back to top
Search

On the Hunt for Remnants of the Samourai Pockets Crypto Mixing Providers within the DNS

By cointrolly
33Views
Reading Time: 2 min.
Previous article
Right here’s why these 2 penny shares may very well be on the cusp of hovering!
Next article
Phoenix Memecoin ($PHNX) Launches with Progressive Tokenomics and Group Focus

Related Article

Keonne Rodriguez and William Lonergan Hill, founders of Samourai Pockets, a cryptocurrency mixing service, have been sentenced in April 2024 and their websites taken down for executing greater than US$2 billion in illegal transactions and laundering greater than US$100 million in prison proceeds. Are all traces of the unlawful enterprise within the DNS gone? Or do some stay? The WhoisXML API research crew sought to seek out out.

Our crew obtained three domains tagged as Samourai Pockets indicators of compromise (IoCs)—samourai[.]io, samourai[.]help, and samouraiwallet[.]com—from menace researcher Dancho Danchev. To uncover presumably associated menace artifacts that stay unidentified thus far, we expanded the listing of IoCs aided by our complete DNS intelligence sources and located:

  • 4 IP addresses, three of that are malicious
  • Two IP-connected domains
  • 66 string-connected domains

Be aware that this publish incorporates solely a preview of our findings. The complete research, together with a pattern of the extra artifacts obtained from our analysis can be found for obtain from our web site.

Samourai Pockets IoC Information

We started our analysis by subjecting the three domains recognized as IoCs to a bulk WHOIS lookup, which revealed that:

  • They have been break up between two registrars. Namecheap, Inc. administered two area IoCs whereas Gandi SAS dealt with one.

  • The menace actors appear to favor utilizing outdated domains, created on the time the providers have been first supplied, that’s 2015. Two area IoCs have been created in 2015 whereas one was created in 2021.

    14518b

  • The area IoCs have been registered in two international locations. Two have been registered in Iceland and one within the U.S.

    14518c

On to the Hunt for Related Artifacts

We started our seek for artifacts probably linked to Samourai Pockets by conducting WHOIS Historical past API queries for the three domains tagged as IoCs. That led to the invention of three e mail addresses after duplicates have been filtered out. None of them, nonetheless, have been public e mail addresses, thus ending our seek for email-connected domains.

Subsequent, we subjected the three domains recognized as IoCs to DNS lookups, which enabled us to uncover 4 distinctive IP deal with resolutions. Menace intelligence lookups for the IP addresses confirmed that three—104[.]21[.]68[.]107, 162[.]255[.]119[.]8, and 172[.]67[.]194[.]72—have been related to numerous threats. The IP deal with 104[.]21[.]68[.]107, for example, was linked to phishing and generic threats.

We then sought to uncover extra details about the 4 IP addresses by way of a bulk IP geolocation lookup.

This publish solely incorporates a snapshot of the total research. Obtain the entire findings and a pattern of the extra artifacts on our web site or contact us to debate your intelligence wants for menace detection and response or different cybersecurity use instances.

Disclaimer: We take a cautionary stance towards menace detection and goal to offer related data to assist defend towards potential risks. Consequently, it’s potential that some entities recognized as “threats” or “malicious” could ultimately be deemed innocent upon additional investigation or modifications in context. We strongly advocate conducting supplementary investigations to corroborate the data supplied herein.

Previous article
Right here’s why these 2 penny shares may very well be on the cusp of hovering!
Next article
Phoenix Memecoin ($PHNX) Launches with Progressive Tokenomics and Group Focus

Related Article

Useful Links

Topics

Top Coins

Join Us

© 2024 Coin Trolly. All Rights Reserved.