{
  "type": "URL",
  "indicator": "https://zhyzym.com",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://zhyzym.com",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 4294780399,
      "indicator": "https://zhyzym.com",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 1,
      "pulses": [
        {
          "id": "69d1b41832db3e0db5b36117",
          "name": "URLert Daily Threat Intel \u2014 2026-04-05",
          "description": "URLert Daily Threat Intel \u2014 2026-04-05\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 85 | Indicators: 175\nConfirmed: 27 | Likely: 51 | Domain intel: 7\nTop threats: Phishing (74), Malware Hosting (7), Malvertising (3), Dropper (1)\nDomains: 364829.xin, aiciinromania.com, aixldc10.shop, alert-micro.com, amazonv8.com, b2wditxn.cc, backmart.cyou, baremineralsstore.com, bfhix.buzz, bibtly.cc, bolt.host, boxpoint.cfd, bybusdt.cc, ...\n\n85 unique threats producing 175 actionable indicators. Generated by URLert automated threat intelligence.",
          "modified": "2026-05-04T23:09:18.301000",
          "created": "2026-04-05T01:00:08.578000",
          "tags": [
            ".cyou-tld",
            "account-hijacking",
            "account-scam",
            "account-takeover",
            "adult-content-lure",
            "advance-fee-scam",
            "aggressive-advertising",
            "agoda-impersonation",
            "amazon-impersonation",
            "android-malware",
            "apple-app-store",
            "apple-impersonation",
            "application-download",
            "asset-theft",
            "automated-scan",
            "brand-impersonation",
            "brand-in-subdomain",
            "browser-extension-malware",
            "canon-cameras",
            "cloudflare-obfuscation",
            "colombia-targeting",
            "colorado-department-of-revenue",
            "combosquatting",
            "compromised-site",
            "counterfeit-goods",
            "counterfeit-watches",
            "cracked-games",
            "credential-harvesting",
            "credential-sharing",
            "credit-card-harvesting",
            "crypto-scam",
            "cryptocurrency",
            "cryptocurrency-scam",
            "daily-threat-intel",
            "data-harvesting",
            "deceptive-ads",
            "deceptive-advertising",
            "deceptive-content",
            "deceptive-domain",
            "deceptive-ecommerce",
            "deceptive-lead-generation",
            "deceptive-marketing",
            "deceptive-practices",
            "deceptive-redirect",
            "deceptive-redirect-chain",
            "deceptive-redirects",
            "deceptive-site",
            "deceptive-tactics",
            "deceptive-trust-indicators",
            "deepfake-generation",
            "delivery-scam",
            "discord-account-theft",
            "disposable-infrastructure",
            "dmv-impersonation",
            "domain-classification",
            "download-button",
            "dpd",
            "dpd-impersonation",
            "e-commerce-scam",
            "easter-egg-hunt-scam",
            "edeka",
            "enterprise-certificate-trust",
            "epic-games",
            "evasive-maneuvers",
            "fake-app-store",
            "fake-credit-generator",
            "fake-discount",
            "fake-giveaway",
            "fake-government-site",
            "fake-platform",
            "fake-rewards",
            "fake-security-check",
            "fake-transactions",
            "fake-virus-warning",
            "financial-scam",
            "fortnite",
            "fraudulent-activity",
            "fraudulent-gambling",
            "fraudulent-network",
            "fraudulent-portal",
            "fraudulent-pricing",
            "fraudulent-store",
            "fraudulent-webshop",
            "fund-harvesting",
            "game-lure",
            "game-modding",
            "game-reward-scam",
            "gaming",
            "gaming-scam",
            "gibberish-domain",
            "gmail-impersonation",
            "government-impersonation",
            "grayware",
            "high-risk-domain",
            "high-risk-domain-extension",
            "high-risk-tld",
            "ibm",
            "identity-theft",
            "illegal-content-lure",
            "investment-scam",
            "jbl",
            "job-scam",
            "keylogger",
            "ledger",
            "ledger-impersonation",
            "lidl-impersonation",
            "logged-tg",
            "malicious-code-execution",
            "malicious-infrastructure",
            "malicious-redirect",
            "malicious-redirector",
            "malicious-script",
            "malvertising",
            "malware-distribution",
            "malware-hosting",
            "malware-vector",
            "mercado-pago-impersonation",
            "mercadopago",
            "microsoft-impersonation",
            "mobile-malware",
            "modded-apk",
            "new-domain",
            "newly-registered",
            "newly-registered-domain",
            "non-consensual-imagery",
            "olx-impersonation",
            "online-earning-scheme",
            "onlyfans-impersonation",
            "password-stealing",
            "payment-harvesting",
            "payment-information-theft",
            "payment-portal-impersonation",
            "personal-information-collection",
            "personal-information-gathering",
            "personal-information-theft",
            "phishing",
            "phishing-infrastructure",
            "phishing-kit",
            "phishing-page",
            "phishing-site",
            "pirated-software",
            "pop-up-scam",
            "privacy-risk",
            "prize-scam",
            "redirect-chain",
            "redirect-cloaking",
            "redirector",
            "retail-e-commerce",
            "retail-impersonation",
            "retail-scam",
            "roblox",
            "roblox-impersonation",
            "roblox-users",
            "scam",
            "scam-distribution",
            "scam-link-generation",
            "scam-site",
            "scam-store",
            "security-bypass",
            "serviceontario-impersonation",
            "sexually-explicit-content",
            "shared-account-directory",
            "shipping-fee-scam",
            "shopify-subdomain",
            "sixt",
            "social-engineering",
            "social-media-scam",
            "solana",
            "steam",
            "steam-credential-phishing",
            "sumup-impersonation",
            "suspicious-domain",
            "sviluppo-host",
            "tantis-pl-impersonation",
            "tech-support-scam",
            "telegram-bot",
            "telegram-impersonation",
            "tracking-domains",
            "travel-booking",
            "trojan",
            "twitter",
            "typosquatting",
            "unauthorized-software",
            "unauthorized-software-distribution",
            "unofficial-app-distribution",
            "unrealistic-pricing",
            "unwanted-software",
            "unwanted-subscriptions",
            "urlert",
            "usdt-scam",
            "wallet-drainer",
            "walmart-impersonation",
            "withdrawal-theft",
            "young-domain",
            "youtube"
          ],
          "references": [
            "https://urlert.com/domain/364829.xin",
            "https://urlert.com/domain/aiciinromania.com",
            "https://urlert.com/domain/aixldc10.shop",
            "https://urlert.com/domain/alert-micro.com",
            "https://urlert.com/domain/amazonv8.com",
            "https://urlert.com/domain/b2wditxn.cc",
            "https://urlert.com/domain/backmart.cyou",
            "https://urlert.com/domain/baremineralsstore.com",
            "https://urlert.com/domain/bfhix.buzz",
            "https://urlert.com/domain/bibtly.cc",
            "https://urlert.com/domain/bolt.host",
            "https://urlert.com/domain/boxpoint.cfd",
            "https://urlert.com/domain/bybusdt.cc",
            "https://urlert.com/domain/cgebq.buzz",
            "https://urlert.com/domain/cloudfront.net",
            "https://urlert.com/domain/courierdesk.cfd",
            "https://urlert.com/domain/d9s3x4.com",
            "https://urlert.com/domain/dailed.gg",
            "https://urlert.com/domain/effectivegatecpm.com",
            "https://urlert.com/domain/ffs8.com"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Automotive",
            "Financial Services",
            "Government",
            "Hospitality",
            "Logistics / Supply Chain",
            "Media / Entertainment",
            "Retail / E-Commerce",
            "Technology"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "urlert_intel",
            "id": "386175",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 61,
            "URL": 55,
            "hostname": 24
          },
          "indicator_count": 140,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 32,
          "modified_text": "26 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": false,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://urlert.com/domain/bybusdt.cc",
        "https://urlert.com/domain/d9s3x4.com",
        "https://urlert.com/domain/bibtly.cc",
        "https://urlert.com/domain/boxpoint.cfd",
        "https://urlert.com/domain/bfhix.buzz",
        "https://urlert.com/domain/aixldc10.shop",
        "https://urlert.com/domain/alert-micro.com",
        "https://urlert.com/domain/bolt.host",
        "https://urlert.com/domain/ffs8.com",
        "https://urlert.com/domain/backmart.cyou",
        "https://urlert.com/domain/courierdesk.cfd",
        "https://urlert.com/domain/cloudfront.net",
        "https://urlert.com/domain/baremineralsstore.com",
        "https://urlert.com/domain/cgebq.buzz",
        "https://urlert.com/domain/effectivegatecpm.com",
        "https://urlert.com/domain/364829.xin",
        "https://urlert.com/domain/aiciinromania.com",
        "https://urlert.com/domain/amazonv8.com",
        "https://urlert.com/domain/b2wditxn.cc",
        "https://urlert.com/domain/dailed.gg"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [
            "Government",
            "Financial services",
            "Retail / e-commerce",
            "Automotive",
            "Technology",
            "Logistics / supply chain",
            "Media / entertainment",
            "Hospitality"
          ],
          "unique_indicators": 172
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/zhyzym.com",
    "whois": "http://whois.domaintools.com/zhyzym.com",
    "domain": "zhyzym.com",
    "hostname": "Unavailable"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 1,
  "pulses": [
    {
      "id": "69d1b41832db3e0db5b36117",
      "name": "URLert Daily Threat Intel \u2014 2026-04-05",
      "description": "URLert Daily Threat Intel \u2014 2026-04-05\n\nAutomated threat intelligence from URLert (https://urlert.com) \u2014 AI-powered URL and domain analysis.\n\nThreats: 85 | Indicators: 175\nConfirmed: 27 | Likely: 51 | Domain intel: 7\nTop threats: Phishing (74), Malware Hosting (7), Malvertising (3), Dropper (1)\nDomains: 364829.xin, aiciinromania.com, aixldc10.shop, alert-micro.com, amazonv8.com, b2wditxn.cc, backmart.cyou, baremineralsstore.com, bfhix.buzz, bibtly.cc, bolt.host, boxpoint.cfd, bybusdt.cc, ...\n\n85 unique threats producing 175 actionable indicators. Generated by URLert automated threat intelligence.",
      "modified": "2026-05-04T23:09:18.301000",
      "created": "2026-04-05T01:00:08.578000",
      "tags": [
        ".cyou-tld",
        "account-hijacking",
        "account-scam",
        "account-takeover",
        "adult-content-lure",
        "advance-fee-scam",
        "aggressive-advertising",
        "agoda-impersonation",
        "amazon-impersonation",
        "android-malware",
        "apple-app-store",
        "apple-impersonation",
        "application-download",
        "asset-theft",
        "automated-scan",
        "brand-impersonation",
        "brand-in-subdomain",
        "browser-extension-malware",
        "canon-cameras",
        "cloudflare-obfuscation",
        "colombia-targeting",
        "colorado-department-of-revenue",
        "combosquatting",
        "compromised-site",
        "counterfeit-goods",
        "counterfeit-watches",
        "cracked-games",
        "credential-harvesting",
        "credential-sharing",
        "credit-card-harvesting",
        "crypto-scam",
        "cryptocurrency",
        "cryptocurrency-scam",
        "daily-threat-intel",
        "data-harvesting",
        "deceptive-ads",
        "deceptive-advertising",
        "deceptive-content",
        "deceptive-domain",
        "deceptive-ecommerce",
        "deceptive-lead-generation",
        "deceptive-marketing",
        "deceptive-practices",
        "deceptive-redirect",
        "deceptive-redirect-chain",
        "deceptive-redirects",
        "deceptive-site",
        "deceptive-tactics",
        "deceptive-trust-indicators",
        "deepfake-generation",
        "delivery-scam",
        "discord-account-theft",
        "disposable-infrastructure",
        "dmv-impersonation",
        "domain-classification",
        "download-button",
        "dpd",
        "dpd-impersonation",
        "e-commerce-scam",
        "easter-egg-hunt-scam",
        "edeka",
        "enterprise-certificate-trust",
        "epic-games",
        "evasive-maneuvers",
        "fake-app-store",
        "fake-credit-generator",
        "fake-discount",
        "fake-giveaway",
        "fake-government-site",
        "fake-platform",
        "fake-rewards",
        "fake-security-check",
        "fake-transactions",
        "fake-virus-warning",
        "financial-scam",
        "fortnite",
        "fraudulent-activity",
        "fraudulent-gambling",
        "fraudulent-network",
        "fraudulent-portal",
        "fraudulent-pricing",
        "fraudulent-store",
        "fraudulent-webshop",
        "fund-harvesting",
        "game-lure",
        "game-modding",
        "game-reward-scam",
        "gaming",
        "gaming-scam",
        "gibberish-domain",
        "gmail-impersonation",
        "government-impersonation",
        "grayware",
        "high-risk-domain",
        "high-risk-domain-extension",
        "high-risk-tld",
        "ibm",
        "identity-theft",
        "illegal-content-lure",
        "investment-scam",
        "jbl",
        "job-scam",
        "keylogger",
        "ledger",
        "ledger-impersonation",
        "lidl-impersonation",
        "logged-tg",
        "malicious-code-execution",
        "malicious-infrastructure",
        "malicious-redirect",
        "malicious-redirector",
        "malicious-script",
        "malvertising",
        "malware-distribution",
        "malware-hosting",
        "malware-vector",
        "mercado-pago-impersonation",
        "mercadopago",
        "microsoft-impersonation",
        "mobile-malware",
        "modded-apk",
        "new-domain",
        "newly-registered",
        "newly-registered-domain",
        "non-consensual-imagery",
        "olx-impersonation",
        "online-earning-scheme",
        "onlyfans-impersonation",
        "password-stealing",
        "payment-harvesting",
        "payment-information-theft",
        "payment-portal-impersonation",
        "personal-information-collection",
        "personal-information-gathering",
        "personal-information-theft",
        "phishing",
        "phishing-infrastructure",
        "phishing-kit",
        "phishing-page",
        "phishing-site",
        "pirated-software",
        "pop-up-scam",
        "privacy-risk",
        "prize-scam",
        "redirect-chain",
        "redirect-cloaking",
        "redirector",
        "retail-e-commerce",
        "retail-impersonation",
        "retail-scam",
        "roblox",
        "roblox-impersonation",
        "roblox-users",
        "scam",
        "scam-distribution",
        "scam-link-generation",
        "scam-site",
        "scam-store",
        "security-bypass",
        "serviceontario-impersonation",
        "sexually-explicit-content",
        "shared-account-directory",
        "shipping-fee-scam",
        "shopify-subdomain",
        "sixt",
        "social-engineering",
        "social-media-scam",
        "solana",
        "steam",
        "steam-credential-phishing",
        "sumup-impersonation",
        "suspicious-domain",
        "sviluppo-host",
        "tantis-pl-impersonation",
        "tech-support-scam",
        "telegram-bot",
        "telegram-impersonation",
        "tracking-domains",
        "travel-booking",
        "trojan",
        "twitter",
        "typosquatting",
        "unauthorized-software",
        "unauthorized-software-distribution",
        "unofficial-app-distribution",
        "unrealistic-pricing",
        "unwanted-software",
        "unwanted-subscriptions",
        "urlert",
        "usdt-scam",
        "wallet-drainer",
        "walmart-impersonation",
        "withdrawal-theft",
        "young-domain",
        "youtube"
      ],
      "references": [
        "https://urlert.com/domain/364829.xin",
        "https://urlert.com/domain/aiciinromania.com",
        "https://urlert.com/domain/aixldc10.shop",
        "https://urlert.com/domain/alert-micro.com",
        "https://urlert.com/domain/amazonv8.com",
        "https://urlert.com/domain/b2wditxn.cc",
        "https://urlert.com/domain/backmart.cyou",
        "https://urlert.com/domain/baremineralsstore.com",
        "https://urlert.com/domain/bfhix.buzz",
        "https://urlert.com/domain/bibtly.cc",
        "https://urlert.com/domain/bolt.host",
        "https://urlert.com/domain/boxpoint.cfd",
        "https://urlert.com/domain/bybusdt.cc",
        "https://urlert.com/domain/cgebq.buzz",
        "https://urlert.com/domain/cloudfront.net",
        "https://urlert.com/domain/courierdesk.cfd",
        "https://urlert.com/domain/d9s3x4.com",
        "https://urlert.com/domain/dailed.gg",
        "https://urlert.com/domain/effectivegatecpm.com",
        "https://urlert.com/domain/ffs8.com"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Automotive",
        "Financial Services",
        "Government",
        "Hospitality",
        "Logistics / Supply Chain",
        "Media / Entertainment",
        "Retail / E-Commerce",
        "Technology"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 2,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "urlert_intel",
        "id": "386175",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_386175/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 61,
        "URL": 55,
        "hostname": 24
      },
      "indicator_count": 140,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 32,
      "modified_text": "26 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": false,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://zhyzym.com",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://zhyzym.com",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780212286.6696281
}