BU
The matching build_hash (957127bb...) across three unrelated domains indicates these sites share identical or near-identical backend code architecture and deployment configuration. This shared codebase fingerprint suggests a common source—either the same scam operator reusing their codebase across multiple phishing/fraud domains, or mass-generated sites from a unified scam-as-a-service platform.
Fingerprint
957127bb- Detections
- 3
- Hash type
- Build artefact
- Status
- Defunct
- Last scanned
- May 2026
12026-03
Detected domains
1dagdagrail.com
OfflineTrust 1Mar 11, 2026