CO
Identical page content (HTML/CSS/JavaScript) detected across three unrelated domains indicates a cloned phishing template or scam kit being reused. The content hash match shows these sites share the same codebase, suggesting a common malicious operator or distributed scam infrastructure.
Fingerprint
28051d6fb7a69d206051c521a38126f7d16466e802c4abd8025cce4b4509991f- Detections
- 3
- Hash type
- Content hash
- Status
- Active
- Last scanned
- May 2026
32026-04
Detected domains
3hhhe.fyi
OnlineTrust 1Apr 8, 2026hhhexp.com
OnlineTrust 1Apr 8, 2026txexykf.com
OfflineTrust 1Apr 10, 2026
Related signals
8CO
Content #9
Nexus Syndicate
Active
- 61
- detections
FA
Favicon #75
Nexus Syndicate
Active
- 55
- detections
DOM
DOM #83
Nexus Syndicate
Active
- 51
- detections
FA
Favicon #12
Nexus Syndicate
Active
- 34
- detections
DOM
DOM #84
Nexus Syndicate
Active
- 5
- detections
CO
Content #22
Nexus Syndicate
Active
- 3
- detections
DOM
DOM #85
Nexus Syndicate
Active
- 3
- detections
FA
Favicon #74
Nexus Syndicate
Active
- 3
- detections