{ "type": "URL", "indicator": "https://3g.ycyxxq.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://3g.ycyxxq.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4299482533, "indicator": "https://3g.ycyxxq.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "69d87573143e567e8503beda", "name": "CAPE Sandbox - Google Domain Browser", "description": " Some insight on a browser sandbox. mitm.", "modified": "2026-05-10T04:12:46.896000", "created": "2026-04-10T03:58:43.549000", "tags": [ "title", "doctype html", "google", "ce62bb", "style", "error", "image", "mitre attack", "network info", "performs dns", "urls", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "phishing", "next", "ip traffic", "msft", "msft nethandle", "net1500000", "server", "corporation", "chaturmohta", "orgroutingref", "orgabusehandle", "microsoft abuse", "orgabuseref", "microsoft", "orgid", "msft address", "microsoft way", "city", "stateprov", "postalcode", "thumbprint" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/85b04c04a7046a296d77251f2236ad5e7ce32fbaab17c590ef372bf00497fbd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775792988&Signature=M1J9CaQkigeg5YRUts8g89wpgmwVxVFRSm9L7fFYPqBizkGksAY%2BQXAESjDzcmPanQSRoqOJXy9yNcu%2F4pPkcUbFtUg8oheQzdL2ebI2eOElYvDV8Mh1Su0AthuKtQT2eC0LsybOE1tRIZO7gxtwxN1CpF5ZhSdES8HaMIFIPL7xsOgmhx4IrdEtjDVHMSCRHnIPuGzO4aQn%2Bl4mga3fI%2FyYiJoFWyMh3OiTXZi%2FidlmFFy9IZTT", "https://vtbehaviour.commondatastorage.googleapis.com/85b04c04a7046a296d77251f2236ad5e7ce32fbaab17c590ef372bf00497fbd5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775793011&Signature=Obu7zDEJiUY4g9RFOhUIFYbnTGp8YMLvwJCCIR8YL6KFoTrbPiqoltMTn%2FJbTCwl%2Bxky0XNZLQJ2Bj5RCjBwsG382Ckn5T596CYG%2Fk%2B%2FZl5rfYfzgjGwaLT5bO0t%2B6nmKGUTqsZuubwpBtp2leCiw6rVYimL8xulbJF30wh5qDBfH4u%2FsGJrRnSd%2BHiu%2B8YWf%2B39QE9Q%2BazzeRFrq7Jt4DDRRC%2FXY2D1GdxmPzPrYkI4c7" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 119, "FileHash-SHA1": 114, "FileHash-SHA256": 543, "domain": 122, "hostname": 411, "URL": 721, "CIDR": 3, "email": 6 }, "indicator_count": 2039, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d5f56a5f13dc6c5bd93c0e", "name": "WIN EXE. Run Sandboxed", "description": "The full text of the report on the Google server, published on 1 January 2018, has been published online by the internet service provider, ICann.com, for the first time in its history.", "modified": "2026-05-08T07:38:32.166000", "created": "2026-04-08T06:27:54.699000", "tags": [ "win32", "as15169 google", "united", "status", "mtb jan", "mtb mar", "mtb feb", "name servers", "aaaa", "passive dns", "date", "trojan" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 283, "FileHash-SHA1": 279, "FileHash-SHA256": 620, "email": 6, "URL": 353, "domain": 198, "hostname": 287, "CVE": 16 }, "indicator_count": 2042, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/85b04c04a7046a296d77251f2236ad5e7ce32fbaab17c590ef372bf00497fbd5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775793011&Signature=Obu7zDEJiUY4g9RFOhUIFYbnTGp8YMLvwJCCIR8YL6KFoTrbPiqoltMTn%2FJbTCwl%2Bxky0XNZLQJ2Bj5RCjBwsG382Ckn5T596CYG%2Fk%2B%2FZl5rfYfzgjGwaLT5bO0t%2B6nmKGUTqsZuubwpBtp2leCiw6rVYimL8xulbJF30wh5qDBfH4u%2FsGJrRnSd%2BHiu%2B8YWf%2B39QE9Q%2BazzeRFrq7Jt4DDRRC%2FXY2D1GdxmPzPrYkI4c7", "https://vtbehaviour.commondatastorage.googleapis.com/85b04c04a7046a296d77251f2236ad5e7ce32fbaab17c590ef372bf00497fbd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775792988&Signature=M1J9CaQkigeg5YRUts8g89wpgmwVxVFRSm9L7fFYPqBizkGksAY%2BQXAESjDzcmPanQSRoqOJXy9yNcu%2F4pPkcUbFtUg8oheQzdL2ebI2eOElYvDV8Mh1Su0AthuKtQT2eC0LsybOE1tRIZO7gxtwxN1CpF5ZhSdES8HaMIFIPL7xsOgmhx4IrdEtjDVHMSCRHnIPuGzO4aQn%2Bl4mga3fI%2FyYiJoFWyMh3OiTXZi%2FidlmFFy9IZTT" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 2805 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/ycyxxq.com", "whois": "http://whois.domaintools.com/ycyxxq.com", "domain": "ycyxxq.com", "hostname": "3g.ycyxxq.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "69d87573143e567e8503beda", "name": "CAPE Sandbox - Google Domain Browser", "description": " Some insight on a browser sandbox. mitm.", "modified": "2026-05-10T04:12:46.896000", "created": "2026-04-10T03:58:43.549000", "tags": [ "title", "doctype html", "google", "ce62bb", "style", "error", "image", "mitre attack", "network info", "performs dns", "urls", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "phishing", "next", "ip traffic", "msft", "msft nethandle", "net1500000", "server", "corporation", "chaturmohta", "orgroutingref", "orgabusehandle", "microsoft abuse", "orgabuseref", "microsoft", "orgid", "msft address", "microsoft way", "city", "stateprov", "postalcode", "thumbprint" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/85b04c04a7046a296d77251f2236ad5e7ce32fbaab17c590ef372bf00497fbd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775792988&Signature=M1J9CaQkigeg5YRUts8g89wpgmwVxVFRSm9L7fFYPqBizkGksAY%2BQXAESjDzcmPanQSRoqOJXy9yNcu%2F4pPkcUbFtUg8oheQzdL2ebI2eOElYvDV8Mh1Su0AthuKtQT2eC0LsybOE1tRIZO7gxtwxN1CpF5ZhSdES8HaMIFIPL7xsOgmhx4IrdEtjDVHMSCRHnIPuGzO4aQn%2Bl4mga3fI%2FyYiJoFWyMh3OiTXZi%2FidlmFFy9IZTT", "https://vtbehaviour.commondatastorage.googleapis.com/85b04c04a7046a296d77251f2236ad5e7ce32fbaab17c590ef372bf00497fbd5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775793011&Signature=Obu7zDEJiUY4g9RFOhUIFYbnTGp8YMLvwJCCIR8YL6KFoTrbPiqoltMTn%2FJbTCwl%2Bxky0XNZLQJ2Bj5RCjBwsG382Ckn5T596CYG%2Fk%2B%2FZl5rfYfzgjGwaLT5bO0t%2B6nmKGUTqsZuubwpBtp2leCiw6rVYimL8xulbJF30wh5qDBfH4u%2FsGJrRnSd%2BHiu%2B8YWf%2B39QE9Q%2BazzeRFrq7Jt4DDRRC%2FXY2D1GdxmPzPrYkI4c7" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 119, "FileHash-SHA1": 114, "FileHash-SHA256": 543, "domain": 122, "hostname": 411, "URL": 721, "CIDR": 3, "email": 6 }, "indicator_count": 2039, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d5f56a5f13dc6c5bd93c0e", "name": "WIN EXE. Run Sandboxed", "description": "The full text of the report on the Google server, published on 1 January 2018, has been published online by the internet service provider, ICann.com, for the first time in its history.", "modified": "2026-05-08T07:38:32.166000", "created": "2026-04-08T06:27:54.699000", "tags": [ "win32", "as15169 google", "united", "status", "mtb jan", "mtb mar", "mtb feb", "name servers", "aaaa", "passive dns", "date", "trojan" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 283, "FileHash-SHA1": 279, "FileHash-SHA256": 620, "email": 6, "URL": 353, "domain": 198, "hostname": 287, "CVE": 16 }, "indicator_count": 2042, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://3g.ycyxxq.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://3g.ycyxxq.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780278287.113847 }