DOM #65

signature profile

Nine distinct cryptocurrency exchange scam domains share an identical DOM structure hash, indicating they were built from a cloned HTML/CSS template or codebase. This structural duplication across unrelated domain names strongly suggests coordinated operation by the same threat actor or scam network using a single fraudulent exchange framework.

Fingerprint60ec9d312475de41437bd67d77c68f7c579250559b2e3426a1aad17ddce4beeb

Detections: 9
Hash type: DOM structure
Status: Active
Last scanned: May 2026

detection timeline

2026-03

Detected domains

coinexgem.com
OnlineTrust 1Mar 21, 2026
colenex.com
OnlineTrust 1Mar 21, 2026
elocoin.io
OnlineTrust 1Mar 21, 2026
fodelex.com
OnlineTrust 1Mar 21, 2026
geminibits.com
OnlineTrust 17Mar 21, 2026
lemopex.com
OnlineTrust 2Mar 21, 2026
molenax.com
OnlineTrust 1Mar 21, 2026
prombitcoin.com
OnlineTrust 1Mar 21, 2026
xcoingate.com
OnlineTrust 1Mar 21, 2026

Domain	Status	Trust	First seen
coinexgem.com	Online	1	Mar 21, 2026
colenex.com	Online	1	Mar 21, 2026
elocoin.io	Online	1	Mar 21, 2026
fodelex.com	Online	1	Mar 21, 2026
geminibits.com	Online	17	Mar 21, 2026
lemopex.com	Online	2	Mar 21, 2026
molenax.com	Online	1	Mar 21, 2026
prombitcoin.com	Online	1	Mar 21, 2026
xcoingate.com	Online	1	Mar 21, 2026