DOM #53

signature profile

Multiple scam domains share an identical DOM structure hash, indicating they were built from a cloned template or generated by the same automated phishing kit. This code-level duplication across 16 distinct domains is a strong signal of coordinated fraudulent infrastructure operated by the same threat actor.

Fingerprint7ec6040981143b141581ac5b84609fcc7aad1ccaf8a0a6f9f25ca50dd73addbb

Detections: 17
Hash type: DOM structure
Status: Active
Last scanned: May 2026

detection timeline

2026-03

2026-04

2026-05

Detected domains

bc-gf.info
OnlineTrust 1Apr 25, 2026
brightonwealth.io
OnlineTrust 1Apr 11, 2026
btduex.com
OnlineTrust 4Apr 29, 2026
dsj677.com
OnlineTrust 1Apr 23, 2026
dsjex101.com
OnlineTrust 1Apr 23, 2026
dsjex102.com
OnlineTrust 1Apr 23, 2026
dsjex103.com
OnlineTrust 1Apr 23, 2026
dsjex105.com
OnlineTrust 1Apr 23, 2026
dsjex106.com
OnlineTrust 1Apr 23, 2026
dsjex108.com
OnlineTrust 1Apr 17, 2026

Domain	Status	Trust	First seen
bc-gf.info	Online	1	Apr 25, 2026
brightonwealth.io	Online	1	Apr 11, 2026
btduex.com	Online	4	Apr 29, 2026
dsj677.com	Online	1	Apr 23, 2026
dsjex101.com	Online	1	Apr 23, 2026
dsjex102.com	Online	1	Apr 23, 2026
dsjex103.com	Online	1	Apr 23, 2026
dsjex105.com	Online	1	Apr 23, 2026
dsjex106.com	Online	1	Apr 23, 2026
dsjex108.com	Online	1	Apr 17, 2026

Related signals

Favicon #69

Nexus Syndicate

Active

38
detections