Virtual Currencies

Methedology

First query the address through the tools in the following sections. Repeat the process with the new addresses discovered. Once identified email addresses or IP Address investigate them.

Crypto Address Investigation Tools

- Spiderfoot

Tool included in "All-purpose Advanced Tools" section. The command below will load specific modules for crypto analisis.

sudo ./sf.py -m sfp_spider, sfp_bitcoin, sfp_blockchain -s {website.com} -F BITCOIN_ADDRESS, BITCOIN_BALANCE -q

- Blockchain (blockchain.info)

This website allows search of a Bitcoin address and displays the number of transactions, total amount of Bitcoin received (S), final balance, and a complete transaction history. We can track every incoming and outgoing payment. This will almost never be associated with any real names, but it provides a great level of detail about the account.

- Bitcoin Who's Who (bitcoinwhoswho.com)

This service provides a bit more analysis about the suspect account.

We can see transaction IP addresses, which are likely behind VPNs. Overall, use Blockchain for transaction details and Bitcoin Who's Who to get a better idea of why I might care about the account.

- BlockChair (blockchair.com)

This service is very similar to Blockchain, but I find it has better representation across multiple virtual currencies.

The results are typical, and include balance and transaction data.

- Bitcoin Abuse (bitcoinabuse.com)

It notifies you if others have reported a target vittual currency address as associated with malicious activity.

The results include a summary of the activity and the email addresses sending malicious email.

- Wallet Explorer (walletexplorer.com)

Many people possess numerous addresses and store them all within a virtual wallet.

While researching one of our target Bitcoin addresses within this free service, the results identified a wallet of "00037fd441" which contained the target address. Clicking on the link to this wallet revealed multiple new transactions from additional Bitcoin addresses previously unknown. This step is vital in order to track all transactions associated with your suspect.

- Virtual Currency APIs

• Validation: The following URL provides an indication whether a provided address is valid or invalid —> https://blockexplorer.com/api/addr/xxx

• Value: The following URL presents the current value of one Bitcoin —> https://blockchain.info/q/24hrprice

• Received: This URI displays the total amount of Bitcoin received by a specific address. It is important to note that this amount will be in "'Satoshi" —> https://blockchain.info/q/getreceivedbyaddress/xxx

• Sent: This URL displays the total amount of Bitcoin sent by a specific address, also in Shatoshi —> https://blockchain.info/q/getsentbyaddress/xxx

• Balance: This utility displays the current balance of an address in "Satoshi" —> https://blockchain.info/q/addressbalance/xxx

• BC> USD Value: The following URI will always display the current value of any amount of Bitcoin in USD —> https://api.exchangerate.host/convert?from=BTC&to=USD&amount=xxx

• USD > BTC Value: The following URL will always display the current Bitcoin value of any amount of USD —> https://blockchain.info/tobte?currency=USD&value=xxx

• Satoshi > USD Value: The following URL will always display the current value of any amount of Satoshi in USD —> https://api.exchangerate.host/convert?from=SAT&to=USD&amount=xxx.

• USD > Satoshi Value: The following URL, will always display the curtent Satoshi value of any amount of USD —> https://api.exchangerate.host/convert?from=USD&to=SAT&amount=xxx

• Summary: This URL displays a brief summary of a Bitcoin address including total received, total sent, balance, total transactions, first transaction, and most recent transaction —> https://chain.api.btc.com/v3/address/xxx

• First seen: This Blockchain query displays the date which a virtual currency address transaction was first seen within the public blockchain —> https://blockchain.info/q/addressfirstseen/xxx

- Scam Search (scamsearch.io)

It can also be used to query virtual currency addresses.

Reveals email addresses, IP addresses, and locations associated with an online extortion suspect.

- IntelTechniques Virtual Currency Tool

This tool simplifies the previous techniques.

Code at Currencies.html.

- Bitref (https://bitref.com/)

- Oxt.me (https://oxt.me/)