TF-1817046
high
📛 Threat Title
Unknown malware: Domain name that delivers a malware payload yujinp.xyz
Description
Indicator that identifies a malware distribution server (payload delivery). IOC type: Domain name that delivers a malware payload. Attributed malware: Unknown malware. Confidence: 80. First seen: 2026-05-22 08:11:13 UTC. Last seen: 2026-05-21 22:57:11 UTC. Reporter: Lenny_3BO. Tags: APT, ClickFix, Lazarus, livekit, teams-spoof, UNC1069, WAVESHAPER.
Remediations (10)
-
web:ismalicious.com
Comprehensive threat intelligence database with 500M+ malicious IPs, domains , and cyberthreat data. Check phishing sites, malware , adware, tracking domains & vulnerabilities. Real-time blocklist API for cybersecurity professionals. Try free!
-
web:malwarediscoverer.com
High-quality, real-time URL redirection threat intelligence Our technology continuously discovers malicious redirection campaigns. Whether you are a security company, domain name registrar, or advertising platform, our intelligence will enhance your product.
-
web:precisionsec.com
PrecisionSec's Malware Domain List is a high fidelity feed of domains actively being used by malware . Our feed is used by experts globally to identify and block malicious domains known to be associated with malware . Whether you are a data reseller, MSSP, or Security Manager, having an accurate and up-to-date list of active malware domains is essential to protecting your internal assets and ...
-
web:undercodetesting.com
Introduction: Cybercriminals are increasingly abusing DNS TXT records to deliver malware and command-and-control (C2) payloads covertly. A recent investigation by DomainTools revealed how attackers fragment, hex-encode, and distribute malicious code across multiple DNS queries, evading traditional security measures.
-
web:urlhaus.abuse.ch
URLhaus URLhaus is a platform from abuse.ch and Spamhaus dedicated to sharing malicious URLs that are being used for malware distribution. Report URLs and explore the database for valuable intelligence. Use the APIs, to seamlessly push and pull signals, and automate bulk queries. With this intelligence, gain insights into malware behavior, to help identify, track, and mitigate against malware ...
-
web:www.ipqualityscore.com
Scan URLs for malware and phishing with our free malicious URL scanner. Check links in real-time to detect suspicious domains and prevent cyber threats.
-
web:www.malwarepatrol.net
Guardian: Delivers emergent threats domains alongside multiple IOC types ( domains , IPs, hashes) + metadata for use in threat detection, enrichment, and proactive security workflows. Sentinel (NGFW): Enables NGFW to proactively detect and block suspicious domain traffic across the network perimeter.
-
web:www.threatlog.com
threat intelligence data A database of malicious domains , updated daily ThreatLog is a service by NoVirusThanks that tracks domains linked to malware , phishing, scams, fake shops and fraudulent websites. These domains are detected by our internal honeypots, manual analysis, malware sandboxes and community submissions.
-
web:www.urlvoid.com
Free website reputation checker tool lets you scan a website with multiple website reputation/blocklist services to check if the website is safe and legit or malicious. Check the online reputation of a website to better detect potentially malicious and scam websites.
-
web:www.virustotal.com
VirusTotal Assistant Bot offers a platform for users to interact with VirusTotal's threat intelligence suite and explore artifact-related information effectively.
Indicators of Compromise (1)
Each indicator is enriched from the IOC database, threat-intel feed corroboration (Threat Hunt) and VirusTotal. Click one to expand.
domain
yujinp.xyz
VT 16 / 91
IOC database
- Type
- domain
- Value
yujinp.xyz- First seen
- Last seen
- Attached to this threat
- Appears in
- 1 threat
- Description
- Domain name that delivers a malware payload attributed to Unknown malware
Threat Hunt — feed corroboration
Not present in any configured threat-intel feed.
Flagged by 16 of 91 VirusTotal vendors
| Vendor | Verdict | Detection |
|---|---|---|
| ADMINUSLabs | malicious | malicious |
| AlphaSOC | malicious | malware |
| BitDefender | malicious | malware |
| CRDF | malicious | malicious |
| Fortinet | malicious | malware |
| G-Data | malicious | malware |
| Lionic | malicious | malicious |
| MalwareURL | malicious | malware |
| Seclookup | malicious | malicious |
| SOCRadar | malicious | malicious |
| Sophos | malicious | malware |
| VIPRE | malicious | malware |
| alphaMountain.ai | suspicious | suspicious |
| Certego | suspicious | suspicious |
| ESET | suspicious | suspicious |
| Gridinsoft | suspicious | suspicious |
Details From VirusTotal
Basic Properties
| TLD | xyz |
History
| Creation date | 2026-04-20 00:00 UTC |
| Last analysis | 2026-06-01 12:44 UTC |
| Last modified on VirusTotal | 2026-06-07 19:06 UTC |
| Last WHOIS update | 2026-04-20 00:00 UTC |
| WHOIS record date | 2027-04-20 00:00 UTC |
References (2)
- Malpedia profile ThreatFox IOCs
-
ThreatFox IOC page
ThreatFox IOCs
Indicator that identifies a malware distribution server (payload delivery). IOC type: Domain name that delivers a malware payload. Attributed malware: Unknown malware. Confidence: 80. First seen: 2026-05-22 08:11:13 UTC. Last seen: 2026-05-21 22:57:11 UTC. Reporter: Lenny_3BO. Tags: APT, ClickFix, Lazarus, livekit, teams-spoof, UNC1069, WAVESHAPER.
AI Forensic Analysis
Only Available for Registered Users. Sign in to view.