Known malicious kithighphishing

Chinese Kaiyun Gambling Kit — js/app

family: cn-kaiyun-gambling-7460

42-host Chinese gambling operator running "Kaiyun" brand impersonation across cn-kaiyunapp.vip, zh-kaiyuntiyu.vip, danti4833.com subdomains with random hostname prefixes. Path pattern /js/app.<hash>.js. Kaiyun (开云) is a known Chinese gambling brand frequently impersonated; "kaiyun" naming + Chinese-numeric subdomains is a strong operator signature.

Fingerprint anchors

content sha25684782284c7ec7fbfa08f93128ffc2d8d3db0a08a70bf3e5e8772b63aef0f290b

canonical AST746038d26798d27a48718a2c6c6b35323eb8d7fc3da6cf3febf3990a3dd52b78

TLSHT139E2B910E6D0B1B86B570BF7732B60D6E41B056EB95D084BF5242C7036F871BDAE9A38

Provenance

Added by: analyst

Added: 2026-05-27 07:09

42 hosts. Single anchor. Largest single-build kit in this batch.

Sightings (42)

Host	Scan	Script	Match	When
h3rg75zs.cn-kaiyunapp.vip	96841b4a…	https://h3rg75zs.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-25 00:23
wwjho0lhg6y88bn.cn-kaiyunapp.vip	48e8a18a…	https://wwjho0lhg6y88bn.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-25 00:18
3vx9n5ynvic.cn-kaiyunapp.vip	fcda6cd8…	https://3vx9n5ynvic.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-25 00:12
ieuqnbkqkllwa.cn-kaiyunapp.vip	7f3d65b9…	https://ieuqnbkqkllwa.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-25 00:11
kvutdavspglizjtconly.cn-kaiyunapp.vip	7b32250f…	https://kvutdavspglizjtconly.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-25 00:04
71my8nl9c0c4pw70lh.cn-kaiyunapp.vip	7fd78457…	https://71my8nl9c0c4pw70lh.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 23:57
sfmmk154lf0q26.cn-kaiyunapp.vip	f5eb2c71…	https://sfmmk154lf0q26.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 23:42
gd767atf42dc5brxf.cn-kaiyunapp.vip	5cc83228…	https://gd767atf42dc5brxf.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 23:40
gf5kfkfva6ghe88.cn-kaiyunapp.vip	3a098fb5…	https://gf5kfkfva6ghe88.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 23:38
hyoaj2fzuoyuce.cn-kaiyunapp.vip	d43a76bb…	https://hyoaj2fzuoyuce.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 23:34
xv61p71y4b35.cn-kaiyunapp.vip	72cec0d5…	https://xv61p71y4b35.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 23:28
hidhmm.cn-kaiyunapp.vip	75073a44…	https://hidhmm.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 23:23
313r6ur.cn-kaiyunapp.vip	3e5df2f9…	https://313r6ur.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 23:12
03ujeew3m9c7f4fam43y.cn-kaiyunapp.vip	e1c7373d…	https://03ujeew3m9c7f4fam43y.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 23:10
ubipi51nizex.cn-kaiyunapp.vip	0a464a39…	https://ubipi51nizex.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 23:07
z9v8ezqqdm0rs6xhpe.cn-kaiyunapp.vip	1e92065f…	https://z9v8ezqqdm0rs6xhpe.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 22:58
8v3za452rj.cn-kaiyunapp.vip	0f6da7b1…	https://8v3za452rj.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 22:55
e860a73joatv87pg.cn-kaiyunapp.vip	38749e12…	https://e860a73joatv87pg.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 22:55
tx70esyvg.cn-kaiyunapp.vip	131dd26e…	https://tx70esyvg.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 22:46
ukrjb7nl1hw.cn-kaiyunapp.vip	ed157e77…	https://ukrjb7nl1hw.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 22:42
57a10j7jhmupuui.cn-kaiyunapp.vip	7ded28cf…	https://57a10j7jhmupuui.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 22:25
1otv801.cn-kaiyunapp.vip	007e9104…	https://1otv801.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 22:24
4l8nu3cv4eh2tbpf9q6.cn-kaiyunapp.vip	8be974b2…	https://4l8nu3cv4eh2tbpf9q6.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 22:13
0018a1pyp5xa.cn-kaiyunapp.vip	9751d167…	https://0018a1pyp5xa.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 22:07
mcpnlv1j.cn-kaiyunapp.vip	78ee9ddc…	https://mcpnlv1j.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 22:00
8b92jc1xdm.cn-kaiyunapp.vip	51e2e924…	https://8b92jc1xdm.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 20:33
az0cy876jretx4a.cn-kaiyunapp.vip	afbc302f…	https://az0cy876jretx4a.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 20:31
h7uczpt.cn-kaiyunapp.vip	6c36e1cc…	https://h7uczpt.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 20:22
4pt7qj.cn-kaiyunapp.vip	25ae2843…	https://4pt7qj.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 20:15
5l9a9cp4vna7oml8rir.cn-kaiyunapp.vip	58b96a54…	https://5l9a9cp4vna7oml8rir.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 19:58
yfpwtf8hffubm3x39e.cn-kaiyunapp.vip	2d2e241a…	https://yfpwtf8hffubm3x39e.cn-kaiyunapp.vip/js/app.26836e23.js	byte	2026-05-24 19:33
zrx51ead3zwu23.rod947321.com	4a717b4e…	https://zrx51ead3zwu23.rod947321.com/js/app.26836e23.js	structure	2026-05-24 18:47
gwq552mioa0qeybj59n.rod947321.com	e1012d9d…	https://gwq552mioa0qeybj59n.rod947321.com/js/app.26836e23.js	structure	2026-05-24 18:22
7y9uv59mdio2ml8pthz.rod947321.com	4df82cca…	https://7y9uv59mdio2ml8pthz.rod947321.com/js/app.26836e23.js	structure	2026-05-24 18:18
nzurrzta.zh-kaiyuntiyu.vip	ad1a1a47…	https://nzurrzta.zh-kaiyuntiyu.vip/js/app.26836e23.js	byte	2026-05-24 14:52
2z8lz9wn.zh-kaiyuntiyu.vip	07c3ec54…	https://2z8lz9wn.zh-kaiyuntiyu.vip/js/app.26836e23.js	byte	2026-05-24 14:23
scny8sxt0tw3netx5cz.wdfr5432.com	482df1ae…	https://scny8sxt0tw3netx5cz.wdfr5432.com/js/app.26836e23.js	structure	2026-05-24 13:09
w7md7vj1mcr2k3.wdfr5432.com	729c4d6e…	https://w7md7vj1mcr2k3.wdfr5432.com/js/app.26836e23.js	structure	2026-05-24 11:48
zp8hayjzta6w2gc.abei53434.com	4ce0ed83…	https://zp8hayjzta6w2gc.abei53434.com/js/app.26836e23.js	byte	2026-05-24 00:17
tojagdrjakcm5h.danti4833.com	1d5a0c5a…	https://tojagdrjakcm5h.danti4833.com/js/app.26836e23.js	byte	2026-05-22 20:08
pugw1a.danti4833.com	8bb8da75…	https://pugw1a.danti4833.com/js/app.26836e23.js	byte	2026-05-22 17:29
0pmfml59vs7.danti4833.com	6bf1b020…	https://0pmfml59vs7.danti4833.com/js/app.26836e23.js	byte	2026-05-22 17:24