Virtual Currencies

Methedology

First query the address through the tools in the following sections. Repeat the process with the new addresses discovered. Once identified email addresses or IP Address investigate them.

Crypto Address Investigation Tools

- Spiderfoot

Tool included in "All-purpose Advanced Tools" section. The command below will load specific modules for crypto analisis.

sudo ./sf.py -m sfp_spider, sfp_bitcoin, sfp_blockchain -s {website.com} -F BITCOIN_ADDRESS, BITCOIN_BALANCE -q

- Blockchain (blockchain.info)

This website allows search of a Bitcoin address and displays the number of transactions, total amount of Bitcoin received (S), final balance, and a complete transaction history. We can track every incoming and outgoing payment. This will almost never be associated with any real names, but it provides a great level of detail about the account.

- Bitcoin Who's Who (bitcoinwhoswho.com)

This service provides a bit more analysis about the suspect account.

We can see transaction IP addresses, which are likely behind VPNs. Overall, use Blockchain for transaction details and Bitcoin Who's Who to get a better idea of why I might care about the account.

- BlockChair (blockchair.com)

This service is very similar to Blockchain, but I find it has better representation across multiple virtual currencies.

The results are typical, and include balance and transaction data.

- Bitcoin Abuse (bitcoinabuse.com)

It notifies you if others have reported a target vittual currency address as associated with malicious activity.

The results include a summary of the activity and the email addresses sending malicious email.

- Wallet Explorer (walletexplorer.com)

Many people possess numerous addresses and store them all within a virtual wallet.

While researching one of our target Bitcoin addresses within this free service, the results identified a wallet of "00037fd441" which contained the target address. Clicking on the link to this wallet revealed multiple new transactions from additional Bitcoin addresses previously unknown. This step is vital in order to track all transactions associated with your suspect.

- Virtual Currency APIs

Validation: The following URL provides an indication whether a provided address is valid or invalid —> https://blockexplorer.com/api/addr/xxx
Value: The following URL presents the current value of one Bitcoin —> https://blockchain.info/q/24hrprice
Received: This URI displays the total amount of Bitcoin received by a specific address. It is important to note that this amount will be in "'Satoshi" —> https://blockchain.info/q/getreceivedbyaddress/xxx
Sent: This URL displays the total amount of Bitcoin sent by a specific address, also in Shatoshi —> https://blockchain.info/q/getsentbyaddress/xxx
Balance: This utility displays the current balance of an address in "Satoshi" —> https://blockchain.info/q/addressbalance/xxx
BC> USD Value: The following URI will always display the current value of any amount of Bitcoin in USD —> https://api.exchangerate.host/convert?from=BTC&to=USD&amount=xxx
USD > BTC Value: The following URL will always display the current Bitcoin value of any amount of USD —> https://blockchain.info/tobte?currency=USD&value=xxx
Satoshi > USD Value: The following URL will always display the current value of any amount of Satoshi in USD —> https://api.exchangerate.host/convert?from=SAT&to=USD&amount=xxx.
USD > Satoshi Value: The following URL, will always display the curtent Satoshi value of any amount of USD —> https://api.exchangerate.host/convert?from=USD&to=SAT&amount=xxx
Summary: This URL displays a brief summary of a Bitcoin address including total received, total sent, balance, total transactions, first transaction, and most recent transaction —> https://chain.api.btc.com/v3/address/xxx
First seen: This Blockchain query displays the date which a virtual currency address transaction was first seen within the public blockchain —> https://blockchain.info/q/addressfirstseen/xxx

- Scam Search (scamsearch.io)

It can also be used to query virtual currency addresses.

Reveals email addresses, IP addresses, and locations associated with an online extortion suspect.

- IntelTechniques Virtual Currency Tool

This tool simplifies the previous techniques.

Code at Currencies.html.

- Bitref (https://bitref.com/)

- Oxt.me (https://oxt.me/)

PreviousOnline Maps NextLeaks, Breaches, Logs and Ransomware

Last updated 1 year ago

Virtual Currencies

Methedology

First query the address through the tools in the following sections. Repeat the process with the new addresses discovered. Once identified email addresses or IP Address investigate them.

Crypto Address Investigation Tools

- Spiderfoot

Tool included in "All-purpose Advanced Tools" section. The command below will load specific modules for crypto analisis.

sudo ./sf.py -m sfp_spider, sfp_bitcoin, sfp_blockchain -s {website.com} -F BITCOIN_ADDRESS, BITCOIN_BALANCE -q

- Blockchain (blockchain.info)

- Bitcoin Who's Who (bitcoinwhoswho.com)

This service provides a bit more analysis about the suspect account.

We can see transaction IP addresses, which are likely behind VPNs. Overall, use Blockchain for transaction details and Bitcoin Who's Who to get a better idea of why I might care about the account.

- BlockChair (blockchair.com)

This service is very similar to Blockchain, but I find it has better representation across multiple virtual currencies.

The results are typical, and include balance and transaction data.

- Bitcoin Abuse (bitcoinabuse.com)

It notifies you if others have reported a target vittual currency address as associated with malicious activity.

The results include a summary of the activity and the email addresses sending malicious email.

- Wallet Explorer (walletexplorer.com)

Many people possess numerous addresses and store them all within a virtual wallet.

- Virtual Currency APIs

Validation: The following URL provides an indication whether a provided address is valid or invalid —> https://blockexplorer.com/api/addr/xxx
Value: The following URL presents the current value of one Bitcoin —> https://blockchain.info/q/24hrprice
Received: This URI displays the total amount of Bitcoin received by a specific address. It is important to note that this amount will be in "'Satoshi" —> https://blockchain.info/q/getreceivedbyaddress/xxx
Sent: This URL displays the total amount of Bitcoin sent by a specific address, also in Shatoshi —> https://blockchain.info/q/getsentbyaddress/xxx
Balance: This utility displays the current balance of an address in "Satoshi" —> https://blockchain.info/q/addressbalance/xxx
BC> USD Value: The following URI will always display the current value of any amount of Bitcoin in USD —> https://api.exchangerate.host/convert?from=BTC&to=USD&amount=xxx
USD > BTC Value: The following URL will always display the current Bitcoin value of any amount of USD —> https://blockchain.info/tobte?currency=USD&value=xxx
Satoshi > USD Value: The following URL will always display the current value of any amount of Satoshi in USD —> https://api.exchangerate.host/convert?from=SAT&to=USD&amount=xxx.
USD > Satoshi Value: The following URL, will always display the curtent Satoshi value of any amount of USD —> https://api.exchangerate.host/convert?from=USD&to=SAT&amount=xxx
Summary: This URL displays a brief summary of a Bitcoin address including total received, total sent, balance, total transactions, first transaction, and most recent transaction —> https://chain.api.btc.com/v3/address/xxx
First seen: This Blockchain query displays the date which a virtual currency address transaction was first seen within the public blockchain —> https://blockchain.info/q/addressfirstseen/xxx

- Scam Search (scamsearch.io)

It can also be used to query virtual currency addresses.

Reveals email addresses, IP addresses, and locations associated with an online extortion suspect.

- IntelTechniques Virtual Currency Tool

This tool simplifies the previous techniques.

Code at Currencies.html.

- Bitref (https://bitref.com/)

- Oxt.me (https://oxt.me/)

PreviousOnline Maps NextLeaks, Breaches, Logs and Ransomware

Last updated 1 year ago