A reported cluster of more than 236,000 scam domains shows how reusable app tooling can be bent into a high-volume fraud pipeline, without becoming proof that the framework itself is malicious.