Known malicious kithighother
J365 Gambling Platform — Comet.js
family: j365-gambling-platform
Custom WebSocket C2/heartbeat code (/websocket/Comet.js) used by the J365 illegal-gambling platform. Operator-specific real-time channel for bet placement, balance updates, and admin control.
Fingerprint anchors
Provenance
Added by: analyst
Added: 2026-05-26 13:17
Anchor #2 of 3. Strongest behavioural signal — custom WebSocket protocol bundled with all kit landings.
Sightings (12)
| Host | Scan | Script | Match | When |
|---|---|---|---|---|
| dxext9.pham.xin | b41463be… | https://dxext9.pham.xin/ftl/commonPage/js/websocket/Comet.js | byte | 2026-05-25 00:50 |
| 2hsuoj.yqdkrj.com | 8afd8d88… | https://2hsuoj.yqdkrj.com/ftl/commonPage/js/websocket/Comet.js | byte | 2026-05-25 00:08 |
| jn5ec4.pham.xin | d73884d6… | https://jn5ec4.pham.xin/ftl/commonPage/js/websocket/Comet.js | byte | 2026-05-24 21:12 |
| dxext9.pham.xin | 544f622c… | https://dxext9.pham.xin/ftl/commonPage/js/websocket/Comet.js | byte | 2026-05-24 21:00 |
| huf5as.pham.xin | 262d732b… | https://huf5as.pham.xin/ftl/commonPage/js/websocket/Comet.js | byte | 2026-05-24 20:41 |
| da3b55.pham.xin | 62dfa3a5… | https://da3b55.pham.xin/ftl/commonPage/js/websocket/Comet.js | byte | 2026-05-24 20:40 |
| da3b55.pham.xin | 6c31dc8b… | https://da3b55.pham.xin/ftl/commonPage/js/websocket/Comet.js | byte | 2026-05-24 20:40 |
| da3b55.pham.xin | 635fc42f… | https://da3b55.pham.xin/ftl/commonPage/js/websocket/Comet.js | byte | 2026-05-24 20:39 |
| huf5as.pham.xin | 6fe623fd… | https://huf5as.pham.xin/ftl/commonPage/js/websocket/Comet.js | byte | 2026-05-24 20:38 |
| da3b55.pham.xin | 3f2ed933… | https://da3b55.pham.xin/ftl/commonPage/js/websocket/Comet.js | byte | 2026-05-24 20:38 |
| 2hsuoj.yqdkrj.com | 3f1a24b1… | https://2hsuoj.yqdkrj.com/ftl/commonPage/js/websocket/Comet.js | byte | 2026-05-24 20:37 |
| da3b55.pham.xin | e8318d6c… | https://da3b55.pham.xin/ftl/commonPage/js/websocket/Comet.js | byte | 2026-05-24 20:34 |