π§΅Thread! 1/8 : @jakecreps asked about what OSINT can be gathered using DevTools. One of my favorites is using Google Reviews to see what date a subject was in a location, file name used, upload time and date.
π§΅2/8 : The techniques within this thread are to be used on Google Reviews, the intelligence gathered can't be seen or obtained without using Dev Tools, the first initial work on this came from @BanPangar, whom I assisted in the final steps for the different dates understanding.
π§΅3/8 : Let's start with my chosen photo which is a cup of coffee. Using exiftool, we can see the photo was taken on the 27th of September 2022 at 17h57 +2 GMT. *I will change the file name to "ilovgoogle"
π§΅4/8 : The photo was posted on the company page, quite amazing and not really relevant but only a few seconds after posting, 12 people had already viewed the photo. Kind of strange at this time of night. But nice to be followed, even during dark hours....π
π§΅5/8: Now let's get down to business on this photo, let's see what Google does. By clicking on the photo, we can see Google does read Exif/Metadata, the date of visit to the company has not been put as 18/10/22, it shows September, even though this photo was posted just mins ago
π§΅6/8 : Now it's getting very interesting! 1. inspect element --> 2. Network --> 3. img --> 4. click on the photo --> 5. headers
Guess what!"ilovgoogle" is there, Google doesn't clean file names, imagine you don't have a name for the subject, and you get "Dave_at_work"π
𧡠7/8: Also try: 1. Go to Fetch/XHR (this technique was found by @BanPangar) --> 2. Look for files that start with V1? and double click --> 3. You will get a file in your downloads named photometa.js
--> Open the file however you wish to open it (.txt or chrome etc...)
𧡠8/8: To finish up, let's take a look at the photometa JS file and analyse what's in there. The first date is the date the photo was taken, second date is the upload date and time in GMT. See attached screenshot with the full info. Maybe we can make a script @GONZOs_int π
β’ β’ β’
Missing some Tweet in this thread? You can try to
force a refresh
β οΈ A fake French Ministry of Armed Forces website was taken down today.
was claiming to be recruiting 200,000 French people to go to fight in #Ukraine.
It also stated on the website:
*LES IMMIGRΓS SONT PRIORITAIRES (immigrants will be given priority)
Probable Motivations:
β‘οΈ To spread #disinformation on #France sending troops to Ukraine soon
β‘οΈ To cause general panic amongst the French population
β‘οΈ To get the personal data of the French people who used the contact form. (salaries were put very high in order to maximise requests to join the army)
β‘οΈ To track visitor numbers to see how many people are interested in the war in Ukraine.
β‘οΈ To gain intelligence on the number of people interested and willing to go to fight in Ukraine
Thread π§΅2/11:
The domain name was purchased on 15 March 2024.
Only 24 hours after Macron's speech on French TV, he said on 14 March 2024: βIf the situation were to deteriorate, we must be ready and we will be readyβ
If we look at the creation date and time, and the update date and time, it's always around 15h30. (Modifications to a WHOIS record are typically initiated by the domain owner or someone with administrative rights over the domain)
domain:
Expiry Date: 2025-03-15T15:29:04.242295Z
created: 2024-03-15T15:29:04.260955Z
last-update: 2024-03-20T15:37:23.350728Zsengager-ukraine.fr sengager-ukraine.fr
Thread π§΅3/11:
The domain was purchased with 1API GmbH
1API GmbH
KaiserstraΓe 172-174
66386 St. Ingbert, Germany
Phone: +49.6894.9396-760
Email: abuse@1api.net
CEO: Oliver Fries & Johannes Steck
Tax ID: 075/108/00766
V.A.T. ID: DE248636780
@Highfivelol Don't know if this had been found yet. #jordonwalker is on a photo of the The Harvard Urologic Surgery Residency Program at Massachusetts General. (top right) #OSINT#Pfizer
Seems he travelled to Europe and Budapest before Covid broke out.
π§΅Thread 1/6: Many accounts (including OSINT people) across social media are still spreading this photo claiming the French Gov purchased thousands of electric vehicles left to rot. The below π was posted an hour ago on LinkedIn. Letβs use some #OSINT to check it out.
π§΅Thread 2/6: Letβs look closely at the photo. We can see a watermark: @greg_abandoned.
π§΅Thread 3/6: Finding @greg_abandoned on Instagram wasnβt too difficult π, zooming in on plates, we can see the plates look nothing like French plates, the writing is in Chineseπ¨π³ : instagram.com/p/CS22ZlDJIn4/
π§΅Thread 1/17: King Charles's Protection Officer was seen on the 09th September 2022 with a strange looking handgun according to UK Press. #OSINT#KingCharlesIII#UK#SO14
π§΅2/17: UK Royalty Protection Officers usually belong to SO14: eliteukforces.info/police/SO14-roβ¦
We can see from the photo that the pistol grip is pointing outwards, which indicates the officer is right-handed and opted for a cross-draw type carry.
π§΅3/17: SO14 Officers carry a Glock 17 (9mm), the handgun does not look like a G17. The daily star newspaper states " A gun was spotted poking out of the armed guard's blazer". To support the claims about officers carrying a Glock 17, read this article:theguardian.com/uk/2000/jun/16β¦
1 of 7
Used Colossyan.com for the below video of my friend Ryan Shaw who is an FBI Agent.
Ryan Shaw does not exit and was fabricated by me. Everything was chosen, the moving background, the AI person, the accent, the language. #AI#Artificial_Intelligence
2 of 7
Used deepswap.ai for the video below. The face of Obama was swapped for the face of Gen. Colin Powell. Software didnβt change the shape of Obamaβs face, did some additional modifications with Veed.io, voice wasnβt changed. #AI#OSINT