DOM
Identical DOM structure hash detected across 53 domains indicates cloned website templates or a shared codebase used for rapid scam site deployment. This forensic signal suggests coordinated infrastructure where a single malicious actor or operation is mass-producing phishing/fraud sites with the same HTML skeleton and layout patterns.
Fingerprint
a30d0180793de02dda05ec79b806d05b52f10825f3f89316e4666bfdc590e9da- Detections
- 53
- Hash type
- DOM structure
- Status
- Active
- Last scanned
- May 2026
22026-03
172026-04
342026-05
Detected domains
53beastarcade.com
OnlineTrust 1Apr 19, 2026beastquests.com
OnlineTrust 1May 11, 2026buagux.com
OnlineTrust 36Apr 1, 2026bugamb.at
OnlineTrust 1May 12, 2026casvax.com
OnlineTrust 1May 11, 2026daolax.com
OnlineTrust 1May 2, 2026dasowin.com
OnlineTrust 1May 18, 2026depofex.com
OnlineTrust 1May 12, 2026dezoxplay.com
OnlineTrust 1May 11, 2026egamb.cc
OnlineTrust 1May 1, 2026
Related signals
10BU
Build #26
Nexus Syndicate
Active
- 118
- detections
DOM
DOM #29
Nexus Syndicate
Active
- 115
- detections
FA
Favicon #42
Nexus Syndicate
Active
- 81
- detections
FA
Favicon #50
Nexus Syndicate
Active
- 55
- detections
DOM
DOM #32
Nexus Syndicate
Active
- 40
- detections
BU
Build #70
Nexus Syndicate
Active
- 36
- detections
FA
Favicon #41
Nexus Syndicate
Active
- 23
- detections
BU
Build #66
Nexus Syndicate
Active
- 20
- detections
FA
Favicon #11
Nexus Syndicate
Active
- 17
- detections
BU
Build #55
Nexus Syndicate
Active
- 16
- detections