026-04-06\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 113 | Indicators: 188\nConfirmed: 36 | Likely: 64 | Domain intel: 13\nTop threats: Phishing (83), Malware Hosting (19), Malvertising (5), Unknown (3), Dropper (2)\nDomains: acsgri.com, adescargar.net, aixldc10.shop, an1.com, antai-gouv-info.im, audioz.download, awstrack.me, behindtheemail.com, besowin156.pro, bestwestern-id-nt52vos.com, bestwestern-id-oa74fta...\n\n113 unique threats producing 188 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-05T20:19:42.941000", "created": "2026-04-06T01:00:04.648000", "tags": [ "abuse-of-legitimate-platform", "account-recovery-scam", "account-takeover", "adult-content", "adware", "aggressive-advertising", "android-apk", "android-malware", "antai", "apk-download", "apk-malware", "app-download-scam", "audio-plugins", "automated-scan", "bait-and-switch", "bank-frick", "beacons", "best-western", "brand-impersonation", "browser-hijacking", "burn-and-churn", "camera-access", "capcut-pro", "cloaking", "cloud-mining", "colombia", "combosquatting", "contest-scam", "coomeet", "copyright-infringement", "counterfeit", "counterfeit-distribution", "counterfeit-site", "counterfeit-software", "cpa-scam", "cracked-software", "credential-harvesting", "credential-theft", "crypto-casino", "crypto-scam", "cryptocurrency-exchange", "cryptocurrency-scam", "daily-threat-intel", "dark-patterns", "data-aggregation", "data-breach-records", "data-harvesting", "data-theft", "dating-scam", "deceptive-ads", "deceptive-advertising", "deceptive-ecommerce-scam", "deceptive-landing-pages", "deceptive-lead-generation", "deceptive-links", "deceptive-offers", "deceptive-page", "deceptive-pricing", "deceptive-promises", "deceptive-site", "deceptive-subscription", "deceptive-tactics", "delivery-exception-scam", "delivery-scam", "discord-impersonation", "disposable-infrastructure", "domain-classification", "domain-hopping", "dpd-impersonation", "e-commerce-scam", "ecommerce-scam", "education", "educational-content-piracy", "electronics-fraud", "emotional-manipulation", "epic-games", "extortion", "facebook-campaign", "fake-app-distribution", "fake-domain", "fake-giveaway", "fake-login", "fake-login-page", "fake-login-portal", "fake-payment-portal", "fake-registration", "fake-reviews", "fake-rewards", "fake-security-check", "fake-shop", "fake-verification", "financial-fraud", "financial-information-theft", "financial-phishing", "financial-scam", "financial-services", "forced-redirects", "fortnite", "fraudulent-marketplace", "fraudulent-platform", "fraudulent-purchases", "fraudulent-retailer", "fraudulent-scheme", "free-hosting", "free-jewelry-scam", "free-spins-scam", "french-government", "french-government-impersonation", "gambling-scam", "gambling-site", "game-impersonation", "gaming-theme", "gibberish-domain", "giveaway-scam", "google", "grayware", "high-risk-domain", "high-risk-domain-extension", "high-risk-environment", "high-risk-tld", "hospitality", "hungary", "identity-intelligence", "identity-theft", "illegal-content", "impersonation", "incentivized-traffic", "indonesian-targeting", "information-collection", "information-obfuscation", "investment-scam", "israel", "it.com", "landing-page-service", "link-in-bio", "login-page", "logistics-phishing", "logistics-sector", "malicious-domain", "malicious-impersonation", "malicious-redirect", "malicious-redirection", "malicious-redirects", "malvertising", "malware", "malware-delivery", "malware-distribution", "malware-hosting", "malware-vector", "medi-markt", "mediamarkt-impersonation", "mediatarget", "modded-apk", "modified-apk", "monopoly-go", "music-production", "nebula-x", "new-domain", "newly-registered-domain", "oauth2-abuse", "olx", "online-scam", "onlyfans-impersonation", "payment-information-harvesting", "payment-scam", "paypal-friends-and-family", "personal-information-collection", "personal-information-harvesting", "phishing", "phishing-backend", "phishing-kit", "phishing-platform", "phishing-scam", "phishing-site", "pig-butchering-scam", "pii-collection", "porn-lure", "potentially-harmful-applications", "privacy-risk", "prize-scam", "product-impersonation", "pup", "quantitative-strategies", "recently-registered-domain", "redirect", "redirect-chain", "redirect-cloaking", "redirection", "redirection-scheme", "redirects", "replit-app", "retail-e-commerce", "retail-ecommerce", "retail-fraud", "retail-impersonation", "retail-scam", "retail-sector", "revanced", "revanced-impersonation", "revanced-malware", "roblox", "roblox-impersonation", "rug-pull", "scam", "scam-domain", "scam-lure", "scam-shop", "scam-site", "scaniverse-impersonation", "scareware", "shadow-reporting", "shadow-reporting-extortion-scheme", "shadow-reporting-scheme", "shipping-impersonation", "shopee", "shortened-url", "simit", "snickers-workwear", "social-engineering", "social-media-campaign", "social-media-scam", "software-piracy", "sorewin149", "souq-impersonation", "spyware", "steam-community", "steam-credential-phishing", "suspicious-domain", "suspicious-executable", "suspicious-infrastructure", "suspicious-redirector", "telecommunications-sector", "telegram-scam", "tracking-redirect", "trading-scam", "traffic-redirection", "trojan", "trojanized-game", "typosquat", "typosquatting", "unauthorized-access", "unauthorized-content-distribution", "unofficial-app", "unregulated-gambling", "unrestricted-file-hosting", "unverified-apps", "unverified-software", "unvetted-content", "unwanted-software", "url-shortener", "urlert", "usdt-scam", "video-call-scam", "vinted-impersonation", "visa", "withdrawal-scam", "xfinity", "youtube-downloader" ], "references": [ "https://urlert.com/domain/acsgri.com", "https://urlert.com/domain/adescargar.net", "https://urlert.com/domain/aixldc10.shop", "https://urlert.com/domain/an1.com", "https://urlert.com/domain/antai-gouv-info.im", "https://urlert.com/domain/audioz.download", "https://urlert.com/domain/awstrack.me", "https://urlert.com/domain/behindtheemail.com", "https://urlert.com/domain/besowin156.pro", "https://urlert.com/domain/bestwestern-id-nt52vos.com", "https://urlert.com/domain/bestwestern-id-oa74fta.com", "https://urlert.com/domain/bfrickonline.com", "https://urlert.com/domain/biltty.cc", "https://urlert.com/domain/binance-trade.info", "https://urlert.com/domain/bit.ly", "https://urlert.com/domain/bot-gate.cc", "https://urlert.com/domain/boxpop.cfd", "https://urlert.com/domain/capcutpro.org.in", "https://urlert.com/domain/cashstar.com", "https://urlert.com/domain/clearancesalestore-eu.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Financial Services", "Government", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 65, "hostname": 19, "URL": 55 }, "indicator_count": 139, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d1b41832db3e0db5b36117", "name": "URLert Daily Threat Intel \u2014 2026-04-05", "description": "URLert Daily Threat Intel \u2014 2026-04-05\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 85 | Indicators: 175\nConfirmed: 27 | Likely: 51 | Domain intel: 7\nTop threats: Phishing (74), Malware Hosting (7), Malvertising (3), Dropper (1)\nDomains: 364829.xin, aiciinromania.com, aixldc10.shop, alert-micro.com, amazonv8.com, b2wditxn.cc, backmart.cyou, baremineralsstore.com, bfhix.buzz, bibtly.cc, bolt.host, boxpoint.cfd, bybusdt.cc, ...\n\n85 unique threats producing 175 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-04T23:09:18.301000", "created": "2026-04-05T01:00:08.578000", "tags": [ ".cyou-tld", "account-hijacking", "account-scam", "account-takeover", "adult-content-lure", "advance-fee-scam", "aggressive-advertising", "agoda-impersonation", "amazon-impersonation", "android-malware", "apple-app-store", "apple-impersonation", "application-download", "asset-theft", "automated-scan", "brand-impersonation", "brand-in-subdomain", "browser-extension-malware", "canon-cameras", "cloudflare-obfuscation", "colombia-targeting", "colorado-department-of-revenue", "combosquatting", "compromised-site", "counterfeit-goods", "counterfeit-watches", "cracked-games", "credential-harvesting", "credential-sharing", "credit-card-harvesting", "crypto-scam", "cryptocurrency", "cryptocurrency-scam", "daily-threat-intel", "data-harvesting", "deceptive-ads", "deceptive-advertising", "deceptive-content", "deceptive-domain", "deceptive-ecommerce", "deceptive-lead-generation", "deceptive-marketing", "deceptive-practices", "deceptive-redirect", "deceptive-redirect-chain", "deceptive-redirects", "deceptive-site", "deceptive-tactics", "deceptive-trust-indicators", "deepfake-generation", "delivery-scam", "discord-account-theft", "disposable-infrastructure", "dmv-impersonation", "domain-classification", "download-button", "dpd", "dpd-impersonation", "e-commerce-scam", "easter-egg-hunt-scam", "edeka", "enterprise-certificate-trust", "epic-games", "evasive-maneuvers", "fake-app-store", "fake-credit-generator", "fake-discount", "fake-giveaway", "fake-government-site", "fake-platform", "fake-rewards", "fake-security-check", "fake-transactions", "fake-virus-warning", "financial-scam", "fortnite", "fraudulent-activity", "fraudulent-gambling", "fraudulent-network", "fraudulent-portal", "fraudulent-pricing", "fraudulent-store", "fraudulent-webshop", "fund-harvesting", "game-lure", "game-modding", "game-reward-scam", "gaming", "gaming-scam", "gibberish-domain", "gmail-impersonation", "government-impersonation", "grayware", "high-risk-domain", "high-risk-domain-extension", "high-risk-tld", "ibm", "identity-theft", "illegal-content-lure", "investment-scam", "jbl", "job-scam", "keylogger", "ledger", "ledger-impersonation", "lidl-impersonation", "logged-tg", "malicious-code-execution", "malicious-infrastructure", "malicious-redirect", "malicious-redirector", "malicious-script", "malvertising", "malware-distribution", "malware-hosting", "malware-vector", "mercado-pago-impersonation", "mercadopago", "microsoft-impersonation", "mobile-malware", "modded-apk", "new-domain", "newly-registered", "newly-registered-domain", "non-consensual-imagery", "olx-impersonation", "online-earning-scheme", "onlyfans-impersonation", "password-stealing", "payment-harvesting", "payment-information-theft", "payment-portal-impersonation", "personal-information-collection", "personal-information-gathering", "personal-information-theft", "phishing", "phishing-infrastructure", "phishing-kit", "phishing-page", "phishing-site", "pirated-software", "pop-up-scam", "privacy-risk", "prize-scam", "redirect-chain", "redirect-cloaking", "redirector", "retail-e-commerce", "retail-impersonation", "retail-scam", "roblox", "roblox-impersonation", "roblox-users", "scam", "scam-distribution", "scam-link-generation", "scam-site", "scam-store", "security-bypass", "serviceontario-impersonation", "sexually-explicit-content", "shared-account-directory", "shipping-fee-scam", "shopify-subdomain", "sixt", "social-engineering", "social-media-scam", "solana", "steam", "steam-credential-phishing", "sumup-impersonation", "suspicious-domain", "sviluppo-host", "tantis-pl-impersonation", "tech-support-scam", "telegram-bot", "telegram-impersonation", "tracking-domains", "travel-booking", "trojan", "twitter", "typosquatting", "unauthorized-software", "unauthorized-software-distribution", "unofficial-app-distribution", "unrealistic-pricing", "unwanted-software", "unwanted-subscriptions", "urlert", "usdt-scam", "wallet-drainer", "walmart-impersonation", "withdrawal-theft", "young-domain", "youtube" ], "references": [ "https://urlert.com/domain/364829.xin", "https://urlert.com/domain/aiciinromania.com", "https://urlert.com/domain/aixldc10.shop", "https://urlert.com/domain/alert-micro.com", "https://urlert.com/domain/amazonv8.com", "https://urlert.com/domain/b2wditxn.cc", "https://urlert.com/domain/backmart.cyou", "https://urlert.com/domain/baremineralsstore.com", "https://urlert.com/domain/bfhix.buzz", "https://urlert.com/domain/bibtly.cc", "https://urlert.com/domain/bolt.host", "https://urlert.com/domain/boxpoint.cfd", "https://urlert.com/domain/bybusdt.cc", "https://urlert.com/domain/cgebq.buzz", "https://urlert.com/domain/cloudfront.net", "https://urlert.com/domain/courierdesk.cfd", "https://urlert.com/domain/d9s3x4.com", "https://urlert.com/domain/dailed.gg", "https://urlert.com/domain/effectivegatecpm.com", "https://urlert.com/domain/ffs8.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Automotive", "Financial Services", "Government", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 61, "URL": 55, "hostname": 24 }, "indicator_count": 140, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83cb0ce73bef5c452bfb0", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:29:04.332000", "created": "2026-05-04T06:29:04.332000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "26 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83caf1bef3609f0eb79e2", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:29:03.120000", "created": "2026-05-04T06:29:03.120000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "26 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83cac7d6c947de6c080f9", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:29:00.417000", "created": "2026-05-04T06:29:00.417000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83cab9769e92b3285a2b4", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:28:59.770000", "created": "2026-05-04T06:28:59.770000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83cab7e03b19c5f1078e3", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:28:59.113000", "created": "2026-05-04T06:28:59.113000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "26 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83ca9411c8ab5d294a7e2", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:28:57.479000", "created": "2026-05-04T06:28:57.479000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83ca77d6c947de6c080f8", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:28:55.093000", "created": "2026-05-04T06:28:55.093000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d06294c6426930704edb6f", "name": "URLert Daily Threat Intel \u2014 2026-04-04", "description": "URLert Daily Threat Intel \u2014 2026-04-04\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 170 | Indicators: 326\nConfirmed: 46 | Likely: 120 | Domain intel: 4\nTop threats: Phishing (154), Malware Hosting (10), Dropper (4), Malvertising (1), Unknown (1)\nDomains: 690914.help, acers.net, afflat3a1.com, amendes-justice-gov.co, an1.com, as-isr.top, as-jes.top, as-jeu.top, as-vse.top, aviroohome.com, axiomvelox.online, b-cdn.net, bit.ly, booking-page82...\n\n170 unique threats producing 326 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-04T00:19:44.565000", "created": "2026-04-04T01:00:04.991000", "tags": [ "abuse-cdn", "abused-platform", "account-recovery-scam", "adult-content", "adult-content-lure", "adult-scam", "advance-fees", "affiliate-marketing-scam", "allegro", "android-apk", "android-malware", "apk-distribution", "apk-malware", "automated-scan", "bank-impersonation", "banking-scam", "bookmarklet", "bookmarklet-malware", "brand-impersonation", "bypass-filters", "checkout-forms", "cloaking", "cloudflare-impersonation", "combosquatting", "compromised-site", "content-locker", "counterfeit-goods", "cracked-games", "credential-harvesting", "credit-monitoring-scam", "crypto-scam", "crypto-theft", "cryptocurrency", "cryptocurrency-scam", "cryptocurrency-theft", "daily-threat-intel", "dao", "dao-impersonation", "data-harvesting", "dating-site-scam", "ddb", "deception", "deceptive-content", "deceptive-domain", "deceptive-downloads", "deceptive-facade", "deceptive-interface", "deceptive-label", "deceptive-login", "deceptive-practices", "deceptive-pricing", "deceptive-site", "delivery-exception-scam", "delivery-scam", "delivery-service-impersonation", "delivery-service-scam", "denmark", "direct-download", "discord", "discord-credential-harvesting", "discord-impersonation", "dmv-impersonation", "domain-classification", "dpd", "dpd-impersonation", "e-commerce-scam", "easter-egg-hunt-scam", "easter-scam", "education-sector", "efax-impersonation", "electronics-scam", "evasion-technique", "facebook-impersonation", "fake-app-install", "fake-checkout", "fake-countdown-timer", "fake-deletion-scam", "fake-discounts", "fake-domain", "fake-ecommerce", "fake-endorsements", "fake-feature", "fake-game", "fake-giveaway", "fake-investment-platform", "fake-login", "fake-login-page", "fake-online-store", "fake-parking-fee", "fake-parking-penalty", "fake-payment", "fake-refund", "fake-rewards", "fake-shopping-site", "fake-timer", "fake-toll", "fake-toll-notice", "fake-toll-payment", "fake-toll-scam", "fake-urgency", "fake-verification", "fake-warning", "fake-website", "financial-fraud", "financial-information-theft", "financial-scam", "form-builder-abuse", "fraudulent-e-commerce", "fraudulent-ecommerce", "fraudulent-operation", "fraudulent-platform", "fraudulent-reward-schemes", "fraudulent-website", "free-hosting", "gambling-scam", "game-impersonation", "game-mods", "gaming", "giveaway-scam", "google-credentials", "google-drive-impersonation", "google-impersonation", "government-impersonation", "government-services", "high-risk-domain", "high-risk-hosting", "high-risk-tld", "human-verification", "hungarian-fishing-brand", "icloud-bypass", "information-gathering", "investment-scam", "iowa-dot", "job-scam", "link-shortening-scam", "login-page", "logistics-scam", "logistics-sector", "lookalike-domain", "lure", "malicious-redirect", "malicious-redirection", "malicious-redirects", "malvertising", "malware-delivery", "malware-distribution", "malware-download", "malware-hosting", "malware-vector", "medi-markt", "media-markt", "media-markt-impersonation", "mediamarkt", "mediemarkt", "mercado-pago-impersonation", "microsoft-365", "microsoft-office365-impersonation", "migros", "mobile-data-scam", "mobile-malware", "mod-apps", "modded-apps", "modified-apk", "modified-apps", "morocco", "ncdot-impersonation", "netherlands", "new-domain", "new-york-dmv", "newly-registered-domain", "nike", "north-carolina-dmv", "notification-hijacking", "offer-wall", "office365", "online-purchase-scams", "online-store-scam", "ontario", "oxo-impersonation", "package-delivery-scam", "parking-penalty-scam", "payload-delivery", "payment-harvesting", "payment-information-harvesting", "payment-information-theft", "personal-data-harvesting", "personal-information-harvesting", "personal-information-theft", "pertemps", "phishing", "phishing-campaign", "phishing-kit", "phishing-lure", "phishing-page", "phishing-scam", "phishing-scheme", "phishing-site", "pii-collection", "piracy", "pirated-software", "pirated-software-malware", "powerschool", "powershell-execution", "privacy-risk", "prize-scam", "product-scam", "random-domain", "recent-domain", "recruitment-fraud", "recruitment-scam", "redirect-chain", "redirection", "retail-ecommerce", "retail-fraud", "retail-impersonation", "retail-scam", "roblox", "roblox-impersonation", "rvo-nl", "scam", "scam-tactics", "session-hijacking", "shopping-scam", "smishing-tactic", "social-engineering", "social-media-impersonation", "sofi-impersonation", "software-distribution", "spam-promoted", "state-of-alaska", "steam", "streaming-piracy", "survey-scam", "suspicious-domain", "suspicious-file-sharing", "suspicious-redirect", "suspicious-service", "technology", "telegram-impersonation", "texas-dmv", "ticketone-impersonation", "tikko-impersonation", "tiktok", "toll-scam", "trading-scam", "traffic-fines", "traffic-redirection", "typo-squatting", "typosquatting", "unauthorized-media-distribution", "unauthorized-software", "unrealistic-rewards", "unregulated-gambling", "unsecured-uploads", "unwanted-software", "urgency-scam", "url-redirection", "url-shortener", "urlert", "vercel-hosting", "verification-challenge", "verification-screen", "visionpro-impersonation", "wallet-draining", "withdrawal-scam", "work-from-home-scam", "zoom-impersonation" ], "references": [ "https://urlert.com/domain/690914.help", "https://urlert.com/domain/acers.net", "https://urlert.com/domain/afflat3a1.com", "https://urlert.com/domain/amendes-justice-gov.co", "https://urlert.com/domain/an1.com", "https://urlert.com/domain/as-isr.top", "https://urlert.com/domain/as-jes.top", "https://urlert.com/domain/as-jeu.top", "https://urlert.com/domain/as-vse.top", "https://urlert.com/domain/aviroohome.com", "https://urlert.com/domain/axiomvelox.online", "https://urlert.com/domain/b-cdn.net", "https://urlert.com/domain/bit.ly", "https://urlert.com/domain/booking-page8282461.top", "https://urlert.com/domain/boxtrack.cfd", "https://urlert.com/domain/britetodo.com", "https://urlert.com/domain/citithankyoucard.com", "https://urlert.com/domain/clicksmart365.com", "https://urlert.com/domain/clickup.com", "https://urlert.com/domain/cloudspire-works.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Financial Services", "Government", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 105, "hostname": 55, "URL": 107 }, "indicator_count": 267, "is_author": false, "is_subscribing": null, "subscriber_count": 29, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69cf1115225832368c9af150", "name": "URLert Daily Threat Intel \u2014 2026-04-03", "description": "URLert Daily Threat Intel \u2014 2026-04-03\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 165 | Indicators: 334\nConfirmed: 47 | Likely: 117 | Domain intel: 1\nTop threats: Phishing (148), Malware Hosting (12), Dropper (3), Scanning Host (1), RAT (1)\nDomains: 1cpmspv.top, 1drv.ms, 40gmail.com, 756193.xin, adescargar.net, adobe.com, ankergames.net, as-nfd.top, betioh.com, blogspot.com, bodyshopca.com, bv-dienstleistungen.de, ca-page.cyou, ca-pag...\n\n165 unique threats producing 334 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-03T00:28:39.989000", "created": "2026-04-03T01:00:05.191000", "tags": [ "2fa-harvesting", "adult-app-distribution", "adult-content", "adware", "adware-risk", "agoda-impersonation", "ai-sweden-impersonation", "alaska", "alaska-dmv", "android-malware", "anonymous-sales", "apk-distribution", "apk-malware", "automated-scan", "blockchain-casino", "booking-com", "brand-impersonation", "brazil", "bulk-email-distribution", "california", "california-dmv-impersonation", "cloaking", "cloud-hosting", "cloudflare-abuse", "code-obfuscation", "combell-impersonation", "combosquatting", "compromised-government-site", "controlled-substances", "credential-harvesting", "credit-card-harvesting", "credit-card-scam", "credit-card-theft", "crypto-casino", "crypto-payments", "crypto-scam", "cryptocurrency-scam", "daily-threat-intel", "dao-impersonation", "dao-services", "data-harvesting", "deceptive-content", "deceptive-domain", "deceptive-landing-page", "deceptive-landing-pages", "deceptive-sales-tactics", "deceptive-site", "delivery-exception", "delivery-failure-scam", "delivery-scam", "device-access-attempt", "dhl", "digital-infrastructure-marketplace", "discord-impersonation", "discount-scam", "dmv", "document-lure", "document-sharing-scam", "docusign-impersonation", "domain-classification", "domain-squatting", "dpd", "dpd-impersonation", "dropper", "educational-content-piracy", "email-credentials", "evasion-technique", "facebook", "fake-captcha", "fake-checkout", "fake-citation", "fake-delivery-notice", "fake-delivery-notification", "fake-delivery-scam", "fake-document", "fake-document-preview", "fake-giveaway", "fake-income-opportunity", "fake-invoices", "fake-login", "fake-login-page", "fake-login-portal", "fake-online-store", "fake-payment-portal", "fake-profiles", "fake-security-check", "fake-store", "fake-toll", "fake-toll-notice", "fake-toll-scam", "fake-tracking-page", "fake-warning", "fanbox", "fantia-impersonation", "fifa", "file-sharing-impersonation", "financial-information-theft", "financial-institution-impersonation", "financial-scam", "fiverr", "foot-locker-impersonation", "footlocker", "forced-installation", "fraudulent", "fraudulent-operation", "gamers", "gibberish-domain", "gift-voucher-scam", "github-pages", "giveaway-scam", "glp-1-agonists", "gmail-impersonation", "google-docs", "google-impersonation", "google-sheets-impersonation", "government-impersonation", "government-services", "grayware", "high-abuse-domain", "high-risk-domain", "high-risk-downloads", "high-risk-tld", "high-traffic-site", "hospitality-targeting", "ic-markets-impersonation", "illegal-pharmacy", "impersonation", "information-gathering", "information-harvesting", "intelcom", "invite-code-scam", "ipfs-abuse", "israel-post", "law-firm-impersonation", "legitimate-domain-abuse", "legitimate-service-abuse", "login-page", "login-portal", "logistics", "logistics-delivery", "logistics-scam", "logistics-sector", "logistics-supply-chain", "louisiana-omv-impersonation", "malicious-domain", "malicious-link-shortener", "malicious-links", "malicious-redirect", "malicious-redirector", "malicious-redirects", "malvertising", "malware-delivery", "malware-distribution", "malware-hosting", "malware-risk", "maryland-mva", "media-markt-impersonation", "mediamarkt", "microsoft", "microsoft-forms-abuse", "microsoft-impersonation", "mobile-malware", "modified-apk-distribution", "nacex-impersonation", "ncdot", "nebula-x-impersonation", "netlify-abuse", "netlify-hosting", "new-domain", "newly-registered-domain", "nft-platform", "oklahoma-department-of-public-safety", "online-casino", "online-scam", "oxycodone", "package-delivery-scam", "payment-bypass", "payment-harvesting", "payment-information-harvesting", "payment-scam", "paypal-impersonation", "pennsylvania", "personal-data-harvesting", "personal-information-collection", "personal-information-harvesting", "personal-information-theft", "phishing", "phishing-infrastructure", "phishing-kit", "phishing-landing-page", "phishing-lure", "phishing-page", "phishing-site", "phone-number-collection", "piracy", "pirated-software", "privacy-invasion", "prize-scam", "project-proposal-scam", "pw-thor", "rapid-links-net", "recently-registered-domain", "reconnaissance", "redirect", "redirect-chain", "redirector", "refund-scam", "replit-abuse", "retail-impersonation", "retail-scam", "retail-targeting", "roblox", "roblox-impersonation", "rom-hosting", "romania", "roundcube-webmail", "sameday-impersonation", "scam", "scam-domain", "scam-pages", "scam-site", "scanner-evasion", "schylling", "security-bypass", "security-challenge-bypass", "serviceontario", "serviceontario-impersonation", "shein-impersonation", "slide-to-verify", "smishing", "social-media-impersonation", "software-piracy", "spam-distribution", "spam-facilitation", "spyware", "steam", "steam-account-theft", "stolen-credit-cards", "suspicious-domain", "suspicious-domain-extension", "suspicious-downloads", "targeted-attack", "technology-sector", "telegram-impersonation", "telegram-verification-scam", "tesco", "tesco-impersonation", "tiktok", "tiktok-impersonation", "tiktok-shop-impersonation", "tk-shop", "toll-scam", "traffic-citation-scam", "typosquatting", "unaccountable-infrastructure", "unauthorized-access", "unauthorized-content", "unauthorized-prescription-drugs", "university-brescia", "unrealistic-discounts", "unscanned-files", "unverified-software", "unwanted-programs", "unwanted-software", "urgency-scam", "urgency-tactics", "url-obscurity", "url-shortener", "url-shortener-abuse", "urlert", "video-downloader", "vitkac-impersonation", "vulnerability-scanning", "weebly-abuse", "youtube-spam" ], "references": [ "https://urlert.com/domain/1cpmspv.top", "https://urlert.com/domain/1drv.ms", "https://urlert.com/domain/40gmail.com", "https://urlert.com/domain/756193.xin", "https://urlert.com/domain/adescargar.net", "https://urlert.com/domain/adobe.com", "https://urlert.com/domain/ankergames.net", "https://urlert.com/domain/as-nfd.top", "https://urlert.com/domain/betioh.com", "https://urlert.com/domain/blogspot.com", "https://urlert.com/domain/bodyshopca.com", "https://urlert.com/domain/bv-dienstleistungen.de", "https://urlert.com/domain/ca-page.cyou", "https://urlert.com/domain/ca-page.shop", "https://urlert.com/domain/cgod.shop", "https://urlert.com/domain/ckq.cc", "https://urlert.com/domain/com-azije.cc", "https://urlert.com/domain/communityitemarts.co", "https://urlert.com/domain/create-logo-maker.net", "https://urlert.com/domain/cvmr.life" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Financial Services", "Government", "Healthcare", "Hospitality", "Legal Services", "Logistics / Supply Chain", "Media / Entertainment", "Real Estate", "Retail / E-Commerce", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 98, "hostname": 55, "URL": 104 }, "indicator_count": 257, "is_author": false, "is_subscribing": null, "subscriber_count": 29, "modified_text": "27 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69cdbfb52bc492ac92bd9ad6", "name": "URLert Daily Threat Intel \u2014 2026-04-02", "description": "URLert Daily Threat Intel \u2014 2026-04-02\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 111 | Indicators: 230\nConfirmed: 32 | Likely: 77 | Domain intel: 2\nTop threats: Phishing (100), Malvertising (3), Dropper (3), Malware Hosting (2), Unknown (2)\nDomains: 364278.xin, 37rawmbaz5051125h.cfd, 6390123.trade, 7k5v3k1.mom, acsgri.com, alert-micro.com, auto1groupcove.com, autree.org, averahealthcareers.org, ayprz8.sbs, bkngsresrvationguest.help, b...\n\n111 unique threats producing 230 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-01T23:21:18.418000", "created": "2026-04-02T01:00:37.638000", "tags": [ ".xin-domain", "1inch-network", "abuse-of-legitimate-domain", "account-compromise", "account-recovery-scam", "adult-content-lure", "allegro-impersonation", "altec-lansing", "amazon", "anonymizing-service", "api-key-theft", "apk-distribution", "apple-app-store-impersonation", "apple-support", "aruba-spa", "auto1-group", "automated-scan", "background-check-scam", "booking-com", "brand-impersonation", "cdn-hosting", "clash-royale", "cloudflare", "combosquatting", "content-locker", "cpanel-impersonation", "credential-harvesting", "crypto-scam", "cryptocurrency", "cryptocurrency-impersonation", "cryptocurrency-scam", "currys-impersonation", "daily-threat-intel", "dao-impersonation", "data-collection", "dating-scam", "deceptive-content", "deceptive-domain", "deceptive-filename", "deceptive-practices", "deceptive-redirect", "deceptive-redirection", "deceptive-routing", "deceptive-software", "delivery-failure-scam", "delivery-scam", "denmark", "dhhs-impersonation", "discord-impersonation", "disposable-infrastructure", "domain-classification", "domain-redirection", "dpd", "dpd-impersonation", "easybank-impersonation", "ecommerce-scam", "email-credentials", "employment-scam", "encoded-email", "enterprise-certificate-bypass", "etsy-impersonation", "executable-download", "facebook", "fake-delivery-scam", "fake-document", "fake-giveaway", "fake-job-offer", "fake-login-page", "fake-portal", "fake-progress-bar", "fake-robux-giveaway", "fake-security-alerts", "fake-security-check", "fake-store", "fake-urgency", "fake-verification-page", "fake-video-player", "fake-vpn", "fifa", "financial-fraud", "financial-scam", "financial-services", "gaming-platform", "gibberish-domain", "gift-card-scam", "giveaway-scam", "google", "google-sites", "government-impersonation", "healthcare", "high-risk-aggregator", "high-risk-domain", "high-risk-tld", "hungary", "impersonation", "information-gathering", "intelcom-impersonation", "investment-fraud", "ios-targeting", "ip-grabber", "ip-logger", "ip-logging", "ipfs", "italy", "job-scam", "kleinanzeigen", "lidl-impersonation", "logistics", "logistics-scam", "logistics-sector", "logistics-targeting", "malicious-redirect", "malicious-redirection", "malicious-script", "malvertising", "malware-delivery", "malware-distribution", "malware-hosting", "mediemarkt", "microsoft-forms", "microsoft-impersonation", "microsoft-office-365", "microsoft-sharepoint-impersonation", "new-domain", "newly-registered-domain", "north-carolina", "north-dakota-dot", "offer-scam", "online-gambling", "online-gambling-impersonation", "package-delivery-scam", "parking-citation-scam", "payment-information-harvesting", "payment-information-theft", "payment-scam", "pec-webmail", "personal-information-collection", "personal-information-harvesting", "personal-information-theft", "phishing", "phishing-campaign", "phishing-gateway", "phishing-infrastructure", "phishing-kit", "phishing-site", "privacy-risk", "ralph-lauren", "random-domain", "red-bull", "redirect", "redirect-chain", "redirection", "retail-e-commerce", "retail-scam", "risky-tld", "roblox", "roblox-impersonation", "romania", "royal-mail", "scam", "scam-site", "scam-websites", "shortened-url", "skechers-impersonation", "social-engineering", "social-media-scam", "spectrum", "spotify", "spotify-impersonation", "suspicious-domain", "suspicious-files", "suspicious-redirect-target", "suspicious-tld", "targeted-phishing", "tech-support-scam", "technical-support-scam", "telecommunications-phishing", "texas-dmv", "tracking-service", "traffic-redirection", "trojan", "tx-dmv", "typosquatting", "typosquatting-domain", "unauthorized-application-access", "unauthorized-software-distribution", "unesco-impersonation", "unwanted-content", "unwanted-software", "urlert", "vulnerability-scanning", "webmail-impersonation", "whatsapp-engagement", "whatsapp-impersonation", "zoom" ], "references": [ "https://urlert.com/domain/364278.xin", "https://urlert.com/domain/37rawmbaz5051125h.cfd", "https://urlert.com/domain/6390123.trade", "https://urlert.com/domain/7k5v3k1.mom", "https://urlert.com/domain/acsgri.com", "https://urlert.com/domain/alert-micro.com", "https://urlert.com/domain/auto1groupcove.com", "https://urlert.com/domain/autree.org", "https://urlert.com/domain/averahealthcareers.org", "https://urlert.com/domain/ayprz8.sbs", "https://urlert.com/domain/bkngsresrvationguest.help", "https://urlert.com/domain/bkshoessale-eu.top", "https://urlert.com/domain/c1ic.link", "https://urlert.com/domain/cftgm.cfd", "https://urlert.com/domain/clashroyalegems.store", "https://urlert.com/domain/cloudfront.net", "https://urlert.com/domain/coin-spike.com", "https://urlert.com/domain/comstartnow.com", "https://urlert.com/domain/damockup.com", "https://urlert.com/domain/daoaspost.top" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Automotive", "Financial Services", "Government", "Healthcare", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 70, "URL": 70, "hostname": 35 }, "indicator_count": 175, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "29 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6785dccb041b628fde283705", "name": "phish.directory", "description": "phish.directory, a community-driven anti-phishing tool. Helping catch, prevent, and catalog phishing links & attempts.\n\nsee our website at https://phish.directory", "modified": "2026-01-25T18:05:17.629000", "created": "2025-01-14T03:40:59.456000", "tags": [ "phishing", "scams", "steam", "discord", "roblox" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "jaspermayone", "id": "305022", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 41514, "hostname": 11318 }, "indicator_count": 52832, "is_author": false, "is_subscribing": null, "subscriber_count": 3, "modified_text": "125 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "694c9dfc92855a039b879c72", "name": "Malware Filter - Phishing List - 24-12-2025", "description": "", "modified": "2025-12-25T02:14:20.161000", "created": "2025-12-25T02:14:20.161000", "tags": [], "references": [ "https://malware-filter.gitlab.io/malware-filter/phishing-filter-domains.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 208, "domain": 55 }, "indicator_count": 263, "is_author": false, "is_subscribing": null, "subscriber_count": 1621, "modified_text": "156 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://urlert.com/domain/cloudspire-works.com", "https://urlert.com/domain/biltty.cc", "https://urlert.com/domain/chainvoltgrid.com", "https://urlert.com/domain/go2wa.cc", "https://urlert.com/domain/e-entrega.co", "https://urlert.com/domain/bkngsresrvationguest.help", "https://urlert.com/domain/as-jeu.top", "https://urlert.com/domain/dao-re.top", "https://urlert.com/domain/app.link", "https://urlert.com/domain/bit.ly", "https://malware-filter.gitlab.io/malware-filter/phishing-filter-domains.txt", "https://urlert.com/domain/cs2by.com", "https://urlert.com/domain/huighaverlag.nl", "https://urlert.com/domain/cashstar.com", "https://urlert.com/domain/amazonv8.com", "https://urlert.com/domain/amazon.co", "https://urlert.com/domain/courierdesk.cfd", "https://urlert.com/domain/clicksmart365.com", "https://urlert.com/domain/create-logo-maker.net", "https://urlert.com/domain/audioz.download", "https://urlert.com/domain/britetodo.com", "https://urlert.com/domain/b2wditxn.cc", "https://urlert.com/domain/bestwestern-id-nt52vos.com", "https://urlert.com/domain/0lprvs.click", "https://urlert.com/domain/as-vse.top", "https://urlert.com/domain/averahealthcareers.org", "https://urlert.com/domain/clickup.com", "https://urlert.com/domain/clearancesalestore-eu.com", "https://urlert.com/domain/6390123.trade", "https://urlert.com/domain/bitbyea.com", "https://urlert.com/domain/damockup.com", "https://urlert.com/domain/behindtheemail.com", "https://urlert.com/domain/beastara.com", "https://urlert.com/domain/com-hs.in", "https://urlert.com/domain/googleapis.com", "https://urlert.com/domain/ca-paget.sbs", "https://urlert.com/domain/ameli-monespace.com", "https://urlert.com/domain/futfanaticss.com", "https://urlert.com/domain/effectivegatecpm.com", "https://urlert.com/domain/communityitemarts.co", "https://urlert.com/domain/chara-gacha.com", "https://urlert.com/domain/690914.help", "https://urlert.com/domain/amazon-prime.my", "https://urlert.com/domain/iceiy.com", "https://urlert.com/domain/756193.xin", "https://urlert.com/domain/as-isr.top", "https://urlert.com/domain/buff.ly", "https://urlert.com/domain/ankergames.net", "https://urlert.com/domain/b-cdn.net", "https://urlert.com/domain/dexo.click", "https://urlert.com/domain/boxpoint.cfd", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/dpdlocadp.shop", "https://urlert.com/domain/bestwestern-id-oa74fta.com", "https://urlert.com/domain/govanta.help", "https://urlert.com/domain/aixldc10.shop", "https://urlert.com/domain/d9s3x4.com", "https://urlert.com/domain/as-nfd.top", "https://urlert.com/domain/bybusdt.cc", "https://urlert.com/domain/364278.xin", "https://urlert.com/domain/dailed.gg", "https://urlert.com/domain/contaboserver.net", "https://urlert.com/domain/awigkz.info", "https://urlert.com/domain/6489.pro", "https://urlert.com/domain/adobe.com", "https://urlert.com/domain/bibtly.cc", "https://urlert.com/domain/cgod.shop", "https://urlert.com/domain/bfrickonline.com", "https://urlert.com/domain/awstrack.me", "https://urlert.com/domain/comstartnow.com", "https://urlert.com/domain/364829.xin", "https://urlert.com/domain/3my.live", "https://urlert.com/domain/1drv.ms", "https://urlert.com/domain/capcutpro.org.in", "https://urlert.com/domain/bookscloud.net", "https://urlert.com/domain/aviroohome.com", "https://urlert.com/domain/clashroyalegems.store", "https://urlert.com/domain/citithankyoucard.com", "https://urlert.com/domain/baremineralsstore.com", "https://urlert.com/domain/axiomvelox.online", "https://urlert.com/domain/dpdlocasv.top", "https://urlert.com/domain/cmacked.com", "https://urlert.com/domain/darkvps.pro", "https://urlert.com/domain/eseateams.com", "https://urlert.com/domain/getmysocial.com", "https://urlert.com/domain/ethias.be", "https://urlert.com/domain/beacons.ai", "https://urlert.com/domain/binance-trade.info", "https://urlert.com/domain/aiciinromania.com", "https://urlert.com/domain/acers.net", "https://urlert.com/domain/bv-dienstleistungen.de", "https://urlert.com/domain/fafda.to", "https://urlert.com/domain/adescargar.net", "https://urlert.com/domain/bolt.host", "https://urlert.com/domain/afflat3a1.com", "https://urlert.com/domain/citly.me", "https://urlert.com/domain/dpdlocasa.shop", "https://urlert.com/domain/cvmr.life", "https://urlert.com/domain/euprava-gov.lat", "https://urlert.com/domain/aurelaboutique.co", "https://urlert.com/domain/cloudfront.net", "https://urlert.com/domain/ca-pageo.cyou", "https://urlert.com/domain/bodyshopca.com", "https://urlert.com/domain/booking-page8282461.top", "https://urlert.com/domain/ct.ws", "https://urlert.com/domain/aqui-reclamesac.info", "https://urlert.com/domain/alert-micro.com", "https://urlert.com/domain/filedownloadz.my", "https://urlert.com/domain/ca-pagew.help", "https://urlert.com/domain/bot-gate.cc", "https://urlert.com/domain/c1ic.link", "https://urlert.com/domain/daoaspost.top", "https://urlert.com/domain/cftgm.cfd", "https://urlert.com/domain/dpdlocads.top", "https://urlert.com/domain/cointerac.org", "https://urlert.com/domain/goveipl.shop", "https://urlert.com/domain/acsgri.com", "https://urlert.com/domain/ca-page.shop", "https://urlert.com/domain/brohood.my.id", "https://urlert.com/domain/goveogr.cfd", "https://urlert.com/domain/ca-page.cyou", "https://urlert.com/domain/amendes-justice-gov.co", "https://urlert.com/domain/dpdlocass.shop", "https://urlert.com/domain/google.com", "https://urlert.com/domain/dpdlocafd.shop", "https://urlert.com/domain/40gmail.com", "https://urlert.com/domain/gov-bnnkw.top", "https://urlert.com/domain/homebnb.sbs", "https://urlert.com/domain/ag4.top", "https://urlert.com/domain/ca-pageo.web.id", "https://urlert.com/domain/dpd-lanviro.link", "https://urlert.com/domain/byh.cc", "https://urlert.com/domain/as-jes.top", "https://urlert.com/domain/cgebq.buzz", "https://urlert.com/domain/clickspulse.online", "https://urlert.com/domain/autree.org", "https://urlert.com/domain/httpps-www-roblox.co", "https://urlert.com/domain/auto1groupcove.com", "https://urlert.com/domain/antai-gouv-info.im", "https://urlert.com/domain/7k5v3k1.mom", "https://urlert.com/domain/id8214982.live", "https://urlert.com/domain/blogspot.com", "https://urlert.com/domain/backmart.cyou", "https://urlert.com/domain/ayprz8.sbs", "https://urlert.com/domain/gamedrive.org", "https://urlert.com/domain/djiusa.com", "https://urlert.com/domain/37rawmbaz5051125h.cfd", "https://urlert.com/domain/besowin156.pro", "https://urlert.com/domain/boxpop.cfd", "https://urlert.com/domain/bkshoessale-eu.top", "https://urlert.com/domain/flowtrackr.site", "https://urlert.com/domain/1cpmspv.top", "https://urlert.com/domain/govmdq.autos", "https://urlert.com/domain/abre.ai", "https://urlert.com/domain/bfhix.buzz", "https://urlert.com/domain/linkbrawlstars.store", "https://urlert.com/domain/ffs8.com", "https://urlert.com/domain/an1.com", "https://urlert.com/domain/coin-spike.com", "https://urlert.com/domain/betioh.com", "https://urlert.com/domain/dkfnvk.cfd", "https://urlert.com/domain/boxtrack.cfd", "https://urlert.com/domain/ckq.cc", "https://urlert.com/domain/eu.cc", "https://urlert.com/domain/bzzhr.to", "https://urlert.com/domain/com-azije.cc", "https://urlert.com/domain/geeduu.com" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Real estate", "Healthcare", "Media / entertainment", "Government", "Hospitality", "Technology", "Financial services", "Retail / e-commerce", "Energy", "Legal services", "Media & entertainment", "Telecommunications", "Education", "Automotive", "Logistics / supply chain" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 21, "pulses": [ { "id": "653e8484ba7c285929cb5e0d", "name": "CERT.PL list of malicious domains", "description": "See: https://cert.pl/en/warning-list/\n\n(archived version here: https://web.archive.org/web/20231029161224/https://cert.pl/en/posts/2020/03/malicious_domains/)", "modified": "2026-05-30T07:58:43.913000", "created": "2023-10-29T16:12:52.580000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Poland" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 169093, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "tomtomalien", "id": "258713", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_258713/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 156498, "domain": 371707 }, "indicator_count": 528205, "is_author": false, "is_subscribing": null, "subscriber_count": 474, "modified_text": "15 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ec121455951901fef8a045", "name": "URLert Daily Threat Intel \u2014 2026-04-25", "description": "URLert Daily Threat Intel \u2014 2026-04-25\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 63 | Indicators: 122\nConfirmed: 19 | Likely: 44\nTop threats: Phishing (51), Malware Hosting (4), Unknown (3), Dropper (3), Malvertising (2)\nDomains: 6489.pro, app.link, beacons.ai, bit.ly, bookscloud.net, brohood.my.id, bunnyband.com, ca-paget.sbs, cointerac.org, contaboserver.net, cs2by.com, ct.ws, dexo.click, dkfnvk.cfd, dpdlocafd.sh...\n\n63 unique threats producing 122 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-25T00:14:07.625000", "created": "2026-04-25T01:00:04.128000", "tags": [ "abused-hosting", "account-takeover", "adult-content-lure", "aggressive-ads", "ai-trading-bot", "anubis-challenge-service", "artificial-urgency", "automated-scan", "automatic-download", "azure-blob-storage", "booter", "brand-impersonation", "broken-site", "browser-locker", "burberry", "car-wrap-scam", "cloaking", "code-repository-impersonation", "command-execution", "complex-redirect-chain", "compromised-site", "contabo", "content-locker", "content-locker-scam", "costco-impersonation", "credential-harvesting", "crypto-scam", "cryptocurrency", "cyberattack-facilitation", "daily-threat-intel", "data-harvesting", "ddos-service", "deceptive-domain-email", "deceptive-marketing", "deceptive-practices", "deceptive-redirect", "deceptive-tactics", "deceptive-url", "delivery-scam", "dpd-impersonation", "e-commerce-fraud", "e-commerce-scam", "email-verification", "energy-crisis", "evasion-technique", "executable-malware", "extortion", "fake-discounts", "fake-download", "fake-prize", "fake-promotion", "fake-urgency", "fake-verification", "fake-virus-alert", "fanatics-impersonation", "file-sharing", "financial-data-harvesting", "financial-fraud", "financial-information-harvesting", "financial-scam", "fraudulent-infrastructure", "fraudulent-platform", "fraudulent-retail", "fraudulent-scheme", "fraudulent-sweepstakes", "fuel-voucher", "gambling-platform", "game-related-lure", "gaming", "gift-card-scam", "giveaway-scam", "google-cloud-storage-abuse", "google-impersonation", "government-impersonation", "government-targeting", "identity-theft", "impersonation", "infrastructure-misuse", "interac", "investment-scam", "lidl-impersonation", "linkvertise", "logistics-impersonation", "logistics-supply-chain", "low-reputation", "low-reputation-domain", "malicious-download", "malicious-file-delivery", "malicious-infrastructure", "malicious-redirection", "malicious-scripts", "malvertising", "malware-delivery", "malware-distribution", "mothers-day-scam", "multi-provider-phishing", "neosurf", "new-domain", "newly-registered-domain", "ontario-government", "payload-delivery", "payment-voucher-scam", "persistent-malware", "personal-information-collection", "personal-information-harvesting", "petrom", "phishing", "pii-collection", "plumeimpactor", "potentially-unwanted-software", "redirect", "roblox", "roblox-impersonation", "scam", "scam-ecommerce", "scam-site", "servientrega-impersonation", "shadow-reporting", "shein", "social-engineering", "software-piracy", "software-repository-impersonation", "spain", "spam-promotion", "spotify-impersonation", "steam", "stress-testing", "stresser", "survey-scam", "suspicious-domain", "suspicious-redirect", "suspicious-tld", "suspicious-url", "task-based-scam", "task-scam", "tech-support-scam", "technical-errors", "telegram-bot", "tracking-parameters", "trading-platform", "traffic-redirection", "transcash", "typosquatting", "uber-impersonation", "unknown-binary", "unsecured-site", "unverified-health-claims", "unwanted-software", "url-shortener", "urlert", "usps", "xyz-domain" ], "references": [ "https://urlert.com/domain/6489.pro", "https://urlert.com/domain/app.link", "https://urlert.com/domain/beacons.ai", "https://urlert.com/domain/bit.ly", "https://urlert.com/domain/bookscloud.net", "https://urlert.com/domain/brohood.my.id", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/ca-paget.sbs", "https://urlert.com/domain/cointerac.org", "https://urlert.com/domain/contaboserver.net", "https://urlert.com/domain/cs2by.com", "https://urlert.com/domain/ct.ws", "https://urlert.com/domain/dexo.click", "https://urlert.com/domain/dkfnvk.cfd", "https://urlert.com/domain/dpdlocafd.shop", "https://urlert.com/domain/e-entrega.co", "https://urlert.com/domain/ethias.be", "https://urlert.com/domain/fafda.to", "https://urlert.com/domain/futfanaticss.com", "https://urlert.com/domain/gamedrive.org" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Energy", "Financial Services", "Government", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 33, "URL": 36, "hostname": 13 }, "indicator_count": 82, "is_author": false, "is_subscribing": null, "subscriber_count": 29, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69c081afa2bd54a9599b7c07", "name": "PhishDestroy \u2014 Active Phishing & Crypto Scam Domains", "description": "Real-time feed of phishing, crypto drainer, and scam domains detected by PhishDestroy (phishdestroy.io). Updated hourly. 108K+ domains tracked, 55K+ currently active. Source: github.com/phishdestroy/destroylist", "modified": "2026-05-24T00:00:03.049000", "created": "2026-03-22T23:56:29.438000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "phishdestroy", "id": "348394", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 93266, "hostname": 57600 }, "indicator_count": 150866, "is_author": false, "is_subscribing": null, "subscriber_count": 99, "modified_text": "6 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69eac0b35a25642499b24fa1", "name": "URLert Daily Threat Intel \u2014 2026-04-24", "description": "URLert Daily Threat Intel \u2014 2026-04-24\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 49 | Indicators: 94\nConfirmed: 12 | Likely: 37\nTop threats: Phishing (41), Dropper (3), Malvertising (2), Malware Hosting (2), Unknown (1)\nDomains: ag4.top, amazon-prime.my, ameli-monespace.com, aqui-reclamesac.info, b2wditxn.cc, buff.ly, bunnyband.com, bzzhr.to, ca-pagew.help, dpdlocadp.shop, dpdlocads.top, dpdlocasv.top, eseateams.c...\n\n49 unique threats producing 94 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-23T23:44:47.381000", "created": "2026-04-24T01:00:35.942000", "tags": [ "account-theft", "adult-content", "adult-scam", "affiliate-fraud", "aggressive-advertising", "amazon-prime", "automated-scan", "brand-impersonation", "brawl-stars", "brazil", "browser-extension-distribution", "chrome-hearts-impersonation", "cloud-storage-abuse", "content-locker", "costco", "credential-harvesting", "cutt-ly", "daily-threat-intel", "deception", "deceptive-advertising", "deceptive-domain", "deceptive-download-site", "deceptive-downloads", "deceptive-hosting", "deceptive-marketing", "deceptive-scam", "deceptive-site", "denmark", "dot-shop-tld", "download-wrapper", "dpd", "dpd-impersonation", "e-commerce-scam", "faceit-impersonation", "fake-download", "fake-store", "fake-testimonials", "financial-fraud", "financial-information-theft", "financial-scam", "france", "fraud", "fraud-alert", "fraudulent-services", "free-hosting", "gambling-scam", "gaming-scam", "gaming-sector", "giveaway-scam", "google-cloud-storage", "government-impersonation", "high-risk-domain-extension", "hookup-scam", "hospitality-sector", "impersonation", "information-stealing", "investment-scam", "invite-code-scam", "job-scam", "locaweb-impersonation", "malicious-redirects", "malvertising", "malware-delivery", "malware-distribution", "malware-lure", "marktplaats", "memecoin-scam", "meta", "microsoft-365", "microsoft-forms", "microsoft-impersonation", "microsoft-sharepoint-impersonation", "misspelled-domain", "mondelez-international", "netlify-abuse", "new-domain", "newly-registered-domain", "package-delivery-scam", "payment-scam", "payment-service", "personal-information-harvesting", "petrom", "phishing", "phishing-domain", "phishing-infrastructure", "pix", "rar-archive", "recently-registered-domain", "redirect", "redirect-chain", "retailer-impersonation", "roblox-scam", "scam", "seekda-impersonation", "shipping-impersonation", "social-engineering", "steamrip-distribution", "subscription-trap", "survey-scam", "suspicious-domain", "t-mobile", "task-based-earning-scam", "task-based-scam", "task-scam", "tinder-impersonation", "toll-scam", "unwanted-software", "url-shortener", "urlert", "user-exploitation", "usps", "vercel", "webmail-impersonation", "young-domain" ], "references": [ "https://urlert.com/domain/ag4.top", "https://urlert.com/domain/amazon-prime.my", "https://urlert.com/domain/ameli-monespace.com", "https://urlert.com/domain/aqui-reclamesac.info", "https://urlert.com/domain/b2wditxn.cc", "https://urlert.com/domain/buff.ly", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/bzzhr.to", "https://urlert.com/domain/ca-pagew.help", "https://urlert.com/domain/dpdlocadp.shop", "https://urlert.com/domain/dpdlocads.top", "https://urlert.com/domain/dpdlocasv.top", "https://urlert.com/domain/eseateams.com", "https://urlert.com/domain/filedownloadz.my", "https://urlert.com/domain/googleapis.com", "https://urlert.com/domain/goveipl.shop", "https://urlert.com/domain/govmdq.autos", "https://urlert.com/domain/iceiy.com", "https://urlert.com/domain/id8214982.live", "https://urlert.com/domain/linkbrawlstars.store" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Energy", "Financial Services", "Government", "Healthcare", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 27, "hostname": 10, "URL": 29 }, "indicator_count": 66, "is_author": false, "is_subscribing": null, "subscriber_count": 30, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e96f2bc858014973680e1f", "name": "URLert Daily Threat Intel \u2014 2026-04-23", "description": "URLert Daily Threat Intel \u2014 2026-04-23\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 63 | Indicators: 117\nConfirmed: 18 | Likely: 43 | Domain intel: 2\nTop threats: Phishing (54), Malvertising (4), Dropper (2), Unknown (2), Malware Hosting (1)\nDomains: 0lprvs.click, abre.ai, bunnyband.com, ca-pageo.cyou, ca-pageo.web.id, chainvoltgrid.com, chara-gacha.com, citly.me, dpd-lanviro.link, dpdlocasa.shop, dpdlocass.shop, eu.cc, euprava-gov.lat...\n\n63 unique threats producing 117 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-23T00:06:10.121000", "created": "2026-04-23T01:00:27.807000", "tags": [ "abuse-of-legitimate-service", "account-suspended", "action", "aggressive-ads", "airbnb", "airdrop-scam", "anonymized-infrastructure", "automated-scan", "brand-impersonation", "captcha-scam", "chrome-hearts", "cloaking", "cloudflare-protected", "credential-harvesting", "crypto-casino-scam", "crypto-mining-scam", "cryptocurrency", "cryptocurrency-scam", "daily-threat-intel", "data-harvesting", "dating-scam", "deceptive-advertising", "deceptive-challenge", "deceptive-content", "deceptive-domain", "deceptive-practices", "deceptive-tactics", "delivery-scam", "domain-classification", "dpd-impersonation", "dpd-local-impersonation", "dropshipping-scam", "e-commerce-fraud", "elon-musk-impersonation", "evasion", "evasion-technique", "fake-dating-service", "fake-discounts", "fake-engagement", "fake-giveaway", "fake-login-portal", "fake-registration", "fake-security-alert", "fake-verification", "financial-fraud", "financial-impersonation", "financial-scam", "financial-scheme", "financial-sector", "financial-service-impersonation", "fiverr-impersonation", "fraud-alert", "free-hosting", "fuel-voucher-scam", "game-downloads", "get-paid-to-scheme", "gibberish-domain", "giveaway-scam", "global-futures-options-limited", "google-docs-abuse", "government", "government-impersonation", "high-risk", "high-risk-alert", "high-risk-tld", "human-verification-scam", "impersonation", "information-collection", "information-harvesting", "information-theft", "investment-scam", "israel-post-impersonation", "linkvertise", "logistics-impersonation", "low-reputation", "low-reputation-domain", "lure", "macos-impersonation", "malicious-infrastructure", "malicious-payloads", "malicious-site", "malvertising", "malvertising-gateway", "malware-delivery", "malware-distribution", "mexc-impersonation", "mining-scam", "mobile-number-harvesting", "monetized-url-shortener", "new-domain", "newly-registered-domain", "ontario-government", "package-delivery-scam", "payment-information-harvesting", "peopleperhour-impersonation", "petrom", "phishing", "phishing-page", "phishing-risk", "phishing-site", "privilege-escalation", "random-domain", "redirect", "redirect-chain", "redirect-chains", "riskware", "roblox", "roblox-impersonation", "scam", "scam-allegations", "scam-lure", "scam-storefront", "serbia", "serviceontario", "social-engineering", "suspicious-domain", "targeted-phishing", "task-based-earning-scam", "task-based-scam", "task-scam", "tiktok-impersonation", "tracking-redirect", "traffic-redirection", "trojan", "typosquatting", "unwanted-software", "unwanted-software-distribution", "url-shortener", "urlert", "user-deception", "vgen-impersonation", "wallet-draining" ], "references": [ "https://urlert.com/domain/0lprvs.click", "https://urlert.com/domain/abre.ai", "https://urlert.com/domain/bunnyband.com", "https://urlert.com/domain/ca-pageo.cyou", "https://urlert.com/domain/ca-pageo.web.id", "https://urlert.com/domain/chainvoltgrid.com", "https://urlert.com/domain/chara-gacha.com", "https://urlert.com/domain/citly.me", "https://urlert.com/domain/dpd-lanviro.link", "https://urlert.com/domain/dpdlocasa.shop", "https://urlert.com/domain/dpdlocass.shop", "https://urlert.com/domain/eu.cc", "https://urlert.com/domain/euprava-gov.lat", "https://urlert.com/domain/flowtrackr.site", "https://urlert.com/domain/geeduu.com", "https://urlert.com/domain/go2wa.cc", "https://urlert.com/domain/google.com", "https://urlert.com/domain/homebnb.sbs", "https://urlert.com/domain/httpps-www-roblox.co", "https://urlert.com/domain/huighaverlag.nl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Financial Services", "Government", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 37, "URL": 40, "hostname": 13 }, "indicator_count": 90, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69c08867316c564ade394c69", "name": "PhishDestroy \u2014 Content Active Threats (Live)", "description": "Live feed of phishing and crypto scam domains with ACTIVE malicious content from PhishDestroy. These domains are verified to have live phishing/scam pages. Updated hourly. Source: github.com/phishdestroy/destroylist/dns/content_active.json", "modified": "2026-05-21T12:06:19.702000", "created": "2026-03-23T00:25:09.116000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy", "active", "content" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "phishdestroy", "id": "348394", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 132502, "hostname": 66217 }, "indicator_count": 198719, "is_author": false, "is_subscribing": null, "subscriber_count": 44, "modified_text": "9 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d45715d6b6bd82356b2bd8", "name": "URLert Daily Threat Intel \u2014 2026-04-07", "description": "URLert Daily Threat Intel \u2014 2026-04-07\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 88 | Indicators: 164\nConfirmed: 20 | Likely: 61 | Domain intel: 7\nTop threats: Phishing (78), Malvertising (4), Unknown (2), Malware Hosting (2), Hacking Tool (1)\nDomains: 3my.live, amazon.co, aurelaboutique.co, awigkz.info, beastara.com, besowin156.pro, bitbyea.com, blogspot.com, byh.cc, clickspulse.online, cmacked.com, com-hs.in, ct.ws, dao-re.top, darkvps...\n\n88 unique threats producing 164 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-07T01:01:09.875000", "created": "2026-04-07T01:00:05.086000", "tags": [ "2dehands", "account-recovery-fraud", "account-theft", "ad-network-redirector", "ad-redirector", "adobe-impersonation", "adult-content", "adult-content-lure", "adult-scam", "advance-fee-scam", "affiliate-tracking", "amazon", "android-malware", "anonymous-hosting", "anti-analysis", "app-impersonation", "apple-airpods-max", "asset-theft", "automated-scan", "blogspot-com", "brand-impersonation", "browser-hijacking", "bulletproof-hosting", "camera-access", "celebrity-impersonation", "cloudflare-pages", "content-hiding", "content-locking", "controlled-substances", "counterfeit-site", "cracked-software", "credential-harvesting", "credential-theft", "crypto-scam", "cryptocurrency-payments", "cryptocurrency-scam", "daily-threat-intel", "dating-scam", "deceptive-domain", "deceptive-financial-platform", "deceptive-front", "deceptive-infrastructure", "deceptive-longevity", "deceptive-practices", "deceptive-redirect", "deceptive-reviews", "deceptive-security-claims", "deceptive-site", "denmark", "deposit-theft", "disposable-domain", "dji", "dmca-ignored", "domain-classification", "drm-circumvention", "e-commerce-scam", "ecommerce-sector", "education", "education-sector", "email-credential-harvesting", "fake-app-store", "fake-contest-lure", "fake-financial-credentials", "fake-giveaway", "fake-government-grants", "fake-login", "fake-login-pages", "fake-login-portal", "fake-payment", "fake-prize-scam", "fake-shop", "fake-statistics", "fake-store", "fake-storefront", "fake-trading", "fake-trading-platform", "financial-fraud", "financial-information-harvesting", "financial-scam", "financial-sector", "fraudulent-charges", "fraudulent-crypto-investment", "fraudulent-marketplace", "fraudulent-platform", "fund-theft", "gambling-scam", "game-hacking", "game-mods", "gaming-scam", "google-forms", "google-login", "google-maps-impersonation", "government-impersonation", "high-risk-tld", "highway-6", "hyip", "iaet-bank", "illegal-content", "illicit-marketplace", "information-harvesting", "instagram-phishing", "investment-scam", "iphone-scam", "israel", "job-scam", "leroy-merlin", "lidl", "live-video-chat", "login-form", "logistics-sector", "lottery-scam", "low-price-scam", "macos-malware", "malicious-ad-network", "malicious-advertising-network", "malicious-redirect", "malicious-redirector", "malvertising", "malware", "malware-distribution", "maryland-mva", "microsoft-phishing", "microsoft-sharepoint", "multi-redirect", "namecheap", "nebula-x", "netlify-abuse", "new-domain", "newly-registered", "newly-registered-domain", "no-withdrawal-scam", "north-carolina", "offshore-hosting", "online-crime", "online-gambling", "online-gambling-scam", "online-scam", "online-shopping-scam", "onlyfans-impersonation", "payment-harvesting", "payment-scam", "personal-information-harvesting", "phishing", "phishing-page", "phishing-redirect", "phishing-site", "pig-butchering", "ponynet", "ponzi-scheme", "pop-up-scam", "prediction-market", "pubg-mobile", "qr-code-scam", "random-subdomain", "redirect", "redirect-chain", "remote-script-execution", "remote-task-scam", "retail-scam", "revanced-impersonation", "risky-payment-methods", "roblox", "roblox-impersonation", "runescape", "scam", "scam-platform", "scam-website", "scareware", "sexually-explicit-content", "shortened-url", "social-engineering", "social-media-phishing", "steam", "steam-security-bypass", "steroid-sales", "survey-scam", "suspicious-redirects", "t-mobile", "task-based-investment-scam", "task-based-scam", "task-scam", "telecommunications", "texas-dmv", "third-party-abuse", "timberland-impersonation", "tld-squatting", "traffic-redirection", "travel-scam", "typosquatting", "undelivered-orders", "union-ai", "university-of-brescia", "url-redirection", "url-shortener", "urlert", "usdt-storage", "valorant", "verified-scam", "whatsapp-impersonation", "youtube" ], "references": [ "https://urlert.com/domain/3my.live", "https://urlert.com/domain/amazon.co", "https://urlert.com/domain/aurelaboutique.co", "https://urlert.com/domain/awigkz.info", "https://urlert.com/domain/beastara.com", "https://urlert.com/domain/besowin156.pro", "https://urlert.com/domain/bitbyea.com", "https://urlert.com/domain/blogspot.com", "https://urlert.com/domain/byh.cc", "https://urlert.com/domain/clickspulse.online", "https://urlert.com/domain/cmacked.com", "https://urlert.com/domain/com-hs.in", "https://urlert.com/domain/ct.ws", "https://urlert.com/domain/dao-re.top", "https://urlert.com/domain/darkvps.pro", "https://urlert.com/domain/djiusa.com", "https://urlert.com/domain/getmysocial.com", "https://urlert.com/domain/gov-bnnkw.top", "https://urlert.com/domain/govanta.help", "https://urlert.com/domain/goveogr.cfd" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Financial Services", "Government", "Hospitality", "Logistics / Supply Chain", "Media & Entertainment", "Media / Entertainment", "Retail / E-Commerce", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 52, "URL": 44, "hostname": 17 }, "indicator_count": 113, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d30594f707d5c78dd0db9d", "name": "URLert Daily Threat Intel \u2014 2026-04-06", "description": "URLert Daily Threat Intel \u2014 2026-04-06\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 113 | Indicators: 188\nConfirmed: 36 | Likely: 64 | Domain intel: 13\nTop threats: Phishing (83), Malware Hosting (19), Malvertising (5), Unknown (3), Dropper (2)\nDomains: acsgri.com, adescargar.net, aixldc10.shop, an1.com, antai-gouv-info.im, audioz.download, awstrack.me, behindtheemail.com, besowin156.pro, bestwestern-id-nt52vos.com, bestwestern-id-oa74fta...\n\n113 unique threats producing 188 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-05T20:19:42.941000", "created": "2026-04-06T01:00:04.648000", "tags": [ "abuse-of-legitimate-platform", "account-recovery-scam", "account-takeover", "adult-content", "adware", "aggressive-advertising", "android-apk", "android-malware", "antai", "apk-download", "apk-malware", "app-download-scam", "audio-plugins", "automated-scan", "bait-and-switch", "bank-frick", "beacons", "best-western", "brand-impersonation", "browser-hijacking", "burn-and-churn", "camera-access", "capcut-pro", "cloaking", "cloud-mining", "colombia", "combosquatting", "contest-scam", "coomeet", "copyright-infringement", "counterfeit", "counterfeit-distribution", "counterfeit-site", "counterfeit-software", "cpa-scam", "cracked-software", "credential-harvesting", "credential-theft", "crypto-casino", "crypto-scam", "cryptocurrency-exchange", "cryptocurrency-scam", "daily-threat-intel", "dark-patterns", "data-aggregation", "data-breach-records", "data-harvesting", "data-theft", "dating-scam", "deceptive-ads", "deceptive-advertising", "deceptive-ecommerce-scam", "deceptive-landing-pages", "deceptive-lead-generation", "deceptive-links", "deceptive-offers", "deceptive-page", "deceptive-pricing", "deceptive-promises", "deceptive-site", "deceptive-subscription", "deceptive-tactics", "delivery-exception-scam", "delivery-scam", "discord-impersonation", "disposable-infrastructure", "domain-classification", "domain-hopping", "dpd-impersonation", "e-commerce-scam", "ecommerce-scam", "education", "educational-content-piracy", "electronics-fraud", "emotional-manipulation", "epic-games", "extortion", "facebook-campaign", "fake-app-distribution", "fake-domain", "fake-giveaway", "fake-login", "fake-login-page", "fake-login-portal", "fake-payment-portal", "fake-registration", "fake-reviews", "fake-rewards", "fake-security-check", "fake-shop", "fake-verification", "financial-fraud", "financial-information-theft", "financial-phishing", "financial-scam", "financial-services", "forced-redirects", "fortnite", "fraudulent-marketplace", "fraudulent-platform", "fraudulent-purchases", "fraudulent-retailer", "fraudulent-scheme", "free-hosting", "free-jewelry-scam", "free-spins-scam", "french-government", "french-government-impersonation", "gambling-scam", "gambling-site", "game-impersonation", "gaming-theme", "gibberish-domain", "giveaway-scam", "google", "grayware", "high-risk-domain", "high-risk-domain-extension", "high-risk-environment", "high-risk-tld", "hospitality", "hungary", "identity-intelligence", "identity-theft", "illegal-content", "impersonation", "incentivized-traffic", "indonesian-targeting", "information-collection", "information-obfuscation", "investment-scam", "israel", "it.com", "landing-page-service", "link-in-bio", "login-page", "logistics-phishing", "logistics-sector", "malicious-domain", "malicious-impersonation", "malicious-redirect", "malicious-redirection", "malicious-redirects", "malvertising", "malware", "malware-delivery", "malware-distribution", "malware-hosting", "malware-vector", "medi-markt", "mediamarkt-impersonation", "mediatarget", "modded-apk", "modified-apk", "monopoly-go", "music-production", "nebula-x", "new-domain", "newly-registered-domain", "oauth2-abuse", "olx", "online-scam", "onlyfans-impersonation", "payment-information-harvesting", "payment-scam", "paypal-friends-and-family", "personal-information-collection", "personal-information-harvesting", "phishing", "phishing-backend", "phishing-kit", "phishing-platform", "phishing-scam", "phishing-site", "pig-butchering-scam", "pii-collection", "porn-lure", "potentially-harmful-applications", "privacy-risk", "prize-scam", "product-impersonation", "pup", "quantitative-strategies", "recently-registered-domain", "redirect", "redirect-chain", "redirect-cloaking", "redirection", "redirection-scheme", "redirects", "replit-app", "retail-e-commerce", "retail-ecommerce", "retail-fraud", "retail-impersonation", "retail-scam", "retail-sector", "revanced", "revanced-impersonation", "revanced-malware", "roblox", "roblox-impersonation", "rug-pull", "scam", "scam-domain", "scam-lure", "scam-shop", "scam-site", "scaniverse-impersonation", "scareware", "shadow-reporting", "shadow-reporting-extortion-scheme", "shadow-reporting-scheme", "shipping-impersonation", "shopee", "shortened-url", "simit", "snickers-workwear", "social-engineering", "social-media-campaign", "social-media-scam", "software-piracy", "sorewin149", "souq-impersonation", "spyware", "steam-community", "steam-credential-phishing", "suspicious-domain", "suspicious-executable", "suspicious-infrastructure", "suspicious-redirector", "telecommunications-sector", "telegram-scam", "tracking-redirect", "trading-scam", "traffic-redirection", "trojan", "trojanized-game", "typosquat", "typosquatting", "unauthorized-access", "unauthorized-content-distribution", "unofficial-app", "unregulated-gambling", "unrestricted-file-hosting", "unverified-apps", "unverified-software", "unvetted-content", "unwanted-software", "url-shortener", "urlert", "usdt-scam", "video-call-scam", "vinted-impersonation", "visa", "withdrawal-scam", "xfinity", "youtube-downloader" ], "references": [ "https://urlert.com/domain/acsgri.com", "https://urlert.com/domain/adescargar.net", "https://urlert.com/domain/aixldc10.shop", "https://urlert.com/domain/an1.com", "https://urlert.com/domain/antai-gouv-info.im", "https://urlert.com/domain/audioz.download", "https://urlert.com/domain/awstrack.me", "https://urlert.com/domain/behindtheemail.com", "https://urlert.com/domain/besowin156.pro", "https://urlert.com/domain/bestwestern-id-nt52vos.com", "https://urlert.com/domain/bestwestern-id-oa74fta.com", "https://urlert.com/domain/bfrickonline.com", "https://urlert.com/domain/biltty.cc", "https://urlert.com/domain/binance-trade.info", "https://urlert.com/domain/bit.ly", "https://urlert.com/domain/bot-gate.cc", "https://urlert.com/domain/boxpop.cfd", "https://urlert.com/domain/capcutpro.org.in", "https://urlert.com/domain/cashstar.com", "https://urlert.com/domain/clearancesalestore-eu.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Financial Services", "Government", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 65, "hostname": 19, "URL": 55 }, "indicator_count": 139, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d1b41832db3e0db5b36117", "name": "URLert Daily Threat Intel \u2014 2026-04-05", "description": "URLert Daily Threat Intel \u2014 2026-04-05\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 85 | Indicators: 175\nConfirmed: 27 | Likely: 51 | Domain intel: 7\nTop threats: Phishing (74), Malware Hosting (7), Malvertising (3), Dropper (1)\nDomains: 364829.xin, aiciinromania.com, aixldc10.shop, alert-micro.com, amazonv8.com, b2wditxn.cc, backmart.cyou, baremineralsstore.com, bfhix.buzz, bibtly.cc, bolt.host, boxpoint.cfd, bybusdt.cc, ...\n\n85 unique threats producing 175 actionable indicators. Generated by URLert automated threat intelligence.", "modified": "2026-05-04T23:09:18.301000", "created": "2026-04-05T01:00:08.578000", "tags": [ ".cyou-tld", "account-hijacking", "account-scam", "account-takeover", "adult-content-lure", "advance-fee-scam", "aggressive-advertising", "agoda-impersonation", "amazon-impersonation", "android-malware", "apple-app-store", "apple-impersonation", "application-download", "asset-theft", "automated-scan", "brand-impersonation", "brand-in-subdomain", "browser-extension-malware", "canon-cameras", "cloudflare-obfuscation", "colombia-targeting", "colorado-department-of-revenue", "combosquatting", "compromised-site", "counterfeit-goods", "counterfeit-watches", "cracked-games", "credential-harvesting", "credential-sharing", "credit-card-harvesting", "crypto-scam", "cryptocurrency", "cryptocurrency-scam", "daily-threat-intel", "data-harvesting", "deceptive-ads", "deceptive-advertising", "deceptive-content", "deceptive-domain", "deceptive-ecommerce", "deceptive-lead-generation", "deceptive-marketing", "deceptive-practices", "deceptive-redirect", "deceptive-redirect-chain", "deceptive-redirects", "deceptive-site", "deceptive-tactics", "deceptive-trust-indicators", "deepfake-generation", "delivery-scam", "discord-account-theft", "disposable-infrastructure", "dmv-impersonation", "domain-classification", "download-button", "dpd", "dpd-impersonation", "e-commerce-scam", "easter-egg-hunt-scam", "edeka", "enterprise-certificate-trust", "epic-games", "evasive-maneuvers", "fake-app-store", "fake-credit-generator", "fake-discount", "fake-giveaway", "fake-government-site", "fake-platform", "fake-rewards", "fake-security-check", "fake-transactions", "fake-virus-warning", "financial-scam", "fortnite", "fraudulent-activity", "fraudulent-gambling", "fraudulent-network", "fraudulent-portal", "fraudulent-pricing", "fraudulent-store", "fraudulent-webshop", "fund-harvesting", "game-lure", "game-modding", "game-reward-scam", "gaming", "gaming-scam", "gibberish-domain", "gmail-impersonation", "government-impersonation", "grayware", "high-risk-domain", "high-risk-domain-extension", "high-risk-tld", "ibm", "identity-theft", "illegal-content-lure", "investment-scam", "jbl", "job-scam", "keylogger", "ledger", "ledger-impersonation", "lidl-impersonation", "logged-tg", "malicious-code-execution", "malicious-infrastructure", "malicious-redirect", "malicious-redirector", "malicious-script", "malvertising", "malware-distribution", "malware-hosting", "malware-vector", "mercado-pago-impersonation", "mercadopago", "microsoft-impersonation", "mobile-malware", "modded-apk", "new-domain", "newly-registered", "newly-registered-domain", "non-consensual-imagery", "olx-impersonation", "online-earning-scheme", "onlyfans-impersonation", "password-stealing", "payment-harvesting", "payment-information-theft", "payment-portal-impersonation", "personal-information-collection", "personal-information-gathering", "personal-information-theft", "phishing", "phishing-infrastructure", "phishing-kit", "phishing-page", "phishing-site", "pirated-software", "pop-up-scam", "privacy-risk", "prize-scam", "redirect-chain", "redirect-cloaking", "redirector", "retail-e-commerce", "retail-impersonation", "retail-scam", "roblox", "roblox-impersonation", "roblox-users", "scam", "scam-distribution", "scam-link-generation", "scam-site", "scam-store", "security-bypass", "serviceontario-impersonation", "sexually-explicit-content", "shared-account-directory", "shipping-fee-scam", "shopify-subdomain", "sixt", "social-engineering", "social-media-scam", "solana", "steam", "steam-credential-phishing", "sumup-impersonation", "suspicious-domain", "sviluppo-host", "tantis-pl-impersonation", "tech-support-scam", "telegram-bot", "telegram-impersonation", "tracking-domains", "travel-booking", "trojan", "twitter", "typosquatting", "unauthorized-software", "unauthorized-software-distribution", "unofficial-app-distribution", "unrealistic-pricing", "unwanted-software", "unwanted-subscriptions", "urlert", "usdt-scam", "wallet-drainer", "walmart-impersonation", "withdrawal-theft", "young-domain", "youtube" ], "references": [ "https://urlert.com/domain/364829.xin", "https://urlert.com/domain/aiciinromania.com", "https://urlert.com/domain/aixldc10.shop", "https://urlert.com/domain/alert-micro.com", "https://urlert.com/domain/amazonv8.com", "https://urlert.com/domain/b2wditxn.cc", "https://urlert.com/domain/backmart.cyou", "https://urlert.com/domain/baremineralsstore.com", "https://urlert.com/domain/bfhix.buzz", "https://urlert.com/domain/bibtly.cc", "https://urlert.com/domain/bolt.host", "https://urlert.com/domain/boxpoint.cfd", "https://urlert.com/domain/bybusdt.cc", "https://urlert.com/domain/cgebq.buzz", "https://urlert.com/domain/cloudfront.net", "https://urlert.com/domain/courierdesk.cfd", "https://urlert.com/domain/d9s3x4.com", "https://urlert.com/domain/dailed.gg", "https://urlert.com/domain/effectivegatecpm.com", "https://urlert.com/domain/ffs8.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Automotive", "Financial Services", "Government", "Hospitality", "Logistics / Supply Chain", "Media / Entertainment", "Retail / E-Commerce", "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "urlert_intel", "id": "386175", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 61, "URL": 55, "hostname": 24 }, "indicator_count": 140, "is_author": false, "is_subscribing": null, "subscriber_count": 31, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f83cb0ce73bef5c452bfb0", "name": "Credit: PhishDestroy Clone [\"phish detroy- open domains\"]", "description": "", "modified": "2026-05-04T06:29:04.332000", "created": "2026-05-04T06:29:04.332000", "tags": [ "phishing", "crypto", "scam", "drainer", "fraud", "blocklist", "phishdestroy" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69c081afa2bd54a9599b7c07", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 88564, "hostname": 54516 }, "indicator_count": 143080, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "26 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "wpner.cc", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "wpner.cc", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780185043.3287685 }