3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Swap Adipex

Swap Adipex

ID: df67f564c1ba254ff7564ec0fc3fdf8996369
Cybercrime Cybercriminal Online Fraud Rings
Threat types: Fraud Infrastructure Cluster
Unknown ARG, DEU, ITA, MEX
Updated: 2026-04-01
Created: 2026-03-20
Progress: 91% Completeness: 92% Freshness: 90%
Operation zone: Argentina, Germany, Italy, Mexico
Aliases Limited alias preview
Swap Adipex AI Swap Adipex AI Fraud Funnel Sw************* Sw***************
sw************* Sw********
Showing 2 of 6 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

"Swap Adipex AI" is best assessed as a fake-news investment funnel cluster centered on attribution-preserving bridge pages, deceptive advertorials, lead capture, and rapid phone-based conversion rather than classic endpoint compromise.


Technique Technique name Tactics Evidence
T1583.001 Domains TA0042
  • 2026-03-20 — Observed use of multiple disposable and theme-branded domains including gewafa.site, swapadipexai.com, swap-adipex-ai.com, and zentrix.cfd, consistent with staged campaign infrastructure. · ref
T1583.006 Web Services TA0042
  • 2026-03-20 — Observed infrastructure notes include Cloudflare-fronted hosting for parts of the cluster. · ref
T1593 Search Open Websites/Domains TA0043
  • 2026-03-20 — INFERENCE (confidence: medium): localized advertorial content referencing Argentine political and economic figures suggests targeting research and market adaptation prior to deployment. · ref
T1566 Phishing TA0001
  • 2026-03-20 — INFERENCE (confidence: medium): the funnel begins from ad-driven or promotional click-through traffic into deceptive content designed to lure the victim into form submission rather than direct credential theft. · ref
T1056 Input Capture TA0006 TA0009
  • 2026-03-20 — The lead form captures personally identifying and contact data, including normalized telephone fields and attribution metadata, via POST to api.php. · ref
T1648 Serverless Execution TA0002
  • 2026-03-20 — Observed pages store identifiers in localStorage and cookies to preserve attribution and click continuity across stages. · ref
T1071.001 Web Protocols TA0011
  • 2026-03-20 — INFERENCE (confidence: medium): HTML forms and redirects operate over standard web traffic, with POST submission to api.php and browser-based routing to downstream destinations. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-03-21T02:05:32+00:00
Swap Adipex AI — Fraud Infrastructure / Investment Scam Funnel Cluster

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Author: iQBlack CTI Team


Executive Summary

“Swap Adipex AI” is best assessed not as a conventional malware family or a clearly attributable threat actor, but as a deceptive investment-fraud funnel built around fake-news themed advertorials, bridge pages that preserve advertising attribution, form-based lead capture, and near-immediate telephone follow-up. The strongest currently available evidence indicates a fraud workflow designed to move a victim from paid traffic to human conversion pressure with minimal friction.


The observed web components do not presently support classification as a browser-exploitation or payload-delivery case. Instead, the infrastructure is optimized for trust abuse, conversion continuity, and downstream handling of the victim by call-center or boiler-room style operators. Publicly observable patterns align with documented deceptive affiliate marketing ecosystems, fake celebrity / fake-news investment scams, and telephone-based investment fraud.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Swap Adipex AI


Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Swap Adipex AI

Priority: High for fraud-intelligence, brand-protection, and telephony-linked incident response; Medium for malware-focused SOC triage.

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-04-01T13:40:02+00:00

IOC Appendix — Swap Adipex AI


More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-03-21T02:08:15+00:00

OSINT Library — Swap Adipex AI


2026-03-20 — iQBlack CTI Team — “Swap Adipex AI: anatomy of a fake-news investment funnel”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/17
Address Verification SOCMINT
hackmd.io/@sw************* Restricted Not integrated
Address Verification SOCMINT
swapadipexai.com Restricted Not integrated
swap-adipex-ai.com Restricted Not integrated
swapadipexai.net Restricted Not integrated
swapadipex-ai.net Restricted Not integrated
gewafa.site Restricted Not integrated
yaxago.site Restricted Not integrated
suvivu.site Restricted Not integrated
rimeni.site Restricted Not integrated
xohole.site Restricted Not integrated
moyadu.site Restricted Not integrated
yipucu.site Restricted Not integrated
balisa.site Restricted Not integrated
assetnory.com Restricted Not integrated
capixxo.com Restricted Not integrated
zentrix.cfd Restricted Not integrated
cfd.zentrix.cfd Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–3 of 3 images
Logo Free Preview
Logo
Fake-news example Free Preview
Fake-news example
Fake-news website Free Preview
Fake-news website