---

WebOsint

Difficulty = Easy

---

Hola👋 Welcome back. Here is a walkthrough on WebOsint based on TryHackMe. It covers learning how to conduct basic open source intelligence research on a website.

What is WebOsint all about 🤔 ?

WebOSINT stands for “Web Open Source Intelligence.” It refers to the practice of gathering intelligence or information from publicly available online sources. This can include social media platforms, websites, forums, blogs, public databases, and any other online resources where information is openly accessible.

---

Task 1: When A Website Does Not Exist

The first thing we do when we are given the name of a website/business to check out is fire up the ol’ web browser, find the website, and check it out, right?

What if the website, or even the entire business, no longer exists?

That does NOT mean it’s the end of the road. So let’s begin. This OSINT challenge starts off by focusing on a domain called RepublicofKoffee.com. It should be noted that when this challenge was created, the website related to that domain did not exist. Our job is to find as much information as you can about the website RepublicofKoffee.com. Let’s get started and look for information that we can find from the website.

Q1: Click To Complete

• Answer: No Answer Needed

---

Task 2: Whois Registration

Just because nothing shows up when you visit RepublicOfKoffee.com, doesn’t mean that someone doesn’t own the domain. We can confirm the current registration status with a WHOIS lookup. A ‘WHOIS’ lookup is the most basic form of domain reconnaissance available. There are multiple websites that will do it for you as well.

Q1: What is the name of the company the domain was registered with?

• First, let’s look up the domain name using the WHOIS website.

The WHOIS tool is used to retrieve information about domain names, including registration details, the domain owner’s contact information, registration and expiration dates, name server information, and more.

• Answer: Namecheap Inc

Q2: What phone number is listed for the registration company? (do not include country code or special characters/spaces)

• We can gather a lot of information about the website by using the tools

• Answer: 9854014545

Q3: What is the first nameserver listed for the site?

• Answer: ns1.brainydns.com

Q4: What is listed for the name of the registrant?

• Answer: redacted for privacy

Q5: What country is listed for the registrant?

• We got the name of the country, which is ‘IS,’ but that is a short code for a country. By using this website, we can determine that the country is Iceland or by conducting research on the city Reykjavik, which is the capital of Iceland.

• Answer: Iceland

---

Task 3: Ghosts of Websites Past

Don’t be discouraged if your initial searches on a website yield no results. That’s where Archive.org and the Internet Wayback Machine come into play.

What is Internet Wayback Machine 🚙 ?

The Wayback Machine, is an online digital archive maintained by the Internet Archive. It stores snapshots of web pages taken at various points in time, allowing users to access historical versions of websites. This archive enables users to view how websites looked and what content they contained at different points in the past. It serves as a valuable resource for research, historical preservation, and accessing information that may have been removed or changed on the live web.

• Looking at the historical information available for the site, you should be able to answer the following questions:

Q1: What is the first name of the blog’s author?

• I entered the domain name into the Wayback Machine and found the website. It was a blogging site. I opened one of the blogs and discovered the name of the author.

• Answer: Steve

Q2: What city and country was the author writing from?

• By reading each and every blog, one consistent detail was the mention of the city name “Gwangju.” Upon conducting research, it was found to be located in South Korea.

• Answer: Gwangju, South Korea

Q3: [Research] What is the name (in English) of the temple inside the National Park the author frequently visits?

• I got one blog where the author mentioned finding himself having a meeting in Mudeungsan National Park in Gwangju. By conducting research, I found the English name.

• Answer: Jeungsimsa Temple

---

Task 4: Digging into DNS

So far we’ve gathered some good info about the content that was on our target website, even though it hasn’t been live for several years. But what about technical details? That’s where ViewDNS.info comes in.

ViewDNS.info is a website offering tools and services related to DNS and domain information. It allows users to look up domain details, perform reverse IP lookups, check DNS propagation status, generate DNS reports, and conduct domain research. It’s a valuable resource for gathering domain-related information and troubleshooting DNS issues.

• Take a look at the search options available and we can answer the question below:

Q1: What was RepublicOfKoffee.com’s IP address as of October 2016?

• Use the IP History tool, which shows the historical IP addresses associated with a domain.

• Answer: 173.248.188.152

Q2: Based on the other domains hosted on the same IP address, what kind of hosting service can we safely assume our target uses?

• There are 82 domains hosted on the server.

• But we get that. By checking the hint question: What kind of hosting plan is usually used by websites on a tight budget that don’t have a lot of visitors? The answer is shared because Shared hosting is a type of web hosting service where multiple websites are hosted on a single physical server. Click Here to learn more.

• Answer: Shared

---

Task 5: Taking Off The Training Wheels

• We are given a domain heat.net to use all the skills we have learned so far to answer the question 😂

Q1: What is the second nameserver listed for the domain?

• Using the WHOIS tool, we found the second name server.

• Answer: NS2.HEAT.NET

Q2: What IP address was the domain listed on as of December 2011?

• Hmm… that will be IP history, right? By using the ViewDNS.info tools

• Answer: 72.52.192.240

Q3: Based on domains that share the same IP, what kind of hosting service is the domain owner using?

• Using the current IP, I utilized the Reverse IP Lookup tool and found that this was also likely SHARED.

• Answer: Shared

Q4: On what date did was the site first captured by the internet archive? (MM/DD/YY format)

• Using the Wayback Machine, we can see that the domain was captured over 834 times between June 1, 1997, and March 15, 2024

• Answer: 06/01/97

Q5: What is the first sentence of the first body paragraph from the final capture of 2001?

• July 6, 2001, is the last capture for 2001. Checking the snapshot, we have:

• Answer: After years of great online gaming, it’s time to say good-bye.

Q6: Using your search engine skills, what was the name of the company that was responsible for the original version of the site?

• Answer: SegaSoft

Q7: What does the first header on the site on the last capture of 2010 say?

• The last capture was on December 31, 2010.

• Answer: Heat.net – Heating and Cooling

---

Task 6: Taking A Peek Under The Hood Of A Website

Often, clues about a website and its creator/owner may be unintentionally left behind in the source code of the website. Pretty much every web browser will have a method of doing this. By viewing the page source of a website, we could get more information about it. These following questions refer to heat.net/36/need-to-hire-a-commercial-heating-contractor/

Q1: How many internal links are in the text of the article?

• This task is quite simple. Just go through the text and count the links. You can tell if they’re internal by hovering over them and seeing where they lead. If they take you to another page on heat.net, they’re internal links.

• Answer: 5

Q2: How many external links are in the text of the article?

• Answer: 1

Q3: Website in the article’s only external link ( that isn’t an ad)

• the external link lead us to purchase.org

Q4: Try to find the Google Analytics code linked to the site

• For this question, right-click anywhere on the page and select “View Page Source.”
• Use Ctrl+F to search for ‘UA-‘.

• Answer: UA-251372-24

Q5: Is the the Google Analytics code in use on another website? Yay or nay

• You can use nerdydata to search for the Google Adsense ID.
• Here we can see that only one website is using it:

• Answer: nay

Q6: Does the link to this website have any obvious affiliate codes embedded with it? Yay or Nay

• No I searched for href and there was no any affiliate links
• Answer: nay

---

Task 7: Final Exam: Connect the Dots

Q1: Use the tools in Task 4 to confirm the link between the two sites. Try hard to figure it out without the hint.

• I used viewdns.info to compare the results of both the domains heat.net and purchase.org. One common finding was that the owner of both companies was Liquid Web, L.L.C.

• Answer: Liquid Web, L.L.C

---

Task 8: Debriefing

• Answer: No Answer Needed

---

Task 9: Wrap-up

• Answer: No Answer Needed

And we are done 👋! That’s all, friends. Thank you for reading up to this point. I would like to hear your feedback on anything not clear here. Here is my Twitter account @T3chnocr4t. Feel free to DM me if you have any issues with my write-up. Thanks!

Go Back Home