DOM #51

signature profile

Multiple scam domains share identical DOM structure hashes, indicating they were generated from the same template or codebase. This shared structural fingerprint across 20 domains suggests coordinated deployment of a cloned website framework used for financial fraud schemes.

Fingerprint2c70c7ca84aaa96911dc4c830e3176707eef475716f2272102e1c5d04e8ea08b

Detections: 21
Hash type: DOM structure
Status: Active
Last scanned: May 2026

detection timeline

2026-03

2026-04

2026-05

Detected domains

atlasgloballtd.com
OnlineTrust 1Apr 25, 2026
ausforex.com
OnlineTrust 1Apr 30, 2026
bitwon.exchange
OnlineTrust 41Mar 19, 2026
bluerockwealth.ca
OnlineTrust 1May 13, 2026
checkbpi.cc
OnlineTrust 1Apr 27, 2026
eurocapital-eaf.finance
OnlineTrust 1May 12, 2026
eurocapital-eaf.net
OnlineTrust 1May 12, 2026
exxtone.com
OnlineTrust 1Mar 24, 2026
fxcalle.com
OnlineTrust 1Apr 4, 2026
glq-investors.com
OnlineTrust 5Mar 24, 2026

Domain	Status	Trust	First seen
atlasgloballtd.com	Online	1	Apr 25, 2026
ausforex.com	Online	1	Apr 30, 2026
bitwon.exchange	Online	41	Mar 19, 2026
bluerockwealth.ca	Online	1	May 13, 2026
checkbpi.cc	Online	1	Apr 27, 2026
eurocapital-eaf.finance	Online	1	May 12, 2026
eurocapital-eaf.net	Online	1	May 12, 2026
exxtone.com	Online	1	Mar 24, 2026
fxcalle.com	Online	1	Apr 4, 2026
glq-investors.com	Online	5	Mar 24, 2026

Related signals

DOM

DOM #29

Nexus Syndicate

Active

115
detections

Favicon #50

Nexus Syndicate

Active

55
detections