DOM
Identical DOM structure hash detected across 49 domains indicates a cloned website template or shared codebase, with the same HTML/CSS layout being systematically deployed across multiple fraud domains. This forensic signal strongly suggests coordinated operation by the same threat actor or criminal network reusing a standardized scam website architecture.
Fingerprint
e60acc2f199566c1f05fc299926bc1a978b59de8d5348d74acae00c87fbfb2f1- Detections
- 51
- Hash type
- DOM structure
- Status
- Active
- Last scanned
- May 2026
492026-04
22026-05
Detected domains
51apextraderplc.com
OnlineTrust 1Apr 29, 2026coiniy.ai
OnlineTrust 1May 25, 2026frtec.com
OnlineTrust 1Apr 8, 2026guanli999.com
OnlineTrust 1Apr 8, 2026hhhe.fyi
OnlineTrust 1Apr 8, 2026hhhexp.com
OnlineTrust 1Apr 8, 2026hhtxaa.com
OnlineTrust 1Apr 8, 2026ihyujtx.com
OnlineTrust 1Apr 8, 2026kktxvv.com
OnlineTrust 1Apr 10, 2026ootxjj.com
OnlineTrust 1Apr 10, 2026
Related signals
10CO
Content #9
Nexus Syndicate
Active
- 61
- detections
FA
Favicon #75
Nexus Syndicate
Active
- 55
- detections
FA
Favicon #12
Nexus Syndicate
Active
- 34
- detections
DOM
DOM #14
Nexus Syndicate
Active
- 32
- detections
CO
Content #3
Nexus Syndicate
Active
- 6
- detections
DOM
DOM #2
Nexus Syndicate
Active
- 6
- detections
DOM
DOM #84
Nexus Syndicate
Active
- 5
- detections
CO
Content #22
Nexus Syndicate
Active
- 3
- detections
DOM
DOM #85
Nexus Syndicate
Active
- 3
- detections
FA
Favicon #74
Nexus Syndicate
Active
- 3
- detections