Look up anything

Look up anything

We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

back to top
Search
Search

On the Hunt for Remnants of the Samourai Pockets Crypto Mixing Providers within the DNS

By cointrolly
40Views
Reading Time: 2 min.
Previous article
Right here’s why these 2 penny shares may very well be on the cusp of hovering!
Next article
Phoenix Memecoin ($PHNX) Launches with Progressive Tokenomics and Group Focus

Related Article

Keonne Rodriguez and William Lonergan Hill, founders of Samourai Pockets, a cryptocurrency mixing service, have been sentenced in April 2024 and their websites taken down for executing greater than US$2 billion in illegal transactions and laundering greater than US$100 million in prison proceeds. Are all traces of the unlawful enterprise within the DNS gone? Or do some stay? The WhoisXML API research crew sought to seek out out.

Our crew obtained three domains tagged as Samourai Pockets indicators of compromise (IoCs)—samourai[.]io, samourai[.]help, and samouraiwallet[.]com—from menace researcher Dancho Danchev. To uncover presumably associated menace artifacts that stay unidentified thus far, we expanded the listing of IoCs aided by our complete DNS intelligence sources and located:

  • 4 IP addresses, three of that are malicious
  • Two IP-connected domains
  • 66 string-connected domains

Be aware that this publish incorporates solely a preview of our findings. The complete research, together with a pattern of the extra artifacts obtained from our analysis can be found for obtain from our web site.

Samourai Pockets IoC Information

We started our analysis by subjecting the three domains recognized as IoCs to a bulk WHOIS lookup, which revealed that:

  • They have been break up between two registrars. Namecheap, Inc. administered two area IoCs whereas Gandi SAS dealt with one.

  • The menace actors appear to favor utilizing outdated domains, created on the time the providers have been first supplied, that’s 2015. Two area IoCs have been created in 2015 whereas one was created in 2021.

    14518b

  • The area IoCs have been registered in two international locations. Two have been registered in Iceland and one within the U.S.

    14518c

On to the Hunt for Related Artifacts

We started our seek for artifacts probably linked to Samourai Pockets by conducting WHOIS Historical past API queries for the three domains tagged as IoCs. That led to the invention of three e mail addresses after duplicates have been filtered out. None of them, nonetheless, have been public e mail addresses, thus ending our seek for email-connected domains.

Subsequent, we subjected the three domains recognized as IoCs to DNS lookups, which enabled us to uncover 4 distinctive IP deal with resolutions. Menace intelligence lookups for the IP addresses confirmed that three—104[.]21[.]68[.]107, 162[.]255[.]119[.]8, and 172[.]67[.]194[.]72—have been related to numerous threats. The IP deal with 104[.]21[.]68[.]107, for example, was linked to phishing and generic threats.

We then sought to uncover extra details about the 4 IP addresses by way of a bulk IP geolocation lookup.

This publish solely incorporates a snapshot of the total research. Obtain the entire findings and a pattern of the extra artifacts on our web site or contact us to debate your intelligence wants for menace detection and response or different cybersecurity use instances.

Disclaimer: We take a cautionary stance towards menace detection and goal to offer related data to assist defend towards potential risks. Consequently, it’s potential that some entities recognized as “threats” or “malicious” could ultimately be deemed innocent upon additional investigation or modifications in context. We strongly advocate conducting supplementary investigations to corroborate the data supplied herein.

Previous article
Right here’s why these 2 penny shares may very well be on the cusp of hovering!
Next article
Phoenix Memecoin ($PHNX) Launches with Progressive Tokenomics and Group Focus

Related Article

Useful Links

Topics

Top Coins

Join Us

© 2024 Coin Trolly. All Rights Reserved.