BU
A shared build hash across 67 domains indicates identical website codebase or framework configuration, suggesting these are either cloned phishing/scam sites generated from the same template or operated by the same criminal infrastructure. The presence of this forensic signal on multiple gambling and betting-related domains (1xjett.com, baxmot.com, belazbet.com, etc.) demonstrates systematic replication of a single malicious web application across numerous registered domains for fraud distribution.
Fingerprint
d9d578b8de9e3293- Detections
- 67
- Hash type
- Build artefact
- Status
- Active
- Last scanned
- May 2026
672026-03
Detected domains
671xjett.com
OfflineTrust 1Mar 8, 2026baxmot.com
OfflineTrust 1Mar 8, 2026belazbet.com
OfflineTrust 1Mar 8, 2026berogex.com
OfflineTrust 38Mar 5, 2026betaras.com
OnlineTrust 1Mar 5, 2026betrawin.com
OfflineTrust 1Mar 8, 2026bevexo.cc
OfflineTrust 1Mar 8, 2026caorax.com
OfflineTrust 1Mar 5, 2026cusewin.cc
OfflineTrust 1Mar 8, 2026dexwin.cc
OnlineTrust 1Mar 5, 2026
Related signals
10BU
Build #26
Nexus Syndicate
Active
- 118
- detections
BU
Build #18
Nexus Syndicate
Active
- 73
- detections
BU
Build #7
Nexus Syndicate
Active
- 72
- detections
BU
Build #15
Nexus Syndicate
Active
- 69
- detections
BU
Build #10
Nexus Syndicate
Active
- 69
- detections
BU
Build #17
Nexus Syndicate
Active
- 69
- detections
BU
Build #22
Nexus Syndicate
Active
- 69
- detections
BU
Build #25
Nexus Syndicate
Active
- 68
- detections
BU
Build #8
Nexus Syndicate
Active
- 67
- detections
BU
Build #12
Nexus Syndicate
Active
- 67
- detections