Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
๐šƒ๐šŠ๐šŒ๐š๐š’๐šŒ๐šŠ๐š• ๐™พ๐š‚๐™ธ๐™ฝ๐šƒ ๐• Profile picture
@OSINT_Tactical
Oct 17, 2022 โ€ข 8 tweets โ€ข 5 min read โ€ข Read on X
Scrolly
๐ŸงตThread! 1/8 : @jakecreps asked about what OSINT can be gathered using DevTools. One of my favorites is using Google Reviews to see what date a subject was in a location, file name used, upload time and date.

#OSINT #devtools #browser #sourcecode
๐Ÿงต2/8 : The techniques within this thread are to be used on Google Reviews, the intelligence gathered can't be seen or obtained without using Dev Tools, the first initial work on this came from @BanPangar, whom I assisted in the final steps for the different dates understanding.
๐Ÿงต3/8 : Let's start with my chosen photo which is a cup of coffee. Using exiftool, we can see the photo was taken on the 27th of September 2022 at 17h57 +2 GMT. *I will change the file name to "ilovgoogle" Image
๐Ÿงต4/8 : The photo was posted on the company page, quite amazing and not really relevant but only a few seconds after posting, 12 people had already viewed the photo. Kind of strange at this time of night. But nice to be followed, even during dark hours....๐Ÿ˜Ž Image
๐Ÿงต5/8: Now let's get down to business on this photo, let's see what Google does. By clicking on the photo, we can see Google does read Exif/Metadata, the date of visit to the company has not been put as 18/10/22, it shows September, even though this photo was posted just mins ago Image
๐Ÿงต6/8 : Now it's getting very interesting!
1. inspect element --> 2. Network --> 3. img --> 4. click on the photo --> 5. headers
Guess what!"ilovgoogle" is there, Google doesn't clean file names, imagine you don't have a name for the subject, and you get "Dave_at_work"๐Ÿ˜ˆ Image
๐Ÿงต 7/8: Also try: 1. Go to Fetch/XHR (this technique was found by @BanPangar) --> 2. Look for files that start with V1? and double click --> 3. You will get a file in your downloads named photometa.js
--> Open the file however you wish to open it (.txt or chrome etc...) Image
๐Ÿงต 8/8: To finish up, let's take a look at the photometa JS file and analyse what's in there. The first date is the date the photo was taken, second date is the upload date and time in GMT. See attached screenshot with the full info. Maybe we can make a script @GONZOs_int ๐Ÿ˜Ž Image

โ€ข โ€ข โ€ข

Missing some Tweet in this thread? You can try to force a refresh
ใ€€

Keep Current with ๐šƒ๐šŠ๐šŒ๐š๐š’๐šŒ๐šŠ๐š• ๐™พ๐š‚๐™ธ๐™ฝ๐šƒ ๐•

๐šƒ๐šŠ๐šŒ๐š๐š’๐šŒ๐šŠ๐š• ๐™พ๐š‚๐™ธ๐™ฝ๐šƒ ๐• Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @OSINT_Tactical

๐šƒ๐šŠ๐šŒ๐š๐š’๐šŒ๐šŠ๐š• ๐™พ๐š‚๐™ธ๐™ฝ๐šƒ ๐• Profile picture
Jul 28
1/6: Using #OSINT to geolocate ๐Ÿ“Œ #CelineDion in #Paris2024 .
In the photo she shared, we can see a book "Horses of Qatar", *first clue which possibly indicates that she may have stayed in a hotel owned by #Qatar ๐Ÿ‡ถ๐Ÿ‡ฆ. #France #Geoint #Paris #OlympicGames
2/6: Searching through prestigious #Paris Hotels owned by Qatar, I found the Hotel Royal Monceau Raffles, which belongs to Katar Hospitality:
#OSINT #Qatar #France #OlympicGames #Paris2024 katarahospitality.com
Image
3/6: Using @googlemaps, no buildings across from the Hotel match ๐Ÿ˜ญ. But why would a #VIP want to be vulnerable with a front view? I got a full match using @Apple Maps by searching the back. *Google Earth Pro is good but heavy & CPU Intensive. #OSINT #GEOINT #Paris2024
Image
Image
Read 8 tweets
๐šƒ๐šŠ๐šŒ๐š๐š’๐šŒ๐šŠ๐š• ๐™พ๐š‚๐™ธ๐™ฝ๐šƒ ๐• Profile picture
Jul 20
Thread ๐Ÿงต 1/4:

Some information about Qatari๐Ÿ‡ถ๐Ÿ‡ฆ forces patrolling the streets of #Paris #France for the #Paris2024 #OlympicGames

If you are attending, you may notice Qatari forces are present.
They patrol on foot and in light armoured vehicles.

It is the Qatar Internal Security Force (ISF) called #Lekhwiya ู„ุฎูˆูŠุง.

In Qatar they are considered an elite force tasked with Counter-Terrorism, VIP Protection, riot control and moreโ€ฆ

Their role is to help France secure the Olympic Games, there is also rumor that they are providing some equipment to French forces such as night vision but this has not been 100% confirmed.
#OSINT #QatarImage
Image
Image
Thread ๐Ÿงต 2/4:

You will see their emblem/logo below, they are recognizable due to their blue camo DPM uniforms and a light blue beret with the Lekhwiya pin on. #Paris2024 #OlympicGames #Qatar #OSINT


Image
Image
Image
Image
Thread ๐Ÿงต 3/4:

They came with a few Raider LTAV ( Light Armored Tactical Vehicle) made in Qatar ๐Ÿ‡ถ๐Ÿ‡ฆ by Stark Motors Qatar:
The Raider LTAV is built on a Dodge Ram 5500 chassis, 4x4, 6,7L, automatic.
10 Pax seating capacity. (2+8)

The Raider is designed to provide protection from a variety of small arms, explosives and IED threats.

The sides and back are armored to level FB7 (7,62 x 51 FMJ / Pointed Bullet Steel hard core)

#Qatar #protection #bulletproof #armored #ParisOlympics2024 #Lekhwiyastarkmotors.co/listings/raideโ€ฆImage
Image
Image
Image
Read 4 tweets
๐šƒ๐šŠ๐šŒ๐š๐š’๐šŒ๐šŠ๐š• ๐™พ๐š‚๐™ธ๐™ฝ๐šƒ ๐• Profile picture
Mar 28
#OSINT Thread ๐Ÿงต1/11:

โš ๏ธ A fake French Ministry of Armed Forces website was taken down today.

was claiming to be recruiting 200,000 French people to go to fight in #Ukraine.
It also stated on the website:
*LES IMMIGRร‰S SONT PRIORITAIRES (immigrants will be given priority)

Probable Motivations:
โžก๏ธ To spread #disinformation on #France sending troops to Ukraine soon
โžก๏ธ To cause general panic amongst the French population
โžก๏ธ To get the personal data of the French people who used the contact form. (salaries were put very high in order to maximise requests to join the army)
โžก๏ธ To track visitor numbers to see how many people are interested in the war in Ukraine.
โžก๏ธ To gain intelligence on the number of people interested and willing to go to fight in Ukraine

sengager-ukraine.fr
Thread ๐Ÿงต2/11:
The domain name was purchased on 15 March 2024.
Only 24 hours after Macron's speech on French TV, he said on 14 March 2024: โ€œIf the situation were to deteriorate, we must be ready and we will be readyโ€
If we look at the creation date and time, and the update date and time, it's always around 15h30. (Modifications to a WHOIS record are typically initiated by the domain owner or someone with administrative rights over the domain)
domain:
Expiry Date: 2025-03-15T15:29:04.242295Z
created: 2024-03-15T15:29:04.260955Z
last-update: 2024-03-20T15:37:23.350728Zsengager-ukraine.fr
sengager-ukraine.fr
Thread ๐Ÿงต3/11:
The domain was purchased with 1API GmbH
1API GmbH
KaiserstraรŸe 172-174
66386 St. Ingbert, Germany
Phone: +49.6894.9396-760
Email: abuse@1api.net
CEO: Oliver Fries & Johannes Steck
Tax ID: 075/108/00766
V.A.T. ID: DE248636780 Image
Read 12 tweets
๐šƒ๐šŠ๐šŒ๐š๐š’๐šŒ๐šŠ๐š• ๐™พ๐š‚๐™ธ๐™ฝ๐šƒ ๐• Profile picture
Mar 5, 2023
Hope this can help LE in TX.
-REG: SJZ-6295
-State: TX
-2021 Ram 2500 6.4L V8
-Price: $51,437 USD
-VIN: 3C6TR5EJ4MG659516
-Gary Cau***** (pkimgcdn.peekyou.com/e7012251bf0d94โ€ฆ)
-garycaud****@gmail.com
-Tel: +136078918**
-Adress: 170* Timberc**** Dr. Garl***

#OSINT
Read 5 tweets
๐šƒ๐šŠ๐šŒ๐š๐š’๐šŒ๐šŠ๐š• ๐™พ๐š‚๐™ธ๐™ฝ๐šƒ ๐• Profile picture
Jan 31, 2023
Great OSINT Skills by @Highfivelol!
Damaging video seen by millions on Pfizer shows a Pfizer director talking about #DirectedEvolution. In a matter of hours, #JordonWalker got wiped off the www which proves the high priority of the case. threadreaderapp.com/thread/1618473โ€ฆ
#OSINT #Pfizer
@Highfivelol Don't know if this had been found yet. #jordonwalker is on a photo of the The Harvard Urologic Surgery Residency Program at Massachusetts General. (top right) #OSINT #Pfizer Image
Seems he travelled to Europe and Budapest before Covid broke out. Image
Read 4 tweets
๐šƒ๐šŠ๐šŒ๐š๐š’๐šŒ๐šŠ๐š• ๐™พ๐š‚๐™ธ๐™ฝ๐šƒ ๐• Profile picture
Oct 22, 2022
๐ŸงตThread 1/6: Many accounts (including OSINT people) across social media are still spreading this photo claiming the French Gov purchased thousands of electric vehicles left to rot. The below ๐Ÿ‘‡ was posted an hour ago on LinkedIn. Letโ€™s use some #OSINT to check it out. ImageImage
๐ŸงตThread 2/6: Letโ€™s look closely at the photo. We can see a watermark: @greg_abandoned. Image
๐ŸงตThread 3/6: Finding @greg_abandoned on Instagram wasnโ€™t too difficult ๐Ÿ˜, zooming in on plates, we can see the plates look nothing like French plates, the writing is in Chinese๐Ÿ‡จ๐Ÿ‡ณ : instagram.com/p/CS22ZlDJIn4/
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(