BU
A shared build hash appears across 68 distinct domains, indicating these sites use an identical compiled codebase or templated framework deployed across the scam network. This forensic signal suggests coordinated infrastructure provisioning where operators rapidly clone and redeploy the same underlying application with minimal modifications, typical of large-scale phishing or gambling fraud operations.
Fingerprint
c6c417d67f761339- Detections
- 68
- Hash type
- Build artefact
- Status
- Active
- Last scanned
- May 2026
682026-03
Detected domains
681xjett.com
OfflineTrust 1Mar 8, 2026baxmot.com
OfflineTrust 1Mar 8, 2026belazbet.com
OfflineTrust 1Mar 8, 2026berogex.com
OfflineTrust 38Mar 5, 2026betaras.com
OnlineTrust 1Mar 5, 2026betrawin.com
OfflineTrust 1Mar 8, 2026bevexo.cc
OfflineTrust 1Mar 8, 2026caorax.com
OfflineTrust 1Mar 5, 2026cusewin.cc
OfflineTrust 1Mar 8, 2026dexwin.cc
OnlineTrust 1Mar 5, 2026
Related signals
10BU
Build #26
Nexus Syndicate
Active
- 118
- detections
BU
Build #18
Nexus Syndicate
Active
- 73
- detections
BU
Build #7
Nexus Syndicate
Active
- 72
- detections
BU
Build #15
Nexus Syndicate
Active
- 69
- detections
BU
Build #10
Nexus Syndicate
Active
- 69
- detections
BU
Build #17
Nexus Syndicate
Active
- 69
- detections
BU
Build #22
Nexus Syndicate
Active
- 69
- detections
BU
Build #6
Nexus Syndicate
Active
- 67
- detections
BU
Build #8
Nexus Syndicate
Active
- 67
- detections
BU
Build #12
Nexus Syndicate
Active
- 67
- detections