LOADING_MODULE...
//
Evidence
LAST_SCAN:
2m ago
Connect
[EXIT]
EN
LOADING...
root@defense:~/evidence
$
cat findings.json
Gathered Evidence
// Structured findings from tornado.cash investigation
SELECT_CASE:
TC-2025-001
tornado.cash Domain Theft
CP-2025-002
CryptoPrisoners Donation Scam
[Overview]
[Suspect]
[Infra]
Total Findings
24
Confirmed
16
Suspicious
6
Suspect Accounts
21
Active/404
0/21
DNS_RESOLUTION
CONFIRMED
Domain
tornado.cash
Initial IP (Dec 9)
101.99.75.124 (Shinjiru, Malaysia)
Current IP (Dec 12)
213.123.60.195 (BT UK, London)
Server Type
Apache
Expected IP
3.135.72.151 (AWS)
WHOIS_ANALYSIS
CONFIRMED
Registrar
Google Inc.
Created Date
2019-07-17
Domain Status
clientHold (Seized/Suspended)
Initial Hosting (Dec 9)
Shinjiru (Bulletproof, Malaysia)
Current Hosting (Dec 12)
BT UK (London)
IP Migration
101.99.75.124 → 213.123.60.195
Migration Trigger
Moved after investigation exposure
SSL_CERTIFICATE
SUSPICIOUS
Issuer
Let's Encrypt R12
Valid From
December 5, 2025
Certificate Type
Domain Validation (DV)
Issue
Recent issuance after domain seizure
SOURCE_CODE_ANALYSIS
COMPROMISED
Wayback Machine Code
DETECTED - WB$wombat artifacts
Source Origin
Homepage scraped from archive.org
Attack Method
Links redirect to malicious app clone
App Clone
Identical UI redirects to attacker-controlled app
Powered by Torn Guard • Privacy Defence Platform
Torn Guard Defence Suite
Torn Guard - Privacy Defence Suite
