DOM #44

signature profile

Identical DOM structure hash detected across 10 domains indicates a cloned website template or shared codebase used to create multiple cryptocurrency exchange scam sites. This forensic signal demonstrates coordinated infrastructure abuse where the same HTML/JavaScript skeleton was replicated across phishing domains to maximize campaign reach and evasion of detection systems.

Fingerprint89f379b9ced5fe1cd156f09fee92221cd8285a35493717fd1425d4aeca70b8cc

Detections: 10
Hash type: DOM structure
Status: Active
Last scanned: May 2026

detection timeline

2026-04

2026-05

Detected domains

benacoin.com
OnlineTrust 1May 5, 2026
bitnare.com
OnlineTrust 12Apr 29, 2026
coinshx.com
OnlineTrust 1May 5, 2026
malodex.com
OnlineTrust 36Apr 6, 2026
nocadex.com
OnlineTrust 22Apr 6, 2026
ovandex.com
OnlineTrust 1May 5, 2026
pyebit.com
OnlineTrust 1May 5, 2026
ranedex.com
OnlineTrust 50Apr 1, 2026
upex-crypto.com
OnlineTrust 1May 5, 2026
vekbit.com
OnlineTrust 1May 5, 2026

Domain	Status	Trust	First seen
benacoin.com	Online	1	May 5, 2026
bitnare.com	Online	12	Apr 29, 2026
coinshx.com	Online	1	May 5, 2026
malodex.com	Online	36	Apr 6, 2026
nocadex.com	Online	22	Apr 6, 2026
ovandex.com	Online	1	May 5, 2026
pyebit.com	Online	1	May 5, 2026
ranedex.com	Online	50	Apr 1, 2026
upex-crypto.com	Online	1	May 5, 2026
vekbit.com	Online	1	May 5, 2026

Related signals

Favicon #55

PHANTOM EXCHANGE

Active

10
detections