Spectra - A Detective in your Browser

User Guide

Overview

Spectra is a modular and continually expanding suite of tools that empowers token holders to conduct in-depth investigations directly within their browser. Designed for convenience and efficiency, Spectra’s modular architecture allows for easy addition of new, high-powered modules. As an added benefit, IOC token holders can request features to be built into Spectra, aligning its development with the community's evolving needs.

With the added peace of mind that no data is stored on Spectra's servers, users can confidently search and analyse sensitive information, knowing their privacy is preserved.

Getting Started

Spectra uses Cloudflare's Turnstile Captcha to ensure you're human. Spectra verifies access by checking if the user holds a minimum balance of IOC tokens, providing Spectra access exclusively to token holders.

How to Get Started:

• Spectra is only currently designed to work with MetaMask.

• Use a desktop or laptop browser - Don't use a mobile phone.

• Make sure you have 100 IOC Tokens in your wallet.

• Navigate to Spectra - spectra.intelligenceonchain.com

• Click Connect Wallet and complete the CAPTCHA.

• Once verified, Spectra’s main features will be enabled, allowing unrestricted use of the available modules. Please note: there are API restrictions - If you spot unknown errors, please enquire with admin@intelligenceonchain.com

Module - Bloodhound Tracker

Purpose

Conducts deep and multi-source searches based on the query entered. It is designed for use with crypto addresses but you can add any query into Bloodhound, providing token holders with a powerful tool for tracking on-chain and off-chain digital footprints.

Outputs

• Arkham Results: Discover details such as wallet names, labels, and associated chains, helping to clarify the nature of the address and its risk level.

• Custom Google and Bing Results: Get a comprehensive view of the queried entity’s presence across search engines, providing insights into online mentions and potential ties.

• SEAL ISAC Data: Access basic data on potentially harmful entities from SEAL ISAC’s extensive database, adding a layer of security by identifying any known suspicious activity.

How to Use

• From the main menu, go to Bloodhound Tracker.

• Enter the wallet, IP address or 'other' query in the search bar and click Search.

• Review results from Arkham, Google, Bing, and SEAL ISAC, all in one place for a streamlined experience.

• Above the four quadrants there are buttons that allow you to perform specific and targeted searches on your target.

Additional Features

Use the 'Query' buttons to quick launch further targeted searches:

• X Query - Returns any mention of your query on X (advance search)

• inText - Targeted Google Dorks search

• inFile - Searches all file types across the internet for any mention of your query

• inLeak - Searches all sites known to house leaked data.

• Yandex - Targeted Yandex search (Russian)

• Baidu - Targeted Baidu search (Chinese)

Module - Username Finder

Purpose

Social Media Deep Search is specifically designed to return results ONLY from social media platforms like FaceBook, Instagram, X and many more. It was designed to help search for usernames but technically can search any query.

How to Use

• Select Social Media Deep Search from the menu.

• Enter the username and select search. Spectra will return links, snippets, and relevant details for the username ONLY from social media platforms, providing an overview of the user’s online footprint.

Module - Hunter: Email Extractor

Purpose

Extracts email addresses connected to a specified domain.

How to Use

• Choose Domain - Email Search from the main menu.

• Input the domain (e.g., intelligenceonchain.com) and start the search.

• Results display in a table format, including any associated names and roles, giving a quick, organized overview of key contacts within the domain.

Module - Website Keyword Extractor

Purpose

Scans a domain to extract associated names and key words, helping users identify potential contacts or to quickly grabs some important information about the people behind an entity. The search works by finding any two words together that both start with a capital letter.

How to Use

• Select Website Keyword Extractor from the main menu.

• Enter the target domain and click Submit.

• The tool will display a list of extracted keywords like names and any two words together with capitals.

Module - Auto Exchange Tracer

This module enables the user to find corresponding outputs from an auto exchange. The user enters the relevant transaction hash, deposit address and a date, then Spectra does the rest

• ChangeNOW

• Fixed Float

• eXch.cx

• Side Shift

• Simple Swap

Limitations

• Spectra currently only analyses EVM chains, Tron and Bitcoin. It does not work with Monero, Litecoin or any other obscure blockchain.

• Whilst the Tracer module may provide you with outputs from the exchange, it is not a proven fact that the input is indeed connected with the output. To determine this, further analysis is required.

Example Data

For this example, I will use data from an actual case. Here are three deposit addresses that all send assets tp the ChangeNOW Hot Wallet.

e.g. Transaction 1

Transaction Hash: 0x285e267655676277662453e0c53f821a772ffe22d2085d04ed6680cb749bac79

Deposit Address: 0x784c8eb50954ef2a2e429ce5f607238238fdf662

Date: 24th February 2024

e.g. Transaction 2

Transaction Hash: 0x9c9e7d29ee2f9cea28be5330d0d2e22715e3175a7e443814dde2c8f42be2049e

Deposit Address: 0xddab121c99b51f79fb0d9f5f44160e0813432a72

Date: 25th March 2024

e.g. Transaction 3

Transaction Hash: 0xc46aff21538d21654b098051e528a3563a98fddd92783c1ed5be19f0e95860a2

Deposit Address: 0xada607682ffb16d8a6504352d7b24334826cc91c

Date: 1st April 2024

How to Use

• From the Spectra main menu, select 'Auto Exchange Trace'

• Select the target exchange

• Click 'Next'

• IMPORTANT - Enter the Transaction Hash FROM the DEPOSIT WALLET to the EXCHANGE HOT WALLET in the relevant field.

• Enter the exchange's Deposit Address into the relevant field

• Select the data of the transaction from the DEPOSIT WALLET to the EXCHANGE HOT WALLET

• Select 'Initiate Tracer'

Options and Variables

On the right hand of the Tracer page, there are a set of variables that you can adjust to suit your needs. Here is a brief description of what each one does. It is important to note that the VALUE and MAX USD variables enable you to essentially search by known amount or a percentage. Make sure both settings are tuned to your requirements

Time (+/- mins)

This allows you to adjust the time range of the analysis. for example, if you are following a transaction that happened at 12pm and your Time tolerance is set to 10 mins, then the Tracer will analyse from 11:50am until 12:10pm, a range of 20 minutes, 10 either side of the input transactions

Value (+/- %)

This allows you to adjust the value range of the analysis. For example, if you are following a transaction that is worth $1,000 and your Value tolerance is set to 0.1 (10%), then the Tracer will analyse from $900 to $1,100 a range of $200. or $100 either side of the input transaction value

Max (+/- USD)

This allows you to adjust the USD range of the analysis. For example, if you are following a transaction that is worth $1,000 and your MAX USD tolerance is set to $5, then the Tracer will analyse from $995 to $1,005 a range of $10. or $5 either side of the input transaction value.

Results - Transaction 1

If a transaction can be found it will be presented as shown below. All transactions that happen within the variables that you set will be displayed for you to see.

NOTE - the top result is to address 0x5a3c0cD06Ea20FC7b42bcA4B2e7ff53488531DA4. This is important because it ties up with the other two transactions, allowing us to confirm this is the output.

In the example below, we're presented with three outputs. This is because there were three output transactions from ChangeNOW that represented the same USD values, on the same day and within the time variables that was set.

Results - Transaction 2

If a transaction can be found it will be presented as shown below. All transactions that happen within the variables that you set will be displayed for you to see.

NOTE - the bottom result is to address 0x5a3c0cD06Ea20FC7b42bcA4B2e7ff53488531DA4. This is important because it ties up with the other two transactions, allowing us to confirm this is the output.

In the example below, we're presented with three outputs. This is because there were three output transactions from ChangeNOW that represented the same USD values, on the same day and within the time variables that was set.

Results - Transaction 3

If a transaction can be found it will be presented as shown below. All transactions that happen within the variables that you set will be displayed for you to see.

NOTE - the ONLY result is to address 0x5a3c0cD06Ea20FC7b42bcA4B2e7ff53488531DA4. This is important because it ties up with the other two transactions, allowing us to confirm this is the output.

In the example below, we're presented with a single output. Based on our findings, we could say with confidence that the output address 0x5a3c us linked to all three inputs and would therefore require further investigation.

Module - Report a Scam (Coming Soon)

Purpose

Enables users to report scam-related information by creating a basic report for the IOC team to follow up and verify. If it is confirmed to be a scam then we will warn the community and share our data with other security researchers.

How to Use

Not currently available