BU
A shared build hash (ab23ff9d6f28739a) appears across 36 scam domains, indicating they are compiled from an identical codebase or use the same website builder/template framework. This forensic signal suggests a coordinated scam operation where multiple domains deploy the same underlying application code, likely controlled by the same threat actor or scam-as-a-service platform.
Fingerprint
ab23ff9d6f28739a- Detections
- 36
- Hash type
- Build artefact
- Status
- Active
- Last scanned
- May 2026
362026-05
Detected domains
36beastquests.com
OnlineTrust 1May 11, 2026bnbit.win
OnlineTrust 1May 11, 2026bugamb.at
OnlineTrust 1May 12, 2026casvax.com
OnlineTrust 1May 11, 2026dasowin.com
OnlineTrust 1May 18, 2026depofex.com
OnlineTrust 1May 12, 2026dezoxplay.com
OnlineTrust 1May 11, 2026dicewin.cc
OnlineTrust 1May 12, 2026fastwin1.com
OnlineTrust 1May 12, 2026fezorex.com
OnlineTrust 1May 11, 2026
Related signals
8DOM
DOM #29
Nexus Syndicate
Active
- 115
- detections
FA
Favicon #42
Nexus Syndicate
Active
- 81
- detections
FA
Favicon #50
Nexus Syndicate
Active
- 55
- detections
DOM
DOM #47
Nexus Syndicate
Active
- 53
- detections
FA
Favicon #11
Nexus Syndicate
Active
- 17
- detections
DOM
DOM #23
Nexus Syndicate
Active
- 9
- detections
DOM
DOM #63
Nexus Syndicate
Active
- 9
- detections
DOM
DOM #90
Nexus Syndicate
Active
- 3
- detections