Week in OSINT #2022-04

This week it's a really filled episode on topics ranging from captured pages to OpSec in TikTok!

What a week it has been! So many awesome things that were shared with me, and so many topics I really wanted to write about, but so little time. I'm happy that I managed to find enough time to write about some very interesting topics. Again I learned a lot of new tricks and found new topics to dive into, like the news media run by the GRU, or a new plugin for Maltego. Thanks for sharing all these things with the OSINT community, so I can collect them and give you my view on the following topics:

  • URL Shorteners
  • Ginger__T on Telegram
  • Maigret and Maltego
  • Archived Pages
  • GRU's Galaxy
  • AHREFS and Backlinks
  • State of OSINT
  • Polycam

Tip: URL Shorteners

It's been some time ago that OSINTtechniques gave some tips on how to view the link behind a URL shortener (link to original tweet). Many of these services have some way of previewing the link behind it, and else there are services that can show you where a link will lead you, here's a small overview of some of the most used services:

Service Info
Bitly.com Add + at the end
Cutt.ly Add @ at the end, or visit https://cutt.ly/preview and turn on preview mode
Goo.gl Add: + at the end
Is.gd Add - at the end
Tiny.cc Add = at the end , or ~ for statistics
TinyURL.com Add preview. in front of the URL

If you want to use a third party platform to follow the link, the do look at the last item in my Week in OSINT 2021-16. And even more services and how to preview their links can be found in an awesome cheat sheet that is curated by @SEINT_pl.

Cheat sheet: https://seintpl.github.io/osint/...

Article: Ginger__T on Telegram

@Ginger__T wrote an article on Telegram, where he talks about some features, research options and the OpSec of having a Telegram account. He also discovered a new feature that slipped past me: The new in-app translate feature of the latest Telegram clients.

Link: https://www.cqcore.uk/telegram-fundamentals/

Tool: Maigret and Maltego

Twitter user @OS2INT wrote about a new local Maltego transform: Maigret. The article didn't specify how to install it, but a little search led me to the original GitHub page from the awesome @Soxoj. After installing it into Maltego, it was a breeze to run it! Another awesome local transform for Maltego, even if it comes with a lot of false positives.

Searching for Johnny with Maigret
Searching for Johnny with Maigret

Link: https://github.com/soxoj/maigret-maltego

Os2Int Artcile: https://os2int.com/toolbox/...]

Tip: Archived Pages

Jordan Wildon shared an awesome tip on Twitter, showing how to retrieve all the captured pages of a specific URL and it's subpages from The Internet Archive. In his example he used a Twitter profile, but this can be tweaked to anything you want. I changed the example he showed slightly, to only show tweets and nothing else.


Let's have a look at everything that's inside this URL, by going over the options that I found over at GitHub:

Item Explanation
web/timemap/ An overview of all archived 'Mementos' and their date (RFC 8079)
matchType=prefix Return all matches that have the same URL path that was provided
collapse=urlkey Only return unique URL's, even if there are multiple captures
output=json The output format, if removed it returns just a list of URL's
fl=original Field order, where original defaults to alphanumerical order
mimetype Will include the type of content, ie: text/html, application/json, unk(own) but it's quite useless here
timestamp Show the timestamp of first capture
endtimestamp Show the timestamp of latest capture
groupcount Total amount of captures for the URL
uniquecount Amount of unique captures for the URL
filters= A set of filters, they follow right after this
!statuscode:[45] Don't show pages matching a specific HTTP error code. This is probably a typo, since HTTP error code 45 doesn't exist. Maybe this should be: 404, meaning 'page not found'
limit=100000 Maximum amount of results to return

Article: GRU's Galaxy

Openfacto published a report on more than 1300 online news portals that seemed to be connected to the GRU, the Russian intelligence service. The report not only explains how the websites were found, but also give insight in the very timely registration of domain names, their content and the location of the 'target audience'. An interesting and well written report from this organization.

InfoRos websites throughout Russia - Image © by OpenFacto
InfoRos websites throughout Russia - Image © by OpenFacto

Link: https://openfacto.fr/2022/01/27/...

Tip: AHREFS and Backlinks

Twitter user @UnleashedOsint found out she could buy access to the vast amount of data inside AHREFS. When going over the 'backlink' section, it was evident that there is lots of information that could be gained about Telegram, and surely about other platforms that are tracked too. Interesting thread of tweets here

Twitter thread: https://twitter.com/UnleashedOsint/status/1486304518254075904

Site: State of OSINT

Last year the State of OSINT was launched, and this year they're back. @Ginsberg5150 has gathered a team of experts that share their 2021 highlights, talk about trends and tools, and the changes within the OSINT landscape. The interviews are a good summary of the state of OSINT within different areas of expertise.

Interviews with OSINT experts over at the State of OSINT
Interviews with OSINT experts over at the State of OSINT

Link: https://stateofosint.com

Tip: Polycam

An upcoming trend seems to be the usage of LiDAR in iPhones to create a 3D view of locations, with the use of Polycam. This is an interesting development and besides it being an opportunity to view inside people's homes, it wouldn't surprise me that at some point such a video will turn up in an investigation. Thanks @Zewensec for pointing out this new trend!

Looking inside people's rooms and houses with Polycam
Looking inside people's rooms and houses with Polycam

Have a good week and have a good search!

Previous Post Next Post