The dashboard aggregates multiple categories of forensic evidence:

• WHOIS data (creation time, registrar, NS)
• Registrar patterns (cheap hosting, repeat behavior)
• Bulk domain purchases by same actor

• Full HTML dumps
• JavaScript fingerprinting
• Hardcoded wallet, API keys or endpoints
• Template markers reused across campaigns

• URLScan screenshots
• Archive.org screenshots
• Web-cloned UI patterns
• Matching pixel-perfect layout reuse

• Brand impersonation clusters
• Drainer redirect logic
• Crypto wallet address reuse
• IP/ASN mobility patterns

• PhishTank records
• VirusTotal URL entries
• Other blacklist sources

Evidence is collected 100% legally and consists ONLY of public information.