OSINT

Open-source intelligence (OSINT) is the practice of gathering information from public sources, not necessarily free.  There are more sources than you can imagine, from paid data providers, collaborative community reporting techniques often known as blacklists, sometimes published as source code data projects or found on public websites.

Many OSINT tools are open source, but open source data does not mean free data or quality data.  It just means public.  And public in this case doesn't mean you can just see and use it, much of the OSINT data in the world is collected, sanitized, tested for accuracy and then put behind a paywall.

Use Cases for OSINT Networking Data

Fighting Signup Fraud

One use case for OSINT data is signup fraud.  A handful of signals are needed to make a decision.  An IP address and an email domain will tell you if this identity is trying to be anonymous, using Tor/VPN/Proxy or a disposable email service provider.  HaveIBeenPwned can tell you if the email address has been involved in a data breach within a timeframe.  The WhoAMI Co-op can tell you whether an email is being used on other services for fraudulent purposes so you can take action on your platform.

Battling Bots and/or Artificial Intelligence (AI)

One use case for OSINT data is figuring out who is a human and what isn't.  There's OSINT data available to tell us what IP address ranges are owned by cloud service providers and which may be residential butOSINT reported as bots.  Combining browser identity, network fingerprint, and non-human use machinery provides the starting point for stopping bots from posting in your forum.

Credential Sharing

This use case has some overlap with battling bots.  A human passes all your tests and gets inside your paywall and then either shares the credentials with another human or with a bot.  Combining network fingerprint (latency, geo, and blacklists) and then comparing the fingerprint between signup and use of your product will tell you pretty quickly if an identity needs to be investigated.

OSINTAMI Products

NODS API

Our OSINT networking data has many uses, from fraudulent signup detection, known attack vectors, real time forum bot detection, account credential sharing,  demand generation, to targeting media audience data enhancement.  

Our rules are based on one or more data items from one or more data sources, as appropriate.  For example the isHuman rule is comprised of isCloud and isBot, and the isCloud rule is comprised of seven data providers answers and the isBot rule is comprised of four data providers answers.  Rules can be nested as needed, even across categories to give a single API for checking for bots or a safe signup comprised of IP, email, phone number, etc. in a single rule. 

NODS data is broken up in to five categories incorporating almost fifty data sources, refreshed based on how quickly the remote or local data source becomes irrelevant.  Thousands of hours have gone into finding and curating the highest quality OSINT data available and writing adapters to normalize the data access into a single data API.

Data is accessed via a URI scheme consisting of a category, a data source, and a name.  There are six categories of data items and complex data items may cross multiple categories.

Categories

• IP address

• Email

• Domain

• Phone

• User-Agent

• Complex

Rules

There are a dozen rules already written help fight fraud and the botnet.  These data items my require input data across one or more categories to process and can be combined into even more sophisticated rules.

• isHuman

• isAnonymous

• isTor

• isBot

• isCloud

• isProxy

• isVPN

• isBlacklisted

• isUSA

• email.hasRecentBreach

• domain.isNefarius

• phone.isBurner

• signup.isSignupSafe (email, domain, ip)

Examples

Schema

Let's start with accessing the data dictionary or schema.

curl https://api.osintami.com/data/schema -H "X-Api-Key: xxx"

[ 

   {

        "Item": "rule/osintami/isHuman",

        "Description": "Most likely a human.  It isn't a known bot, crawler or code running in the cloud.",

        "Type": "Boolean"

    }

    See full list

]

Data Items

The complect/osint/isHuman data item is a rule, composed of sub-rules,  isBot, isBlacklisted and isCloudNode, each of which evaluates data from multiple sources.  In total, ip.isHuman currently evaluates 15 unique data items to make a decision.  Any one of which can be accessed directly. 

Let's make a call to isHuman using the Item URI found in the schema and pass the appropriate category parameters.  In this case the category required is an AP address.  Other data items may need an email, domain, phone, IP or browser user-agent as input params.

curl https://api.osintami.com/data/rule/osintami/isHuman?ip=34.173.187.95 -H "X-Api-Key: xxx"

{

    "Item": "rule/osintami/isHuman",

    "Result": {

        "Type": 1,

        "Bool": false

    },

    "Keys": {

        "ip": "34.173.187.95"

    },

    "Error": ""

}

WhoAMI (alpha)

Bringing the world one step closer to no-MFA, the distributed knowledge aspect of the data co-op creates a way for online vendors to share anonymous fraudulent activity amongst each other without sharing customer identities.  If you give a little you and your customers get a lot in return.

The Whoami Project is a digital fingerprint and a data co-op.  The impetus for creating these services is to help move the world away from MFA, or at least make MFA feel less like harassment.  If you've ever needed in an emergency to access your bank from a browser and didn't have your phone attached to your body then you have felt a bit of the pain I'm talking about.  If you've ever had your identity stolen or been locked out of an account because of suspected fraud you understand the frustration your users experience.

Imagine if you could share enough information anonymously that failed logins on a social media account by a malicious actor would reflect in additional safety measures at your bank automatically and keep you protected.

It starts with creating a non-reversible hash of your network and user identity, ie. your fingerprint.  Each person will undoubtedly have more than one fingerprint, and that's okay.  As long as the user identifier and the vendor identifier match we can track your thumb and your index finger seperately,  and still protect a user from fraud and a vendor from a user commiting fraud by passing their paywalled credentials off to a bot or AI system.

When the fingerprinted user logs in or attempts to perform an action in your ecosystem, resubmit the token and current input values, and we will compare the last fingeprint to the existing attempt and return a risk assessment.  Then you can decide how much friction to add to the signup, login or other action.

Feedback from your decision making process is a critical part of this system.  The only thing that gets shared across vendors is the current alert counts so that we can manage the risk of fraudulent behavior for any particular vendor based on cross account metrics.

Use Case 1:

Steve signs up for a social media account and uses his credit card.  We fingerprint him with his signup metrics:

• Location:   Houston/TX

• Browser: Chrome

• Device: iPhone15

• Partner: X/Twitter

• Network:  VPN, consumer IP address, non-cloud, no reported malicious activity

• Risk:  doesn't look like any known bad actors

This is Bob.  Bob then hands his credentials off to a bot farm and attempts to post on your forum.  You send us Bob's fingerprint and we will re-run it and look for edges that have changed.  If Bob is now posting on Twitter from another country or a could node we will respond with a new digital fingerprint and a high risk that Bob isn't playing according to your terms of service.  If Bob passes your litmus test, you'll update and your feedback is positive, we'll update his fingerprint for the next time he posts.

Use Case 2:

Joe signs up for a free account using an anonymizing service (Tor/VPN/Proxy) out of Ukraine.  He looks sleazy as Zelinski in a leotard and we generate a fingeprint.  When Joe posts next, he's still the same sleazy Joe because his fingeprint is stable.  You could reject him at sign up for being sleazy, but maybe Joe is really Bob in Austin who hates being tracked online.  We'll know based on matching prints in the system.

TODO:  more use cases to follow soon

The Whoami Project API is currently bundled with a NODS monthly subscription.  

Trial Subscription

To create an account with OSINTAMI submit a valid email to https://api.osintami.com/signup?email=<valid email>&name=<your name or organization>.  We'll return some OSINT data about you via JSON and also send an email with your API key giving you full access to the NODS and WhoAMI APIs.   If you have any trouble please reach out to our support email below.

With this trial subscription we grant you a license to use the NODS and WhoAMI APIs and associated data for internal use only.  Reselling the data in any form, including blended as part of another API, SAAS offering, reports, rules based system or AI model is strictly prohibited.  Obvious attempts to mine OSINTAMI data will get you booted off the platform.

If you need a different license model or higher rate limits contact us and we will work with you to create a custom subscription level that ensures a proper level of service.

Contact Us

Let's talk.  Please send feedback, bug reports, suggestions, and questions on anything we can do better and we'll do our best to help in a timely manner.

• Need access to the full list of data items, just ask.

• Need integration help, just ask.

• Need a self hosted solution, just ask.

• Need to expand our data with your proprietary data, just ask.

• Need a higher rate limit, just ask.

Email Us

About Us

Founded in 2023 by data professionals with decades of opens source software and data experience with a common goal of making OSINT networking data affordable for fighting the botnet, and fingerprinting online entities for the purpose of targeting advertising or identity risk management. 

Copyright © 2023 OSINTAMI

This site or product includes IP2Location LITE data for our basic tier customers.