Performs OSINT on Thomas Straussman (OSINT Challenge)
Today, we will try out some TryHackMe OSINT challenge on a target named “Thomas Straussman” that’s suspected cheating on his wife.
Story
Before we start, let’s check out the scenario:
Based on the background information, a mysterious person under the moniker “H” want us to investigate a suspected cheater “Thomas Straussman”.
Thomas Straussman’s wife(Francesca Hodgerint) sense that her husband acting suspiciously lately & want us to investigate her husband. Over here what we get is only her husband name.
So let’s start our investigation.
Start with Google Dorking
We can start doing an OSINT on the target with Google Dorking. From the 1st result, we’ve just found a Twitter account but we’re not sure is that the target’s account we’re doing investigation on.
So now let’s check the Twitter account. From here it seems like we’ve just found the correct Twitter account of our target as his beloved one is Francesca(our target’s wife). From here we can extract the Twitter handler of our target “TStraussman”.
Thomas’s Favorite Holiday
If we look closely on the target’s bio, we’ll notice that the target really likes Christmas. So the favorite holiday of the target are Christmas.
Thomas’s Birth Date
Now we’ve found the username that our target used in social media, let’s do another Google Dorking with the username “TStraussman”.
By doing Google Dorking on the username, we able to retrieved our target another account from Reddit.
Let’s check out our target’s Reddit account.
Over here, it seems like our target shared a post on Reddit that thanks everyone that wish him happy birthday on his 30th birthday. The Date, Time & “30 yrs to me” are the one we should be focusing right now as this post had been posted on the same day our target birthday.
If you noticed that the timezone that shown there actually follows my machine timezone. So in order to get the exact time that our target posted the post, we need to convert back to our target timezone.
First, we check back our target Twitter & we found that our target are living in “Nuuk, Greenland”.
Now, let’s use an online timezone converter to change our timezone to match the target timezone. So here we can see that in Nuuk’s timezone, it should be the previous day.
Now after the calculation, we can get the exact birth date of our target which will be December 20th 1990.
Thomas’s Fiancee’s Twitter handle
Now let’s check out the target Followings & we’ve found the target wife’s twitter handler “@FHodgelink”.
Thomas’s Background Picture of??
Thomas’s background picture are a Buddha actually.
If you’re not familiar with the image shown in the picture, we can just do a reverse image search with Yandex.
Enumerating Our Target Private Life
Now we’ve the accounts of our target, let’s continue check out where does our target goes recently. In the target’s wife Twitter account it seems that she’s on a vacation with her husband “Thomas”.
Finding The Location in the Image
To check out where does this place in the image belongs to, let’s use the reverse image searching technique again.
From the Yandex 2nd search result it seems that the place in the image located in Koblenz, German.
If we check out the location in Google Map, it seems like this place is called Deutsches Eck.
We dive in closer to it & yes it’s exactly where our target & his wife we’re during their vacation. So the place that our target went for a vacation recently are in Koblenz, Germany.
Francesca’s Mother Birth Date
From one of our target’s wife Twitter post, it seems like she wish everyone Merry Christmas & her mother Happy Birthday. So from here we know that her mother’s birthday was on the 25th of December.
Our Target’s Pet Name
We continue enumerate our target’s wife Twitter & we found that their favorite cat name “Gotank”.
Francesca’s Favorite TV Series
Another Twitter post here shows that his’s wife keep on posting something related to the hashtag of “90DayFiance”.
If we Google it, we found that “90DayFiance” belongs to a TV Series named “90 Day Fiancé”. So we can say that our target’s wife really like this TV Series as she keep on posting something related to the TV Series.
Finding Connections To Our Target
Now, let’s take a look on our target Reddit account. In our target Reddit account, there’s only 1 post with the title “Big thank you!”. If we check out the comments, there’s nothing much we can get.
Finding Another Person Connected With Our Target
So let’s assume that probably someone comment on the target’s Reddit post & removed the comment, to get the older comments that deleted from the post, we can check it out from the WayBack machine.
If we check it out from the WayBack result, we notice that there’s only a few records that had been recorded. So, to get the older results from the Reddit, we need to use old.reddit.com this subdomain.
Now, let’s try it out with old.reddit.com & we can see that there’s more records for the Reddit post! Now let’s dive into it to enumerate.
In the 21st of December, the WayBack recorded 1 mysterious comment from minikhans user commenting in our target Reddit post. The minikhans user did mentioned that he’s Hans from work, so we could assume that Hans is a coworker with our target.
If we take a look on Hans’s reddit, we found out that recently he just got a job thanks to the help of Thomas which is our target.
Gather Hans Information
If we check out from Hans’s Reddit bio, we can extract some more information about it.
Birthday: 20th of December
Location Live: Nuuk, Greenland
If you don’t know what city does Nuuk belongs to, we can just use Google again & found out that Nuuk is the Capital of Greenland.
1st evidence of our target cheating
Now let’s check out is there any deleted post from Hans’s Reddit using WayBack machine again & we found out that in 10th of February from WayBack machine records, there’s a post name “dissapointed” posted by Hans. What did he even disappointed to we might be thinking?
Further checking out on the post, we found a pastebin link.
In the pastebin link, we notice that it seems like a Email format output, from Hans to Thomas(our target). Here it subjected as Payment. It seems that Hans just found out something from our target’s computer & Hans needs money(a lot of it). It seems that Hans wanted to ransom our target. Let’s take a look the password protected pastebin with the credential given.
In the pastebin, we can extract our target email “straussmanthom@mail.com”.
So it looks like our target have an affair with Emilia Moller. Bingo! No wonder our target’s wife felt that her husband is cheating on her.
2nd evidence of our target cheating
In 23rd of March WayBack machine records, we found another Hans’s Reddit post name it as “Dissapointed 2 Electric Boogaloo” with a ghostbin link. Let’s take a look on it.
From the ghostbin, we finally able to extract Hans Full Name “Hans Minik”. The subject named “Your Secret”. In the content, Hans had just slipped a piece of paper under our target desk with the ransom amount that Hans need. With the amount of ransom paid, Hans will stay silent about the affair case that our target having with Emilia Moller.
Taking a look on the next password protected ghostbin link, we found another evidence that our target “Thomas” have an affair with Emilia Moller & it mentioned that he’s having a wonderful time with Emilia Moller more than the time it spent with his wife “Francesca”. Ahah our target even bank-in $9,000 into Emilia Moller’s bank account.
In this ghostbin, we can retrieve Emilia Moller’s email address too “molleremi@mail.com”.
Conclude
With all these evidence, we can conclude that Thomas Straussman are cheating on Francesca Hodgelink by having an affair with Emilia Moller. Now let’s pass these evidence we found back to our client. Close case.
Here’s a graph that I drawn during the OSINT process on Thomas Straussman to let you guys understand the connections of each of the small dots.
To have a clearer picture, I’ve uploaded it in my GitHub => Link
If you guys wanted to try this OSINT challenge out, you can pay TryHackMe: KaffeeSec-SoMeSINT room a visit.
