Known malicious kithighphishing
Random-TLD Multi-Domain Rotation Kit — main.v2.js
family: hevvugu-multi-domain
Single shared main.v2.js deployed across 17 throwaway domains on cheap/suspicious TLDs (.icu, .sbs, .cfd, .cyou, .shop, .wiki, .one, .asia, .club). Includes telegran.one — Telegram brand impersonation. The 17 hosts have inconsistent verdicts (Low Risk → Malicious); the roster catches all of them via a single fingerprint.
Fingerprint anchors
Provenance
Added by: analyst
Added: 2026-05-26 14:39
Single anchor — the kit serves the same main.v2.js across all 17 known sister domains.
Sightings (84)
| Host | Scan | Script | Match | When |
|---|---|---|---|---|
| hua456t.xyz | 22ccda8b… | https://hua456t.xyz/main.v2.js | structure | 2026-05-24 17:46 |
| hua456t.xyz | 22ccda8b… | https://hua456t.xyz/main.v2.js | structure | 2026-05-24 17:46 |
| hua456t.xyz | 22ccda8b… | https://hua456t.xyz/main.v2.js | structure | 2026-05-24 17:46 |
| claw111a.xyz | fca24554… | https://claw111a.xyz/main.v2.js | structure | 2026-05-24 17:18 |
| bot789c.xyz | 1bb0a9e8… | https://bot789c.xyz/main.v2.js | structure | 2026-05-24 17:17 |
| bot789c.xyz | 1bb0a9e8… | https://bot789c.xyz/main.v2.js | structure | 2026-05-24 17:17 |
| bot789c.xyz | 5ea2425a… | https://bot789c.xyz/main.v2.js | structure | 2026-05-24 17:14 |
| testxyz123.top | ef98f6a6… | https://testxyz123.top/main.v2.js | structure | 2026-05-24 17:10 |
| testxyz123.top | ef98f6a6… | https://testxyz123.top/main.v2.js | structure | 2026-05-24 17:10 |
| tech000f.xyz | 8b13fe1b… | https://tech000f.xyz/main.v2.js | structure | 2026-05-24 16:55 |
| ai123h.xyz | f06ed6dc… | https://ai123h.xyz/main.v2.js | structure | 2026-05-24 16:54 |
| ai123h.xyz | f06ed6dc… | https://ai123h.xyz/main.v2.js | structure | 2026-05-24 16:54 |
| ai123h.xyz | f06ed6dc… | https://ai123h.xyz/main.v2.js | structure | 2026-05-24 16:54 |
| hua456t.xyz | aa693d07… | https://hua456t.xyz/main.v2.js | structure | 2026-05-24 16:48 |
| hua456t.xyz | aa693d07… | https://hua456t.xyz/main.v2.js | structure | 2026-05-24 16:48 |
| testxyz123.top | 195a93b1… | https://testxyz123.top/main.v2.js | structure | 2026-05-24 16:40 |
| zeltrixx.top | 8ea84911… | https://zeltrixx.top/main.v2.js?v=2 | structure | 2026-05-24 13:27 |
| zeltrixa.top | 051e944f… | https://zeltrixa.top/main.v2.js?v=2 | structure | 2026-05-24 13:24 |
| zeltrinz.top | e2219d47… | https://zeltrinz.top/main.v2.js?v=2 | structure | 2026-05-24 13:24 |
| zeltrinz.top | a99cc459… | https://zeltrinz.top/main.v2.js?v=2 | structure | 2026-05-24 13:05 |
| zeltrinz.top | a99cc459… | https://zeltrinz.top/main.v2.js?v=2 | structure | 2026-05-24 13:05 |
| zeltrinz.top | a99cc459… | https://zeltrinz.top/main.v2.js?v=2 | structure | 2026-05-24 13:05 |
| zeltrinz.top | a99cc459… | https://zeltrinz.top/main.v2.js?v=2 | structure | 2026-05-24 13:05 |
| zeltrixx.top | c50b5049… | https://zeltrixx.top/main.v2.js?v=2 | structure | 2026-05-24 13:02 |
| zeltrixx.top | c50b5049… | https://zeltrixx.top/main.v2.js?v=2 | structure | 2026-05-24 13:02 |
| zeltrixx.top | c50b5049… | https://zeltrixx.top/main.v2.js?v=2 | structure | 2026-05-24 13:02 |
| telegran.one | fa3ccd07… | https://telegran.one/main.v2.js | byte | 2026-05-24 12:54 |
| zeltrixa.top | e2132556… | https://zeltrixa.top/main.v2.js?v=2 | structure | 2026-05-24 12:54 |
| zeltrixa.top | e2132556… | https://zeltrixa.top/main.v2.js?v=2 | structure | 2026-05-24 12:54 |
| zeltrixo.top | 93d3bdd1… | https://zeltrixo.top/main.v2.js?v=2 | structure | 2026-05-24 12:46 |
| zeltrixo.top | 93d3bdd1… | https://zeltrixo.top/main.v2.js?v=2 | structure | 2026-05-24 12:46 |
| hurvovo.cyou | 0619c150… | https://hurvovo.cyou/main.v2.js | byte | 2026-05-24 12:43 |
| zelviro.top | 8d672d59… | https://zelviro.top/main.v2.js?v=2 | structure | 2026-05-24 12:42 |
| munvigo.cfd | 31416df6… | https://munvigo.cfd/main.v2.js | byte | 2026-05-24 12:40 |
| munvigo.cfd | 31416df6… | https://munvigo.cfd/main.v2.js | byte | 2026-05-24 12:40 |
| 862m23.icu | 12e6d172… | https://862m23.icu/main.v2.js | byte | 2026-05-24 12:40 |
| hevvugu.icu | 1216a1b0… | https://hevvugu.icu/main.v2.js | byte | 2026-05-24 12:34 |
| hevvugu.icu | 1216a1b0… | https://hevvugu.icu/main.v2.js | byte | 2026-05-24 12:34 |
| hevvugu.icu | 1216a1b0… | https://hevvugu.icu/main.v2.js | byte | 2026-05-24 12:34 |
| hevvugu.icu | 1216a1b0… | https://hevvugu.icu/main.v2.js | byte | 2026-05-24 12:34 |
| hevvugu.icu | 1216a1b0… | https://hevvugu.icu/main.v2.js | byte | 2026-05-24 12:34 |
| karvexo.cfd | a188ca39… | https://karvexo.cfd/main.v2.js?v=2 | structure | 2026-05-24 12:34 |
| karvexo.cfd | a188ca39… | https://karvexo.cfd/main.v2.js?v=2 | structure | 2026-05-24 12:34 |
| karvexo.cfd | a188ca39… | https://karvexo.cfd/main.v2.js?v=2 | structure | 2026-05-24 12:34 |
| selnixzfo.shop | e9e48b50… | https://selnixzfo.shop/main.v2.js | byte | 2026-05-24 12:31 |
| selnixzfo.shop | e9e48b50… | https://selnixzfo.shop/main.v2.js | byte | 2026-05-24 12:31 |
| selnixzfo.shop | e9e48b50… | https://selnixzfo.shop/main.v2.js | byte | 2026-05-24 12:31 |
| selnixzfo.shop | b0c47292… | https://selnixzfo.shop/main.v2.js | byte | 2026-05-24 12:29 |
| selnixzfo.shop | b0c47292… | https://selnixzfo.shop/main.v2.js | byte | 2026-05-24 12:29 |
| gnvrog.cfd | 8dd907da… | https://gnvrog.cfd/main.v2.js | byte | 2026-05-24 12:29 |
| narviko.top | 26829e4f… | https://narviko.top/main.v2.js?v=2 | structure | 2026-05-24 12:27 |
| pernixzga.shop | 20a5fbc8… | https://pernixzga.shop/main.v2.js | byte | 2026-05-24 12:24 |
| pernixzga.shop | 20a5fbc8… | https://pernixzga.shop/main.v2.js | byte | 2026-05-24 12:24 |
| pernixzga.shop | 20a5fbc8… | https://pernixzga.shop/main.v2.js | byte | 2026-05-24 12:24 |
| sevvopa.cfd | e384b945… | https://sevvopa.cfd/main.v2.js | byte | 2026-05-24 12:22 |
| sevvopa.cfd | e384b945… | https://sevvopa.cfd/main.v2.js | byte | 2026-05-24 12:22 |
| sevvopa.cfd | e384b945… | https://sevvopa.cfd/main.v2.js | byte | 2026-05-24 12:22 |
| sevvopa.cfd | e384b945… | https://sevvopa.cfd/main.v2.js | byte | 2026-05-24 12:22 |
| sevvopa.cfd | e384b945… | https://sevvopa.cfd/main.v2.js | byte | 2026-05-24 12:22 |
| dulvici.sbs | 815b338d… | https://dulvici.sbs/main.v2.js | byte | 2026-05-24 12:19 |
| morvixzde.shop | 93880b9a… | https://morvixzde.shop/main.v2.js | byte | 2026-05-24 12:19 |
| keriox.sbs | 9fe2d8da… | https://keriox.sbs/main.v2.js | byte | 2026-05-24 12:16 |
| keriox.sbs | 9fe2d8da… | https://keriox.sbs/main.v2.js | byte | 2026-05-24 12:16 |
| keriox.sbs | 9fe2d8da… | https://keriox.sbs/main.v2.js | byte | 2026-05-24 12:16 |
| dulvici.sbs | 5469a919… | https://dulvici.sbs/main.v2.js | byte | 2026-05-24 12:13 |
| wusmula.icu | abfb3586… | https://wusmula.icu/main.v2.js | byte | 2026-05-24 12:13 |
| wusmula.icu | abfb3586… | https://wusmula.icu/main.v2.js | byte | 2026-05-24 12:13 |
| wusmula.icu | abfb3586… | https://wusmula.icu/main.v2.js | byte | 2026-05-24 12:13 |
| wusmula.icu | abfb3586… | https://wusmula.icu/main.v2.js | byte | 2026-05-24 12:13 |
| senvaro.top | bac2b01d… | https://senvaro.top/main.v2.js?v=2 | structure | 2026-05-24 12:12 |
| melviro.cfd | 3c02e9e9… | https://melviro.cfd/main.v2.js?v=2 | structure | 2026-05-24 12:11 |
| worvicu.icu | ca24535f… | https://worvicu.icu/main.v2.js | byte | 2026-05-24 12:11 |
| worvicu.icu | ca24535f… | https://worvicu.icu/main.v2.js | byte | 2026-05-24 12:11 |
| norvaxzbi.shop | a437ba98… | https://norvaxzbi.shop/main.v2.js | byte | 2026-05-24 12:11 |
| norvaxzbi.shop | a437ba98… | https://norvaxzbi.shop/main.v2.js | byte | 2026-05-24 12:11 |
| gnvrog.cfd | fe375148… | https://gnvrog.cfd/main.v2.js | byte | 2026-05-24 12:09 |
| gnvrog.cfd | fe375148… | https://gnvrog.cfd/main.v2.js | byte | 2026-05-24 12:09 |
| norvaxzbi.shop | 946623f5… | https://norvaxzbi.shop/main.v2.js | byte | 2026-05-24 12:09 |
| pelvaro.cfd | a56f1e76… | https://pelvaro.cfd/main.v2.js?v=2 | structure | 2026-05-24 12:06 |
| pelvaro.cfd | a56f1e76… | https://pelvaro.cfd/main.v2.js?v=2 | structure | 2026-05-24 12:06 |
| marvona.top | 34e41554… | https://marvona.top/main.v2.js?v=2 | structure | 2026-05-24 12:03 |
| hevvugu.icu | 168ab89a… | https://hevvugu.icu/main.v2.js | byte | 2026-05-24 12:01 |
| hevvugu.icu | 168ab89a… | https://hevvugu.icu/main.v2.js | byte | 2026-05-24 12:01 |
| hevvugu.icu | 168ab89a… | https://hevvugu.icu/main.v2.js | byte | 2026-05-24 12:01 |