Known malicious kithighother
J365 Gambling Platform — gui-base.js
family: j365-gambling-platform
Chinese-language illegal online-gambling platform served from a rotating set of brand-prefixed landing domains (j365*.xyz, lvs*.vip, hgty*.vip, hg*.vip, usdbetvip*.biz, xpj*.com — including punycoded variants) backed by a small set of operator CDN hosts on pham.xin and yqdkrj.com under the path /ftl/commonPage/. Offers fish-shooter, casino, sports, chess games. gui-base.js is the kit's shared UI framework.
Fingerprint anchors
Provenance
Added by: analyst
Added: 2026-05-26 13:17
Anchor #1 of 3 for the family. Seen on da3b55/dxext9/huf5as/jn5ec4.pham.xin and 2hsuoj.yqdkrj.com. Zero leakage to legitimate hosts in the corpus.
Sightings (12)
| Host | Scan | Script | Match | When |
|---|---|---|---|---|
| dxext9.pham.xin | b41463be… | https://dxext9.pham.xin/ftl/commonPage/js/gui-base.js | byte | 2026-05-25 00:50 |
| 2hsuoj.yqdkrj.com | 8afd8d88… | https://2hsuoj.yqdkrj.com/ftl/commonPage/js/gui-base.js | byte | 2026-05-25 00:08 |
| jn5ec4.pham.xin | d73884d6… | https://jn5ec4.pham.xin/ftl/commonPage/js/gui-base.js | byte | 2026-05-24 21:12 |
| dxext9.pham.xin | 544f622c… | https://dxext9.pham.xin/ftl/commonPage/js/gui-base.js | byte | 2026-05-24 21:00 |
| huf5as.pham.xin | 262d732b… | https://huf5as.pham.xin/ftl/commonPage/js/gui-base.js | byte | 2026-05-24 20:41 |
| da3b55.pham.xin | 62dfa3a5… | https://da3b55.pham.xin/ftl/commonPage/js/gui-base.js | byte | 2026-05-24 20:40 |
| da3b55.pham.xin | 6c31dc8b… | https://da3b55.pham.xin/ftl/commonPage/js/gui-base.js | byte | 2026-05-24 20:40 |
| da3b55.pham.xin | 635fc42f… | https://da3b55.pham.xin/ftl/commonPage/js/gui-base.js | byte | 2026-05-24 20:39 |
| huf5as.pham.xin | 6fe623fd… | https://huf5as.pham.xin/ftl/commonPage/js/gui-base.js | byte | 2026-05-24 20:38 |
| da3b55.pham.xin | 3f2ed933… | https://da3b55.pham.xin/ftl/commonPage/js/gui-base.js | byte | 2026-05-24 20:38 |
| 2hsuoj.yqdkrj.com | 3f1a24b1… | https://2hsuoj.yqdkrj.com/ftl/commonPage/js/gui-base.js | byte | 2026-05-24 20:37 |
| da3b55.pham.xin | e8318d6c… | https://da3b55.pham.xin/ftl/commonPage/js/gui-base.js | byte | 2026-05-24 20:34 |