BU
A shared build hash appearing across 72 domains indicates identical codebase deployment or cloned website infrastructure used by the same threat actor. This forensic signal suggests coordinated operation of multiple scam domains using the same application binary or compiled source code.
Fingerprint
fef4a8898ec7782a- Detections
- 72
- Hash type
- Build artefact
- Status
- Active
- Last scanned
- May 2026
722026-03
Detected domains
721xjett.com
OfflineTrust 1Mar 8, 2026baxmot.com
OfflineTrust 1Mar 8, 2026belazbet.com
OfflineTrust 1Mar 8, 2026berogex.com
OfflineTrust 38Mar 5, 2026betaras.com
OnlineTrust 1Mar 5, 2026betrawin.com
OfflineTrust 1Mar 8, 2026bevexo.cc
OfflineTrust 1Mar 8, 2026caorax.com
OfflineTrust 1Mar 5, 2026cusewin.cc
OfflineTrust 1Mar 8, 2026dexwin.cc
OnlineTrust 1Mar 5, 2026
Related signals
10BU
Build #26
Nexus Syndicate
Active
- 118
- detections
BU
Build #18
Nexus Syndicate
Active
- 73
- detections
BU
Build #15
Nexus Syndicate
Active
- 69
- detections
BU
Build #10
Nexus Syndicate
Active
- 69
- detections
BU
Build #17
Nexus Syndicate
Active
- 69
- detections
BU
Build #22
Nexus Syndicate
Active
- 69
- detections
BU
Build #25
Nexus Syndicate
Active
- 68
- detections
BU
Build #6
Nexus Syndicate
Active
- 67
- detections
BU
Build #8
Nexus Syndicate
Active
- 67
- detections
BU
Build #12
Nexus Syndicate
Active
- 67
- detections