๐งตThread! 1/8 : @jakecreps asked about what OSINT can be gathered using DevTools. One of my favorites is using Google Reviews to see what date a subject was in a location, file name used, upload time and date.
๐งต2/8 : The techniques within this thread are to be used on Google Reviews, the intelligence gathered can't be seen or obtained without using Dev Tools, the first initial work on this came from @BanPangar, whom I assisted in the final steps for the different dates understanding.
๐งต3/8 : Let's start with my chosen photo which is a cup of coffee. Using exiftool, we can see the photo was taken on the 27th of September 2022 at 17h57 +2 GMT. *I will change the file name to "ilovgoogle"
๐งต4/8 : The photo was posted on the company page, quite amazing and not really relevant but only a few seconds after posting, 12 people had already viewed the photo. Kind of strange at this time of night. But nice to be followed, even during dark hours....๐
๐งต5/8: Now let's get down to business on this photo, let's see what Google does. By clicking on the photo, we can see Google does read Exif/Metadata, the date of visit to the company has not been put as 18/10/22, it shows September, even though this photo was posted just mins ago
๐งต6/8 : Now it's getting very interesting! 1. inspect element --> 2. Network --> 3. img --> 4. click on the photo --> 5. headers
Guess what!"ilovgoogle" is there, Google doesn't clean file names, imagine you don't have a name for the subject, and you get "Dave_at_work"๐
๐งต 7/8: Also try: 1. Go to Fetch/XHR (this technique was found by @BanPangar) --> 2. Look for files that start with V1? and double click --> 3. You will get a file in your downloads named photometa.js
--> Open the file however you wish to open it (.txt or chrome etc...)
๐งต 8/8: To finish up, let's take a look at the photometa JS file and analyse what's in there. The first date is the date the photo was taken, second date is the upload date and time in GMT. See attached screenshot with the full info. Maybe we can make a script @GONZOs_int ๐
โข โข โข
Missing some Tweet in this thread? You can try to
force a refresh
1/6: Using #OSINT to geolocate ๐ #CelineDion in #Paris2024 .
In the photo she shared, we can see a book "Horses of Qatar", *first clue which possibly indicates that she may have stayed in a hotel owned by #Qatar ๐ถ๐ฆ. #France #Geoint #Paris #OlympicGames
2/6: Searching through prestigious #Paris Hotels owned by Qatar, I found the Hotel Royal Monceau Raffles, which belongs to Katar Hospitality:
#OSINT #Qatar #France #OlympicGames #Paris2024 katarahospitality.com
3/6: Using @googlemaps, no buildings across from the Hotel match ๐ญ. But why would a #VIP want to be vulnerable with a front view? I got a full match using @Apple Maps by searching the back. *Google Earth Pro is good but heavy & CPU Intensive. #OSINT #GEOINT #Paris2024
Some information about Qatari๐ถ๐ฆ forces patrolling the streets of #Paris #France for the #Paris2024 #OlympicGames
If you are attending, you may notice Qatari forces are present.
They patrol on foot and in light armoured vehicles.
It is the Qatar Internal Security Force (ISF) called #Lekhwiya ูุฎููุง.
In Qatar they are considered an elite force tasked with Counter-Terrorism, VIP Protection, riot control and moreโฆ
Their role is to help France secure the Olympic Games, there is also rumor that they are providing some equipment to French forces such as night vision but this has not been 100% confirmed.
#OSINT #Qatar
Thread ๐งต 2/4:
You will see their emblem/logo below, they are recognizable due to their blue camo DPM uniforms and a light blue beret with the Lekhwiya pin on. #Paris2024 #OlympicGames #Qatar #OSINT
Thread ๐งต 3/4:
They came with a few Raider LTAV ( Light Armored Tactical Vehicle) made in Qatar ๐ถ๐ฆ by Stark Motors Qatar:
The Raider LTAV is built on a Dodge Ram 5500 chassis, 4x4, 6,7L, automatic.
10 Pax seating capacity. (2+8)
The Raider is designed to provide protection from a variety of small arms, explosives and IED threats.
The sides and back are armored to level FB7 (7,62 x 51 FMJ / Pointed Bullet Steel hard core)
โ ๏ธ A fake French Ministry of Armed Forces website was taken down today.
was claiming to be recruiting 200,000 French people to go to fight in #Ukraine.
It also stated on the website:
*LES IMMIGRรS SONT PRIORITAIRES (immigrants will be given priority)
Probable Motivations:
โก๏ธ To spread #disinformation on #France sending troops to Ukraine soon
โก๏ธ To cause general panic amongst the French population
โก๏ธ To get the personal data of the French people who used the contact form. (salaries were put very high in order to maximise requests to join the army)
โก๏ธ To track visitor numbers to see how many people are interested in the war in Ukraine.
โก๏ธ To gain intelligence on the number of people interested and willing to go to fight in Ukraine
Thread ๐งต2/11:
The domain name was purchased on 15 March 2024.
Only 24 hours after Macron's speech on French TV, he said on 14 March 2024: โIf the situation were to deteriorate, we must be ready and we will be readyโ
If we look at the creation date and time, and the update date and time, it's always around 15h30. (Modifications to a WHOIS record are typically initiated by the domain owner or someone with administrative rights over the domain)
domain:
Expiry Date: 2025-03-15T15:29:04.242295Z
created: 2024-03-15T15:29:04.260955Z
last-update: 2024-03-20T15:37:23.350728Zsengager-ukraine.fr sengager-ukraine.fr
Thread ๐งต3/11:
The domain was purchased with 1API GmbH
1API GmbH
Kaiserstraรe 172-174
66386 St. Ingbert, Germany
Phone: +49.6894.9396-760
Email: abuse@1api.net
CEO: Oliver Fries & Johannes Steck
Tax ID: 075/108/00766
V.A.T. ID: DE248636780
@Highfivelol Don't know if this had been found yet. #jordonwalker is on a photo of the The Harvard Urologic Surgery Residency Program at Massachusetts General. (top right) #OSINT#Pfizer
Seems he travelled to Europe and Budapest before Covid broke out.
๐งตThread 1/6: Many accounts (including OSINT people) across social media are still spreading this photo claiming the French Gov purchased thousands of electric vehicles left to rot. The below ๐ was posted an hour ago on LinkedIn. Letโs use some #OSINT to check it out.
๐งตThread 2/6: Letโs look closely at the photo. We can see a watermark: @greg_abandoned.
๐งตThread 3/6: Finding @greg_abandoned on Instagram wasnโt too difficult ๐, zooming in on plates, we can see the plates look nothing like French plates, the writing is in Chinese๐จ๐ณ : instagram.com/p/CS22ZlDJIn4/