Known malicious kithighphishing
Wildcard-DNS Multi-Subdomain Sister Cohort — chunk-vendors
family: nested-subdomain-sister-86c0
Sister of the existing `nested-subdomain-9003` kit using wildcard-DNS abuse with deeply-nested random subdomains: lycl.cjilea.b7ryzkx.com, lypz.j9ado3.ikxoxfjp.com, uicl.oiusnx0w0.c7m26j3n2k.com:3443 (also serving on non-standard port 3443).
Fingerprint anchors
Provenance
Added by: analyst
Added: 2026-05-26 18:58
6 hosts. Sister of nested-subdomain-9003. Note: some hosts serve on non-standard port 3443.
Sightings (6)
| Host | Scan | Script | Match | When |
|---|---|---|---|---|
| uicl.oiusnx0w0.e7gj3fg9cv.com:3443 | 3c98fdcb… | https://uicl.oiusnx0w0.e7gj3fg9cv.com:3443/longyun/static/js/chunk-vendors.759774a1.js | byte | 2026-05-24 20:32 |
| uicl.oiusnx0w0.c7m26j3n2k.com:3443 | 2ac97be3… | https://uicl.oiusnx0w0.c7m26j3n2k.com:3443/longyun/static/js/chunk-vendors.759774a1.js | byte | 2026-05-24 20:14 |
| lycl.cjilea.b7ryzkx.com | bec1f2c9… | https://lycl.cjilea.b7ryzkx.com/longyun/static/js/chunk-vendors.759774a1.js | byte | 2026-05-24 06:06 |
| lypz.j9ado3.ikxoxfjp.com | fd5f0465… | https://lypz.j9ado3.ikxoxfjp.com/longyun/static/js/chunk-vendors.759774a1.js | byte | 2026-05-24 03:17 |
| lyzbb.a09i39p.8p5gfs.com | 18182c6e… | https://lyzbb.a09i39p.8p5gfs.com/longyun/static/js/chunk-vendors.759774a1.js | byte | 2026-05-24 02:27 |
| lyzb.qwuei8.2cou99bj.com | 939add67… | https://lyzb.qwuei8.2cou99bj.com/longyun/static/js/chunk-vendors.759774a1.js | byte | 2026-05-24 00:34 |