DOM #43

signature profile

Identical DOM structure hash detected across 15 scam domains indicates a cloned website template or shared codebase used to rapidly deploy fraudulent sites. This forensic signal suggests coordinated operation by the same threat actor or access to a common phishing kit infrastructure.

Fingerprint55711cdad783d8ace37b91b1cc0ec05a8623754a0fdf4e231906a8fe5f559fe8

Detections: 15
Hash type: DOM structure
Status: Active
Last scanned: May 2026

detection timeline

2026-04

Detected domains

abrogate.info
OnlineTrust 1Apr 6, 2026
amaraacapital.me
OnlineTrust 1Apr 30, 2026
argusstockbrokers.com
OnlineTrust 1Apr 30, 2026
c-envy.com
OnlineTrust 1Apr 7, 2026
centrexes.com
OnlineTrust 1Apr 7, 2026
citrixon.com
OnlineTrust 1Apr 7, 2026
cryptoqamus.com
OnlineTrust 1Apr 7, 2026
fixedpumpstrade.com
OnlineTrust 1Apr 7, 2026
nexiavex.com
OnlineTrust 44Apr 1, 2026
notlex.com
OnlineTrust 1Apr 30, 2026

Domain	Status	Trust	First seen
abrogate.info	Online	1	Apr 6, 2026
amaraacapital.me	Online	1	Apr 30, 2026
argusstockbrokers.com	Online	1	Apr 30, 2026
c-envy.com	Online	1	Apr 7, 2026
centrexes.com	Online	1	Apr 7, 2026
citrixon.com	Online	1	Apr 7, 2026
cryptoqamus.com	Online	1	Apr 7, 2026
fixedpumpstrade.com	Online	1	Apr 7, 2026
nexiavex.com	Online	44	Apr 1, 2026
notlex.com	Online	1	Apr 30, 2026