Showing results for tags 'osint 2022'. - CryptoTalk.Org Jump to content

Search the Community

Showing results for tags 'osint 2022'.

The search index is currently processing. Current results may not be complete.


More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Crypto
    • About Forum
    • For Beginners
    • Chia Mining
    • Crypto World
    • Coins / Tokens Talk
    • NFTs & collections
    • Bounties
    • Exchanges
    • Defi
    • Trading
    • Marketplace
    • ICO/IEO's
    • Mobile Apps
    • Wallets
    • Tutorials
    • Mining
    • Services
    • Jobs
    • Artificial Intelligence (AI)
    • Referral Links
    • Gambling/HYIP's/FreeCoins
    • Off Topic
  • Russian
    • О Форуме
    • Новички
    • Chia Майнинг
    • Крипто Мир
    • Монеты / Токены
    • NFT & коллекции
    • Баунти кампании
    • Биржи криптовалют
    • Обменники
    • Defi
    • Трейдинг
    • ICO/IEO's
    • Мобильные Приложения
    • Кошельки
    • Инструкции
    • Майнинг
    • Услуги
    • Работа
    • Искусственный интеллект (ИИ)
    • Игры / Хайпы / Краны
    • Купить / Продать
    • Реферальный раздел
    • Оффтопик

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


BTC


ETH

Found 3 results

  1. Original text and other information on OSINT is available at>>>> His nostrils were permanently flared, as though he sniffed invisible winds of art and commerce. William Gibson, "Count Zero" In this article I will show: How, using the basics of financial investigation and OSINT, we can prove the affiliation of cryptocurrency addresses How by analyzing the transactions of two or more ETH addresses, we can aggregate them into a cluster (i.e. multiple addresses controlled by the same entity) How the attacker's economic activity dataset changes once the addresses are clustered together Let's get started! The most popular onchain detective ZachXBT once posted the following tweet For those unfamiliar with English, let me explain. Using a phishing site, a hacker gained access to the victim's address and stole 3 ERC-721 tokens (NFT). Immediately after the theft (i.e. after sending the tokens from the victim's address to his address, 0x864875aef79B107221bEE89C8ff393BD2B666d96) the hacker sold the NFT on the marketplace Opensea.io. The criminal profits were then laundered through the Tornado.Cash mixer. While our hands are itching to get the target address into https://etherscan.io sooner rather than later, we'll stop on the shore and turn to the theory. The criminal first stole and then sold tokens that use the Ethereum blockchain infrastructure. In order to operate the tokens, you need some amount of cryptocurrency to pay transaction fees. In our case it is the Ethereum blockchain, which means you need some ETH to send tokens or sell them. Let's try to find out where the hacker's address 0x8648... ETH he needed to pay commissions came from. This line of enquiry is called a source search Open Etherscan, insert the address, see the first transactions. They will be right at the bottom of the page. And here are the ones we need: 1, 2. The sender of the funds in the transaction table is always shown on the left of the IN (incoming transaction) or OUT (outgoing transaction) bar So, we have identified the source of the funds, which is address 0xA474cE48300D91334339fb5aDeF99A1B11B1cfe6. What can we extract from this information? In our case, the first address of the hacker, 0x8648... (aka Fake_Phishing5435 in the picture above) never received any funds before the transactions we detected. So address 0xa474... is the sponsor address (or funding address) with respect to the hacker address, or 0x8648..., or Fake_Phishing5435. Most often the sponsor address is affiliated with a target address. The owner of the sponsor address could be, for example, some customer who has paid for services with crypto. Or, for example, the sponsor address is operated by a cryptocurrency exchange whose services are used by the owner of the target address. But even more often, both the target address and the sponsor address have the same owner. Let's analyze the transactions of the sponsor address and try to figure out which option would be correct in our case. The most interesting direction in the case of the sponsoring address is to try to detect suspicious transactions (such as the theft of NFT). To do this, open the address in Etherscan.io and go to "ERC-721 token Txns", which is the section responsible for NFT transfers. We see four transactions, two incoming, two outgoing. The first NFT, Mutant Ape Yacht Club (MAYC), was sold half an hour after receipt. The second, Azuki, 9 (!) minutes later. Seems suspicious to me! But how do we prove that these transactions are not a normal sale, but a real theft? By the consequences! In order to sell MAYC, you have to contact the Opensea marketplace's smart contracts. When you interact with them, the marketplace will automatically generate a profile for you, accessible via a link like "https://opensea.io/ETH_Address". I should also add that Opensea.io actively cooperates with law enforcers and also actively assists victims. In case of hacking, the stolen tokens are blocked and the hacker's account is banned, making his profile inaccessible. Let's try to open the profile of address 0xa474... and examine the transaction history. To do so, go to https://opensea.io/0xA474cE48300D91334339fb5aDeF99A1B11B1cfe6. oops! the address was banned....... We now know two facts about the sponsor address: it transferred money to the hacker's address, which was then used as a commission, and also made questionable transactions with NFT, for which it was banned from Opensea.io. The target address also made questionable transactions with NFT and was banned from Opensea.io. Now let's find out where the criminally obtained coins were sent to. To do this, let's examine the transactions in chronological order and try to find the incoming transactions immediately after the sale of (possibly) stolen NFTs. In this way, we will determine the amount of criminally acquired funds. The transactions we are looking for are found in the Internal Txns section: The hacker received a total of 23.8 ETH. To do this, let's examine the transactions in chronological form and try to find the incoming transactions immediately after the sale of (possibly) stolen NFTs. Who else sent the stolen coins to address 0x945b...? Target address! Withdrawal transactions of stolen funds highlighted in yellow Let's find out what address 0x945b was used for... To do that, we again study the transactions in chronological order, we are interested in all incoming and outgoing transactions after the address received the stolen funds. Target email address (13 ETH) was the first one to receive the stolen funds. Next, address 0x945b accumulated presumably stolen funds from several other addresses, including the target address. The money was then, as ZachXBT wrote, withdrawn to the Tornado.Cash mixer The money sent to the mixer was grouped into two payments of 100 ETH, of which 125 ETH originally belonged to the target address, 13 ETH to the sponsoring address, and the remaining 62 ETH to other addresses. It turns out that either the hacker owns all five addresses and uses 0x945b as an intermediate point before money laundering, or the owner of 0x945b is a separate criminal (money launderer) whose services are used by several criminals at the same time. Let's briefly examine the other hacker addresses: as you can see from the graph, they too have interacted with NFT on Opensea. Let's use the old vetting method and... one of the addresses is in a ban on Opensea! The second address is not in the ban, but appears in the ZachXBT investigation. Here you can see the names and faces of our heroes, the dangerous cybercriminals. Mathys and Camille together Well here comes our friends Mathys and Camille from romantic France shitting themselves hard by posting a screenshot of one of their profiles on Opensea with previously stolen NFTs on their personal Twitter. This profile appears in our investigation, on the graph is address 0x5bb51... Admittedly, I even got a little upset at this stage. How is it, we've only just started and they've already found everyone for us! But I decided not to dwell on Mathis and Kamila and go a bit further and try to add new factors to my investigation. Back to the sponsor address. The sponsor address, like most addresses on the Ethereum network, has its own sponsor address (pardon the recursion). Let's find it! This time the sponsor address is signed in the block browser as Fake_Phsihing5099. Comments about the affiliation of all the addresses appearing in the investigation seem to me to be redundant with: Having discovered the new sponsor address I decided to go towards the final destination of the funds and figure out exactly where Fake_phishing5099 was sending the dirty money. After looking through all the transactions, I found an interesting address 0x27429f480a3E2a69D7E4D738EBc54AeB4096eb43. The owner of this address, according to a thread on epicnpc.com, is spamming in Discord (Discord is where many of the victims received the phishing links). Diwan Nuri (judging by the content of the thread, that's the name of the address owner) was so far-sighted and wise that he registered the forum account with his personal email. This wasn't enough, so he decided to screw one of his potential clients by sending them his ETH address in addition to the email. According to the record we found, Diwan graduated from German Aletta-Haniel-Gesamtschule and now earns his living by spamming and scamming. So, after studying 6 cryptocurrency addresses and their transactions, we found out that: 5-6 of the addresses in question were communicating with NFT. 4 six analyzed addresses were involved in illegal activity and got banned at Opensea 4 six investigated addresses were "skimming" for the withdrawal of funds to the Tornado.Cash mixer 2/six of the addresses have been implicated in existing investigations 6 addresses have close economic ties The couch is not as simple as it looks! In my opinion, the discovered facts are enough to merge the addresses into a cluster. Which addresses do we merge: Target address 0x864875aef79B107221bEE89C8ff393BD2B66d96 Target Address 0xA474cE48300D91334339fb5aDeF99A1B11B1cfe6 Hackers' complementary address #1 0x38dB16DA44A61560e04E94DCb71c3E64Aa94d318 Hackers secondary address #2 0x5bb5180D8b84d754F56e2BC47Dc742d0f5Ac37FE The laundering address 0x945b4a77649Ebe89eABAf03F78A0C8993f99bd41 Fake_Phishing5099 0xdE09020653cA303CFC143d23A18183299558065F What can we learn after clustering the addresses together? First, our 'friends made about $1.7M on such a scam. One million was sent to the Tornado.Cash mixer. Second, just over $300k went to centralised exchanges (those with KYC procedures, cooperating with law enforcement, etc.). $285k went to Coinbase. Thirdly, we will get a much more detailed list of counterparties of this criminal group, which (as in the case of Couch, for example) can lead to interesting findings. And it could help law enforcement to trace the stolen money back to exchanges and exchanges. Conclusions As you can see from the material above, cryptocurrency is far from always anonymous. By properly applying OSINT and financial investigation techniques and methods, as well as knowing the theory of cryptocurrency, even large thefts can be successfully investigated, let alone small ones like the one we discussed today. What can we do concretely? Look for the source of the funds (sponsor address) and the final destination of the funds. Analyse in detail the transactions of each address in question. We can cluster the addresses based on this data. This may be done either within the software you are using, e.g. Cheynalisis, or logically. If the software you have available does not support clustering, I recommend exporting the transactions of the addresses you want from Etherscan.io and then merging multiple tables into one. After aggregating the addresses into a cluster, in our case we were able to understand the approximate volume of the thefts committed and also find out information about which exchanges the money from those thefts was being withdrawn to. We also learned that around a million dollars had been withdrawn to Tornado.Cash, which is a ready-made money laundering charge in some jurisdictions! Original text and other information on OSINT is available at>>>>
  2. ИНСТРУМЕНТЫ ДЛЯ OSINT 2022 (часть 2) Первую часть списка, содержащую более 600 инструментов для OSINT, можно найти здесь>> Браузерные расширения для OSINT Поиск в двух разных поисковых системах доменов электронной почты и поиск в фотопоисковой системе других сервисов. • Double Shot Search ( https://chrome.google.com/webstore/d...lhdnfdpdogdhop ) - это расширение для Chrome, которое удваивает ваш поиск. Вы можете искать одновременно в Bing и Google. Найдите адреса электронной почты за считанные секунды • Hunter (Email Hunter) ( http://hunter.io ) - сервис, который найдет адреса электронной почты, связанные с определенным доменом. Также с помощью этого инструмента можно найти адрес электронной почты по фамилии за пару секунд. • RevEye ( https://chrome.google.com/webstore/d...nmpiklalfhelgf ) - расширение для Chrome с открытым исходным кодом, которое пробивает фотографию с помощью Google, Bing, Yandex и TinEye. • Namechk ( https://namechk.com ) Username and Domain Name Checker - Search All Domain Names and User Names to see if they're available) - сайт, который найдет все аккаунты человека во всех социальных сетях и мессенджерах. Достаточно ввести его ник в одной социальной сети, и тот же ник будет найден в другой. Поиск цели по IP и MAC-адресу - OSINT Друзья, сегодня я подготовил для вас очень полезную подборку ресурсов, благодаря которым вы сможете найти информацию о вашей цели с IP или MAC адресом. • HostHunter ( https://github.com/SpiderLabs/HostHunter ) • обнаруживает и извлекает имена хостов из набора целевых IP-адресов; • Cyberhubarchive ( https://github.com/cyberhubarchive/archive ) - архив утечек данных, в нем есть IP-адреса аккаунтов Skype; • Iknowwhatyoudownload (торрент-загрузки и раздачи для IP 54.91.109.76 http://iknowwhatyoudownload.com/ ) - показывает, что скачивается в Интернете; • Recon ( https://recon.secapps.com/ ) - автоматический поиск и отображение ссылок; • Извините. Вы не используете Tor. - найдет список всех исходящих узлов Tor за последние 16 часов, которые могли достичь IP; • Reverse IP, NS, MX, WHOIS и Search Tools (https://dnslytics.com/reverse-ip ) - найдет домены; • @iptools_robot - бот для быстрого поиска информации об ip адресах, найдет whois, реальный IP за Cloudflare, порты и многое другое; • Welcome to Tor Metrics ( http://metrics.torproject.org ) - проверяет, использовался ли IP-адрес в качестве хоста для Tor-трафика, требует дату; Компиляция сервисов для компьютерной разведки OSINTСписок сервисов и утилит, созданных для анализа таких данных, как IP, SSID, метаданные файлов, записи DNS и всего, где объектом анализа является элемент IT-структуры, будь то сайт или IP-адрес.• Whatsmydns ( https://www.whatsmydns.net/ ) - проверка DNS записей сайта (включая скрытые).• dns recon and research, find and lookup dns records ( http://dnsdumpster.com/ ) - Данные о сайте, включая местоположение хостинга и владельца, а также другие данные.• xinit.ru ( https://xinit.ru/bs ) - проверка домена или IP-адреса по whois; получение снимков из кэша Google и данных из веб-архива; сервисы и протоколы на сервере; заголовки ответов HTTP; ссылки со страниц сайта на хосте; адреса электронной почты домена; проверка сайта на VirusTotal; показ реального IP-адреса за Cloudflare; DNS-инфраструктура сайта.• URL и сканер сайтов ( http://urlscan.io/ ) - проверяет, кому выдан TLS-сертификат и какие IP-адреса связаны с сайтом.• PDFCandy ( https://pdfcandy.com/edit-pdf-meta.html ) - сервис дает возможность извлекать и изменять метаданные PDF.• Wigle ( https://wigle.net/ ) - может показать SSID и BSSID точек доступа Wi-Fi на карте.• PublicWWW ( http://publicwww.com/ ) - сервис осуществляет поиск исходного кода страниц. Находит никнеймы, ссылки в коде, совпадающие иконки сайтов, что позволяет искать двойников; находить любые похожие ID или фразы, кошельки, токены, также позволяет находить поставщиков рекламных виджетов и т.д.• Metadata2Go ( https://www.get-metadata.com ) - помогает узнать все метаданные файла.• HostHunter ( https://github.com/SpiderLabs/HostHunter ) - поиск доменных имен по набору IP-адресов.• Knock Subdomain Scan ( https://github.com/guelfoweb/knock ) - перебирает поддомены на целевом домене и может генерировать выходной файл с результатами. Поиск данных человека по номеру банковской карты - OSINT. Бывают ситуации, когда нас обманывают мошенники, имея на руках только номер карты.Поиск через мобильный банкМы пытаемся сделать перевод через мобильное приложение нашего банка. В этом случае желательно, чтобы и вы, и объект поиска пользовались одним и тем же крупным банком, например, Сбером.Но здесь это вопрос везения.Если звезды сошлись, банковский интерфейс выдаст нам имя владельца карты.Поиск через специальные сервисыВ сети существуют десятки сервисов, позволяющих найти конкретную информацию по номеру карты.Это может быть название банка, тип карты или регион проживания владельца.• bincheck.io ( https://bincheck.io )• bincheck.org ( https://bincheck.org/ )• freebinchecker.com (https://www.freebinchecker.com )Этот сервис позволяет проверить тип вашей кредитной дебетовой карты и другие данные.• binlist.net ( https://binlist.net )• psm7.com ( https://psm7.com/bin-card ) Проверка биткоин кошелька - OSINT[/color] Уже ни для кого не секрет, что биткоин не так анонимен, как многие думают. Баланс кошелька и все его переводы можно легко отследить. Именно поэтому существует список некоторых сервисов, которые могут помочь в этом.• Bitref ( https://bitref.com ) - Верификация биткоин-кошелька.• Block Explorer ( https://blockexplorer.com ) - Block Explorer, позволяет отслеживать, куда и когда уходят деньги с вашего биткоин-кошелька.• Blockchain ( https://www.blockchain.com/ru/explorer ) - Block Explorer, также позволяет отслеживать транзакции в вашем кошельке.• Cryptocurrency Alerting ( https://cryptocurrencyalerting.com/wallet-watch.html ) - Сервис, позволяющий устанавливать уведомления об активности вашего адреса.• Blockseer ( https://www.blockseer.com ) - Визуализация связей между адресами, участвующими в транзакциях. Вычисление жертвы по фотооснове. • Photo Sherlock ( https://t.me/BrainHaking2_0ENG/72 ) - Приложение обеспечивает поиск фотографий из камеры или галереи. С его помощью можно найти информацию о фотографии в Интернете, например, проверить, кому на самом деле принадлежит фотография из социальной сети (проверка на поддельные изображения).Модификация получила Premium, убрана реклама и мусор. Незаменимая вещь для любого OSINT'ера.• Search4faces.com ( https://search4faces.com )- бесплатный сервис для поиска лиц в социальных сетях. В настоящее время существует 4 базы изображений:1 миллиард 109 миллионов 563 тысячи аватаров VK.com;280 миллионов 781 тысяча аватаров из Vk.com + Odnoklassniki.com;125 миллионов 443 тысячи аватаров из TikTok;4 миллиона 594 тысячи аватаров от ClubHouse;Поиск можно осуществлять не только по фотографии, но и по любому другому изображению человеческого лица. Например, по фотографии или фотороботу. Инструменты OSINT (часть 1) более 6000 инструментов>>>>
  3. OSINT TOOLS 2022 (Part 2) The first part of the list, which contains more than 600 tools for OSINT, can be found here>>> Browser extensions for OSINT Search two different search engines for email domains and search photo search engine for other services.• Double Shot Search ( https://chrome.google.com/webstore/detail/double-shot-search-query/kddlkbpbepnaepdleclhdnfdpdogdhop ) is a Chrome extension that doubles your search. You can search on both Bing and Google at the same time.Find email addresses in seconds• Hunter (Email Hunter) ( http://hunter.io ) a service that will find e-mail addresses associated with a particular domain. Also, you can use this tool to find an email address by last name in a couple of seconds.• RevEye ( https://chrome.google.com/webstore/detail/reveye-reverse-image-sear/keaaclcjhehbbapnphnmpiklalfhelgf ) is an open-source Chrome extension that punches in a photo using Google, Bing, Yandex and TinEye.• Namechk ( https://namechk.com ) Username and Domain Name Checker - Search All Domain Names and User Names to see if they're available ) is a site that will find all the accounts of a person in all social networks and messengers. It is enough to enter his nickname in one social network and the same nickname will be found in the other one. Finding a Target by IP and MAC Address - OSINT Folks, today I have prepared for you a very useful collection of resources, thanks to which you can find information about your target with IP or MAC address.•HostHunter ( https://github.com/SpiderLabs/HostHunter ) - Discovers and extracts host names from a set of target IP addresses;•Cyberhubarchive ( https://github.com/cyberhubarchive/archive ) - archive of leaked data, it has IP addresses of Skype accounts;Iknowwhatyoudownload (Torrent downloads and distributions for IP 54.91.109.76 http://iknowwhatyoudownload.com/ ) - shows what is being downloaded online;•Recon ( https://recon.secapps.com/ ) - automatic search and link mapping;•Sorry. You are not using Tor. - will find a list of all Tor outbound nodes in the last 16 hours that could reach an IP;•Reverse IP, NS, MX, WHOIS and Search Tools (https://dnslytics.com/reverse-ip ) - will find domains;•@iptools_robot - bot to quickly find ip address information, will find whois, real IP behind Cloudflare, ports and more;•Welcome to Tor Metrics ( http://metrics.torproject.org ) - checks if the IP address was used as a host for Tor traffic, requires a date;Compilation of services for OSINT computer intelligenceList of services and utilities created for analysis of such data as IP, SSID, file metadata, DNS records, and everything where the object of analysis is an element of IT structure, be it a site or IP address.•Whatsmydns ( https://www.whatsmydns.net/ ) - Check DNS records of the site (including hidden ones).•dns recon and research, find and lookup dns records ( http://dnsdumpster.com/ ) - Site data including hosting location and owner location, as well as other data.•xinit.ru ( https://xinit.ru/bs ) - check domain or IP address by whois; get snapshots from Google cache and data from web archive; services and protocols on server; HTTP response headers; links from site pages on host; email addresses of domain; check site on VirusTotal; show real IP address behind Cloudflare; DNS infrastructure of site.•URL and website scanner ( http://urlscan.io/ ) - checks who is issued a TLS certificate and which IP addresses are associated with the site.•PDFCandy ( https://pdfcandy.com/edit-pdf-meta.html ) - service gives you the ability to extract and modify PDF metadata.•Wigle ( https://wigle.net/ ) - can show you the SSID and BSSID of the Wi-Fi hotspots on the map.•PublicWWW ( http://publicwww.com/ ) - service searches the source code of pages. Finds nicknames, references in code, matching website icons, that allows looking for twins; find any similar IDs or phrases, wallets, tokens, also allows finding advertising widgets providers, etc.•Metadata2Go ( https://www.get-metadata.com ) - helps to find out all the metadata of a file.•HostHunter ( https://github.com/SpiderLabs/HostHunter ) - searches domain names for a set of IP addresses.•Knock Subdomain Scan ( https://github.com/guelfoweb/knock )- Crawls subdomains on the target domain and can generate an output file with results. Looking for a person's details from a bank card number - OSINT. There are situations where we get scammed by fraudsters with only the card number in hand.Search through mobile bankingWe try to make a transfer through our bank's mobile application. In this case, it is desirable that both you and the object of the search used the same major bank such as Sber.But here it is a matter of luck.If the stars are aligned, the banking interface will give us the name of the cardholder.Search through special servicesThere are dozens of services on the net that allow you to find specific information by card number.It can be a name of a bank, a type of card or a region the owner lives in.•bincheck.io ( https://bincheck.io )•bincheck.org ( https://bincheck.org/ )•freebinchecker.com (https://www.freebinchecker.com )This service allows you to check your credit debit card type and other details.•binlist.net ( https://binlist.net )•psm7.com ( https://psm7.com/bin-card ) Bitcoin Bitcoin wallet checker - OSINT It is no longer a secret that bitcoin is not as anonymous as many people think. The balance of a wallet and all of its transfers can easily be tracked. That's why there is a list of some services that can help with this.•Bitref ( https://bitref.com ) - Bitcoin wallet verification.•Block Explorer ( https://blockexplorer.com ) - Block Explorer, allows you to track where and when your bitcoin wallet's money goes.•Blockchain ( https://www.blockchain.com/ru/explorer ) - Block Explorer, also allows you to track transactions in your wallet.•Cryptocurrency Alerting ( https://cryptocurrencyalerting.com/wallet-watch.html ) - Service allowing you to set notifications about activity of your address.•Blockseer ( https://www.blockseer.com ) - Visualisation of links between addresses involved in transactions. Picking up the victim by photo-OSINT. •Photo Sherlock ( https://t.me/BrainHaking2_0ENG/72 ) - The application provides a photo search from the camera or gallery. You can use it to find information about a picture on the Internet, for example to check who really owns a photo from a social network (check for fake images).The modification got Premium, removed ads and rubbish. An indispensable thing for any OSINT'er.•Search4faces.com ( https://search4faces.com )- free service for searching faces in social networks. Currently there are 4 image bases:1 billion 109 million 563 thousand VK.com avatars;280 million 781 thousand avatars from Vk.com + Odnoklassniki.com;125 million 443 thousand avatars from TikTok;4 million 594 thousand avatars from ClubHouse;You can search not only by photo but also by any other image of a human face. For example, from a picture or a sketch.Get one-touch information about a picture on the Internet! OSINT 2022 TOOLS (Part 1) more than 6000 tools>>>>
×
×
  • Create New...