OPEN SOURCE

INTELLIGENCE
(OSINT)
Open-source intelligence is the collection and
analysis of data gathered from open sources to
produce actionable intelligence.
Maltego case filing tool
https://www.maltego.com/downloads/
 OSINT Tools to investigate various Cyber Crimes
A. Mobile Number OSINT

1. True caller (https://www.truecaller.com/) you will get name as well as email id of that
person.
2. Eyecon mobile app
3. Payments app (Google pay/phone pe/Paytm)
4. If it’s available on any UPI payment app failed transition will give his/her UPI ID that will
guide you to his/her bank account through NPCI
5. Google search with double inverted comma symbol(”____”) that will give accurate and
wanted result
6. Allowing subscribers to confirm their registered numbers and remove numbers that
were registered without their knowledge. https://tafcop.dgtelecom.gov.in
7. Allowing subscribers to identify the sender of bulk SMS. (https://smsheader.trai.gov.in/)
8. To check out IMEI to mobile number (https://www.imei.info/)
9. Exodus analyses Android applications. It looks for embedded trackers and lists them. It
does not decompile applications, and its analysis technique is entirely legal.
https://reports.exodus-privacy.eu.org/en/
10) Operator info for virtual numbers (https://www.carrierlookup.com/) & for local number
(https://freecarrierlookup.com/)
11) MAC ID reverse (https://macvendors.com/)
12) Second IMIEI Number calculator
(https://docs.google.com/spreadsheets/d/1mgkxl65dLWISsyHpY_fbBGraeKsNxQKw/edit#gi
d=1607083094)
 B. Email id

1. To verify email id is genuine for fake

(https://centralops.net/co/EmailDossier.aspx)
2. Have I Been Pwned searches multiple data breaches to determine whether
your email address or phone number has been compromised or leaked?
(https://haveibeenpwned.com)
3. searches multiple data breaches to determine whether your email address or
phone number has been compromised or leaked? (https://intelx.io/)
4. Epieos tool to check out google review of questioned email or creaction
details (https://epieos.com/)
5. This tool will make email headers human readable. We can check the
complete email header.
(https://toolbox.googleapps.com/apps/messageheader/)
6. analyzed checks domain username on dozens of social media online
platforms. (https://whatsmyname.app/)
7. We can view the following information: location history, device information,
voice and audio activity, YouTube Search History, and YouTube Watch
History. (https://myactivity.google.com)
8. To Check content on gmail account (https://myaccount.google.com/)
9. Google takeout to extract data related gmail account
(https://takeout.google.com/)
10. To find out email address of organization (https://hunter.io/)
 C. Website/URL

1. To check complete URL details of short links. https://www.unshorten.it

2. Research domain ownership with Whois Lookup, i.e., get ownership info, IP address
history, rank, traffic, SEO & more. (https://www.whois.com/ /)
3. Archive-It enables capturing, managing, and searching digital content collections
without any technical expertise or hosting facilities. Check the old version of the
target website. (https://archive.org/)
4. To find out similar site and traffic over that website (https://www.similarweb.com/)
5. To check out list of domains through email id
(https://www.whoxy.com/email/2045581)
6. Ping command to find out IP Address of that any website
7. To find out IP Address details. (https://whois.arin.net/ui/)
8. Analyze suspicious files, domains, IPs and URLs to detect malware and other
breaches, automatically share them with the security community.
(https://www.virustotal.com/gui/home/upload)
9. Reverse IP/domain (https://viewdns.info/reverseip/)
10. To check google Adsense (https://domainstats.com/pub-2369636114955136)
 D. Image forensics

1. TinEye is an image search and recognition company. In simple terms, it’s a way
of fact-checking an image published online (Reverse Image Check).
(https://www.tineye.com)
2. Google reverse image for same purpose.
3. View Exif Data is a tool for extracting the Exif metadata that is embedded in
photos taken with digital cameras and stored as images; we can get (Date /
Camera / Location etc., where it was taken). (https://exifdata.com/)
4. Photo forensic tool (https://fotoforensics.com/)
5. Forensically Beta (https://29a.ch/photo-forensics/#forensic-magnifier)
6. Check any files metadata (https://www.metadata2go.com/)
 E. Corporate investigation tools

1. To check out company information i.e. director, incorporation date, register address, email
id etc. (https://www.zaubacorp.com/) for international (https://opencorporates.com/)
2. Company details on Ministry of Corporate Affairs
(https://www.mca.gov.in/mcafoportal/viewCompanyMasterData.do)
3. Check companay details through GSTIN Number
(https://services.gst.gov.in/services/searchtp)
 E. Social Media Investigation

1. list down all social media posts (https://www.hashatit.com/

2. Tweets searching on geo location (https://www.heavy.ai/demos/tweetmap
3. & https://onemilliontweetmap.com & near:mumbai within:50km filter:images
4. Sentimental analysis twitter (https://socialbearing.com/
5. To track down particular hashtags (TrackMyHashtag.com
6. To Compare twitter user (https://followerwonk.com/compare
7. User behaviours analysis (https://accountanalysis.lucahammer.com
8. &Foller.me
9. You can then search for the tweets containing keywords of interest, and/or save the entire
page as html(https://www.allmytweets.net/
10. User account analysis (www.gramhir.com & https://www.picuki.com/
11. Google dork (site:instagram.com "kiran pawar“)
12. Facebook live video
(https://www.facebook.com/search/videos/?q=Sydney&epa=FILTERS&filters=eyJ2aW
Rlb3Nfc291cmNlIjoie1wibmFtZVwiOlwidmlkZW9zX2xpdmVcIixcImFyZ3NcIjpcIlwifSJ9
13. Telegram Channels (https://www.lyzem.com/ & https://intelx.io/tools?tab=telegram
14. YouTube comment (https://youtube-comments.netlify.app/ & By using keywords can search
YouTube user and channel (https://ytcomment.kmcat.uk/
15. For page alerts (https://www.followthatpage.com/
16. Snap map to recent post geo location. (https://map.snapchat.com/) & Multi view
Other Open source investigation tools

1. To trace criminal by sending link (https://grabify.link/)

2. Google lens (https://trends.google.com/trends/trendingsearches/daily?geo=IN
3. Google alerts (https://www.google.com/alerts & https://www.talkwalker.com/alerts
4. Google Trends (https://trends.google.com/trends/trendingsearches/daily?geo=IN
5. Check whether condition (https://www.windy.com/19.073/72.883?18.482,72.883,8,m:ecWaicD
6. Google maps satellite view
(https://www.google.co.in/maps/@19.1102976,72.8891392,23375m/data=!3m1!1e3)
7. Street View (https://www.google.co.in/maps)
8. Flights live locations (https://flightaware.com/live/)
9. Marine traffic (https://www.marinetraffic.com/en/ais/home/shipid:681382/zoom:12)
10. Disaster prediction https://www.ventusky.com/?p=55;108;1&l=gust
11. Car Info app for vehicle details
12. Fake accounts (https://www.fakenamegenerator.com/gen-male-is-us.php
13. Profile pic (https://thispersondoesnotexist.com/
14. Resum (https://thisresumedoesnotexist.com/
 CASE STUDY

THOP TV Online Piracy Case

 THOP TV Online Piracy Case
• The pirated media streaming application called ThopTV.apk had intercepted
paid media content (Inclusive adult content) of over more than 20+ OTT
platforms of India and other countries where the, media was made available
to masses.

• As it has caused huge losses in crores to media houses and Indian

government in terms of Tax.

• Maharashtra Cyber registered FIR against this media streaming application

under section 420 IPC r/w section 43, 66, 66(B) of Information Technology act
2000, Section 63 of The Copyright Act 1957.

• Complainant
1) Star India Pvt. Ltd.
2) Viacom18 Media Pvt. Ltd.

| Maharashtra Cyber
THOP TV Online Piracy Case
Distribution of THOP TV APK file
through the various third-party
app stores, official websites and
telegram official channel
Modus Operandi
Through THOP TV APP, it made
freely available more than 300
Indian and International TV
channels, movies, TV shows, OTT
content, Sports, web-series
As the content was pirated within
hours after it was posted by the
official platform as well they
implemented a premium
subscription model of 30 rupees
per month.
Premium subscription model
operated through various dealer
in different states who accepted
payments through UPI which was
later send to the THOP TV APP
owner in form of Virtual currency.
| Maharashtra Cyber
 Piracy Investigation
Found Premium Service option in the
Telegram app which redirected to Official
THOP TV Telegram Channel which have more
than 343K subscribers having a BOT reverting
System to all users for premium subscription.
Investigation of the dealer revealed that the final
payment was done to THOP TV handler via Virtual
Money , Found virtual account address of THOP
TV handler where he received payments from all
dealers via BINANCE Trading APK
Data collected from (archive.org) gives
us detailed information about the
suspect which were further found
linked with the virtual money wallet.
Searched for THOP TV .apk file on
01 various Platforms of internet i.e. Social
Media, Google, Telegram, etc.
02
Found more than 15 Dealers of different states and
03 their individual UPI IDs created using KYC details.
04
With the use of OSINT Tools Found Website
05 Domain (www.thop.in), and also the social media
Accounts. Performed Further investigation for the
domain search and the backlogs of the apk. Found
06 the name and the Contact number of the accused i.e
Developer.
| Maharashtra Cyber
 Piracy Investigation

Issued Notice U/S 91 notice to Binance

Received KYC, Phone Number and
Transaction Details from Bitcoin of
the suspect.
07 Bitcoin exchange to provide Wallet &
subscriber details found from the
dealers.
08
09 Suspended 3 Bitcoin Trading accounts
& 12 bank accounts were seized.

CDR analysis also confirmed the link

between the dealer and the handler of the 10
THOP TV done using Mobile number Found Resident address of the suspect
registered in BINANCE account.
11 from Swiggy food delivery app and finally
arrested the Accused
Investigation is in progress we
identified two more partner will 12
arrest them soon.

| Maharashtra Cyber
News Reports

| Maharashtra Cyber
OFFICE OF SPL. INSPECTOR GENERAL OF POLICE, CYBER
Maharashtra cyber, 32nd Floor, World Trade Centre,
Cuffe Parade, Mumbai, Maharashtra India – 400005
www.cybercrime.gov.in
Phone No: 022-22160080