r/OSINT

Saw the post yesterday about building a hashing pipeline for detecting coordinated copy pasta campaigns on Twitter and wanted to share a real example of the same concept working on Telegram but for catching pig butchering scammers instead of state propaganda.

I'm using a monitoring tool that sits on top of TDLib and watches Telegram group messages. One of the features hashes message content using FNV-1a across every group message and allows anyone to track when the same hash appears in multiple groups within a short time window. Similar idea people were describing in that thread with fuzzy hashing and Levenshtein distance but applied to Telegram in real time.

The cross post detection flagged several accounts that were broadcasting identical messages across multiple crypto groups simultaneously. I looked into what they were posting and it turned out to be pig butchering bait. From there I searched the message content across all my groups and found the same accounts hitting Gate Exchange, BNB Chain Community, Bitget English Official, Filecoin, MEXC and several other crypto groups. The accounts had names like "Treasure Girl", "sophia" and "chaa" with profile photos that are textbook romance scam bait. Generic bios like "Love yourself first, and that's the beginning of a lifelong romance" and "Everything has cracks, that's how the light gets in."

Every message that comes through TDLib gets its text content hashed and stored alongside the sender ID, chat ID and timestamp. When the same content hash from the same sender appears across multiple groups the system flags it as cross posting. It also tracks reply networks and forwarding chains so you can see whether the account ever actually engages with anyone or just drops the same message and moves on. In this case there were zero replies from any of these accounts across any group just pure broadcast behavior.

The whole thing runs locally via TDLib so there's no API middleman and no rate limiting. You're reading the same message stream Telegram delivers to any client, just hashing and correlating it across groups automatically instead of manually searching one group at a time. Happy to answer questions about the detection methodology or share more details on the implementation.

I saw there is going to be a two day class on OSINT techniques at Layer 8 Con this year. It’s with Micah Hoffman and Technisette (Lisette Abercrombie) I’m so excited to meet them as when I started in OSINT, I used her start.me page of tools. Is anyone else going to do the training or attend the conference? Looking forward to it!!

I have a new sim. I made a new account on telegram. I have turned off all the options in privacy settings. My aadhar is not linked to this phone number. My bank account is not linked . Nobody has my number. Using it just to use telegram. Set up a unique username. I am in few study/chat groups. I have joined few bots for music like Shazam, or for downloading twitter and insta videos. Never clicked on any random link. I haven't shared my pictures with anyone. However I shared my gmail id with one friend and that is based on this number. Can I get doxxed through my username??