{ "Event": { "analysis": "1", "date": "2026-02-02", "extends_uuid": "", "info": "[Threat Intel] Cross-Border Cryptocurrency Investment Scam Leveraging Social Messaging Channels and Fake Regulatory Credentials", "protected": false, "publish_timestamp": "1780041962", "published": true, "threat_level_id": "3", "timestamp": "1780041962", "uuid": "020ceb62-7009-41fe-b22f-1ddd6806e4ea", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#1a0065", "local": false, "name": "rectifyq:topic=\"crypto-related\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#7bf409", "local": false, "name": "misp-galaxy:producer=\"CloudSEK\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake Website\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Phishing\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Compromised Account Credentials\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Compromised Personally Identifiable Information (PII)\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Virtual Currency Fraud\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Cryptocurrency Exchange\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Social Media Scams\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake App\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Scam\"", "relationship_type": "" }, { "colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770641642", "to_ids": false, "type": "link", "uuid": "b484e012-ffd5-460a-ab8e-dc80710d81c1", "value": "https://www.cloudsek.com/blog/cross-border-cryptocurrency-investment-scam-leveraging-social-messaging-channels-and-fake-regulatory-credentials" }, { "category": "Network activity", "comment": "cloned domain", "deleted": false, "disable_correlation": false, "timestamp": "1770651098", "to_ids": true, "type": "domain", "uuid": "8e5c1432-b21e-41f6-8f9c-6488a3331600", "value": "zhguihc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cloned domain", "deleted": false, "disable_correlation": false, "timestamp": "1770651119", "to_ids": true, "type": "domain", "uuid": "85bd9bfe-fb49-4fcf-84d5-42e00044b85a", "value": "zhguize.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651140", "to_ids": true, "type": "hostname", "uuid": "d13c8623-54f4-4bb6-9844-06abbd53aed1", "value": "rtqs.zhguiwe.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Embeds Udesk customer service integrations", "deleted": false, "disable_correlation": false, "timestamp": "1770651162", "to_ids": true, "type": "hostname", "uuid": "9961ae0a-a4ce-442c-8c89-0ec988f817ea", "value": "udesk.zhgui.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "backend management consoles", "deleted": false, "disable_correlation": false, "timestamp": "1780041940", "to_ids": true, "type": "ip-dst", "uuid": "2b4521d2-2755-4877-8d47-d47a4bbd4c75", "value": "52.77.125.17", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#4745f2", "local": false, "name": "asn:asn=\"16509\"", "relationship_type": "" }, { "colour": "#5424ef", "local": false, "name": "asn:as-owner=\"AMAZON-02\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "replicate the scam login and investment page", "deleted": false, "disable_correlation": false, "timestamp": "1780041942", "to_ids": true, "type": "ip-dst", "uuid": "0f88e93c-3f60-4909-8604-78fce01df4e2", "value": "188.114.96.3", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "replicate the scam login and investment page", "deleted": false, "disable_correlation": false, "timestamp": "1780041943", "to_ids": true, "type": "ip-dst", "uuid": "b83c306a-797d-46bf-99f4-1da87b8a3b32", "value": "172.67.191.67", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "replicate the scam login and investment page", "deleted": false, "disable_correlation": false, "timestamp": "1780041945", "to_ids": true, "type": "ip-dst", "uuid": "98202b1f-aaba-42ba-bd49-851ff5f2837c", "value": "104.21.84.186", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651273", "to_ids": true, "type": "domain", "uuid": "04b2288e-084b-401a-be9f-b7ca0593bb27", "value": "zhgui.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041947", "to_ids": true, "type": "ip-dst", "uuid": "e539af9c-3e29-498c-b9ef-e4b02e89814a", "value": "172.67.145.192", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651316", "to_ids": true, "type": "domain", "uuid": "c30be267-029b-4408-9a9e-765b991c73ff", "value": "zhguiro.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041948", "to_ids": true, "type": "ip-dst", "uuid": "446979fc-017c-4a1f-ae33-a06c1a56a454", "value": "18.164.237.46", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#4745f2", "local": false, "name": "asn:asn=\"16509\"", "relationship_type": "" }, { "colour": "#5424ef", "local": false, "name": "asn:as-owner=\"AMAZON-02\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651358", "to_ids": true, "type": "domain", "uuid": "3f8266c3-ca88-4921-a6f3-1886adda09f2", "value": "zhguiwd.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041950", "to_ids": true, "type": "ip-dst", "uuid": "a5318685-9752-49d1-b316-bd75a1849e0b", "value": "18.164.246.64", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#4745f2", "local": false, "name": "asn:asn=\"16509\"", "relationship_type": "" }, { "colour": "#5424ef", "local": false, "name": "asn:as-owner=\"AMAZON-02\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651401", "to_ids": true, "type": "domain", "uuid": "e02937e9-0cd4-4e39-9253-774336fe9d3e", "value": "zhguiyv.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041951", "to_ids": true, "type": "ip-dst", "uuid": "29cf27c8-3932-48a2-969b-8d452427827d", "value": "18.66.63.105", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#4745f2", "local": false, "name": "asn:asn=\"16509\"", "relationship_type": "" }, { "colour": "#5424ef", "local": false, "name": "asn:as-owner=\"AMAZON-02\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651445", "to_ids": true, "type": "domain", "uuid": "a76bdeb5-e57b-4c4e-9642-7b0f8060ef99", "value": "zhguitn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041953", "to_ids": true, "type": "ip-dst", "uuid": "6ece06cf-3cc7-4f83-a98c-6257dc46f259", "value": "104.21.48.1", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651488", "to_ids": true, "type": "domain", "uuid": "94484a6b-6132-4ec1-9308-c8e2e94657ef", "value": "zhguivx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041955", "to_ids": true, "type": "ip-dst", "uuid": "9c8feb6a-5a24-4ed6-802b-f229be328e98", "value": "18.164.246.111", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#4745f2", "local": false, "name": "asn:asn=\"16509\"", "relationship_type": "" }, { "colour": "#5424ef", "local": false, "name": "asn:as-owner=\"AMAZON-02\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651533", "to_ids": true, "type": "domain", "uuid": "da6cd57e-47aa-4523-9158-dc28f8cb4aa3", "value": "zhguimj.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651555", "to_ids": true, "type": "domain", "uuid": "23e99cff-9cee-4c85-a9e1-afae00c79198", "value": "zhguioe.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041956", "to_ids": true, "type": "ip-dst", "uuid": "9b594c15-a73e-4738-a24a-b8d02b032013", "value": "104.21.84.95", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651598", "to_ids": true, "type": "domain", "uuid": "2aeb403d-ef9d-4e26-bc50-60cd36c314bc", "value": "zhguiqt.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041958", "to_ids": true, "type": "ip-dst", "uuid": "f46551ba-c189-4eea-b622-de1a13f89492", "value": "172.67.149.149", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651643", "to_ids": true, "type": "domain", "uuid": "d91b9917-a372-41f0-aca7-f42e510241af", "value": "zhguisp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651664", "to_ids": true, "type": "domain", "uuid": "cbbcf77b-775e-49dd-abce-1106a2d08796", "value": "zhguicx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "favicon hash No sample in VT\r\nLast check:09/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779535973", "to_ids": true, "type": "sha256", "uuid": "ca2aab08-7e77-43a3-ac03-e380f8f849ce", "value": "1ca2e500f792fdce9128e8f26fd0a5c10b3f06f1047ce5217e5789db9b33681b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "domains replicate identical ZHGUI interfaces", "deleted": false, "disable_correlation": false, "timestamp": "1770651685", "to_ids": true, "type": "url", "uuid": "77fca25b-d403-4843-840e-2466b434532c", "value": "https://www.knightkron.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "domains replicate identical ZHGUI interfaces", "deleted": false, "disable_correlation": false, "timestamp": "1770651707", "to_ids": true, "type": "url", "uuid": "8bde378b-93fb-438e-936e-f9553ca170ae", "value": "https://www.sydmonet.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Presents an internal \u201cManagement Console\u201d login page", "deleted": false, "disable_correlation": false, "timestamp": "1770651730", "to_ids": true, "type": "url", "uuid": "9435d9b4-3ef4-4f51-8877-d9fe90ff851f", "value": "https://52.77.125.17/home/login", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Exposes an end-user login page with Chinese-language error messages and the same JavaScript resources", "deleted": false, "disable_correlation": false, "timestamp": "1770651753", "to_ids": true, "type": "url", "uuid": "2c2727ed-cba5-4ee9-bf48-4bc5b9cf793c", "value": "https://udesk.zhgui.com/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Exposes an end-user login page with Chinese-language error messages and the same JavaScript resources", "deleted": false, "disable_correlation": false, "timestamp": "1770651775", "to_ids": true, "type": "url", "uuid": "71df8ae9-759c-4e6c-8dfc-3f8a0438d610", "value": "https://52.74.11.35/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041959", "to_ids": true, "type": "ip-dst", "uuid": "23005fe8-6051-46db-a17a-222d25da9d9c", "value": "18.66.112.81", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#4745f2", "local": false, "name": "asn:asn=\"16509\"", "relationship_type": "" }, { "colour": "#5424ef", "local": false, "name": "asn:as-owner=\"AMAZON-02\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651818", "to_ids": true, "type": "hostname", "uuid": "de65ba52-e0ac-4046-b452-21f83f8c7183", "value": "rtqs.zhguibn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041962", "to_ids": true, "type": "ip-dst", "uuid": "ae4d4474-50ae-497b-9800-23e13b5c2384", "value": "18.244.18.3", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#4745f2", "local": false, "name": "asn:asn=\"16509\"", "relationship_type": "" }, { "colour": "#5424ef", "local": false, "name": "asn:as-owner=\"AMAZON-02\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651862", "to_ids": true, "type": "url", "uuid": "906b00a1-ecb8-49db-8ef3-aa18ca083c65", "value": "https://1884145.s5.udesk.cn/im_client/?web_plugin_id=350&language=en-us&im_user_key=66666", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651883", "to_ids": true, "type": "url", "uuid": "a138bada-c8f2-4a4c-9f62-9ef2bae14836", "value": "https://1884145.udeskglobal.com/sim", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770642005", "to_ids": true, "type": "email-src", "uuid": "f9d7bdc5-f2e8-4d60-858a-ae70a906e0aa", "value": "support@zhgui.org" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651905", "to_ids": true, "type": "url", "uuid": "3cf7c49c-1a49-4771-a753-26c126ec6088", "value": "https://msb.fincen.gov/msb.registration.letter.php?ID=28612373", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651927", "to_ids": true, "type": "url", "uuid": "196bf9a1-9858-4b2b-82d3-66239ca02bf8", "value": "https://doc.zhgui.com/ZHGUI-Whitepaper-EN.pdf", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651948", "to_ids": true, "type": "domain", "uuid": "ef415a3b-096a-4d53-9b11-f4f88574c21e", "value": "zhguiqz.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651969", "to_ids": true, "type": "url", "uuid": "2e8ffe98-1ec0-418d-8784-b1f0a8344fe6", "value": "https://www.wikifx.me/en/newsdetail/202510231334676397.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770651991", "to_ids": true, "type": "url", "uuid": "457b403e-59c5-4a8d-94c0-abb1c2f08561", "value": "https://apps.apple.com/us/app/zhguige/id6747241718", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770652013", "to_ids": true, "type": "url", "uuid": "543aad5b-ccb7-40bf-a186-fa7dd0910a8e", "value": "https://klse.i3investor.com/web/blog/detail/ZHGUIscam/2025-07-25-story-h499657939-ZHGUI_Exchange_Reminder_Beware_of_On_Chain_Data_Forgery_Traps_and_Stay_A", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770652034", "to_ids": true, "type": "url", "uuid": "690e6e0c-d583-4949-a71f-9526a0753070", "value": "https://www.zhgui.org", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770652056", "to_ids": true, "type": "url", "uuid": "d8831b3e-59ff-400e-9ed7-0115af3f4659", "value": "https://www.facebook.com/ZHGUI.Official", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770652078", "to_ids": true, "type": "url", "uuid": "13423d37-c364-4550-a080-4dd4178d3456", "value": "https://www.facebook.com/ZHGUI.Global/", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770652099", "to_ids": true, "type": "url", "uuid": "d94e690e-dea3-4265-bbce-cb97df0d5ede", "value": "https://x.com/ZHGUI_", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770652121", "to_ids": true, "type": "url", "uuid": "4d0dd6e6-0685-49ca-ac17-a0ffef3500cb", "value": "https://x.com/ZHGUI_global", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770652143", "to_ids": true, "type": "url", "uuid": "0acb54cc-66b2-4203-bd47-a5a3d2394baf", "value": "https://t.me/lease_choobot", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770652166", "to_ids": true, "type": "url", "uuid": "c48b45c1-b20b-4429-a533-7efc8d45a16c", "value": "https://www.facebook.com/share/p/1KCg4dA3k9/", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770642006", "to_ids": false, "type": "phone-number", "uuid": "2e403b50-ea18-4a13-b2d0-ec03e3506afa", "value": "+601170205120" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770642006", "to_ids": false, "type": "phone-number", "uuid": "1472d570-165a-4556-8d1c-e02f988a83bb", "value": "+601169993517" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770642006", "to_ids": false, "type": "phone-number", "uuid": "c8dad5a7-8062-4005-9f2d-8102eb690dcb", "value": "+601168541864" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770642006", "to_ids": false, "type": "phone-number", "uuid": "718a2ce1-e77b-4917-bac0-34a8798dc653", "value": "+601160636072" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770642006", "to_ids": false, "type": "phone-number", "uuid": "08b42b0e-3afb-4bc0-813e-1c93c85f9b88", "value": "+601164337281" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770642006", "to_ids": false, "type": "phone-number", "uuid": "7ef4d059-a1c3-41e3-a20f-c13ee717a55e", "value": "+601168583994" }, { "category": "Person", "comment": "ake ZHGUI customer support line allegedly operating from Denver", "deleted": false, "disable_correlation": false, "timestamp": "1770642006", "to_ids": false, "type": "phone-number", "uuid": "edf80573-2a7e-4910-b427-3619ea88ec6c", "value": "+13034351617" }, { "category": "Network activity", "comment": "LinkedIn Promotion Post (Likely Fraudulent)", "deleted": false, "disable_correlation": false, "timestamp": "1770652187", "to_ids": true, "type": "url", "uuid": "b96d5c4d-2771-4725-965c-f561dc469159", "value": "https://www.linkedin.com/posts/ivanblinde_web3-defi-innovation-activity-7337856604559634432-IjRC", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770642006", "to_ids": false, "type": "phone-number", "uuid": "32465202-90ae-400e-9e0d-205f210715bc", "value": "+16307704878" } ] } }