Episode 14: IP Address Investigations and Local OSINT

The episode opens with a clear distinction between dynamic and static IP addresses, emphasizing why dynamic pools are poor anchors for pinpointing individuals while static ranges often belong to businesses or hosting providers. Listeners learn that recognizing this difference is the first step in any IP‑address investigation, setting the stage for deeper analysis. The host highlights essential OSINT utilities such as reverse IP lookup services, passive DNS databases, and basic geolocation APIs, noting their role in building a reliable investigative foundation without over‑relying on volatile data.

Building on that foundation, the discussion shifts to the complexities introduced by VPNs and Tor nodes. While VPNs can mask a user’s true address, they also generate identifiable IP blocks that can be traced back to specific providers, offering a tactical clue for investigators. Tor exit nodes, on the other hand, signal deliberate anonymity and often warrant heightened scrutiny. The host stresses the importance of corroborating IP data with behavioral context, using tools like Maltego or custom scripts to cross‑reference reverse‑lookup results, leak datasets, and jurisdictional information, thereby turning noisy signals into actionable intelligence.

The final segment explores local OSINT techniques, including browser and network spoofing to appear from a chosen geography and mining Google Maps’ "popular times" data at scale. By automating the extraction of foot‑traffic patterns, analysts can infer peak activity windows for target locations, enriching situational awareness. The episode also spotlights community‑driven resources such as weekly CTF challenges and the OSINT Insider newsletter, which provide fresh tools and case studies for both novice and seasoned investigators. Together, these strategies illustrate how a layered approach—combining IP fundamentals, anonymity detection, and localized data harvesting—creates a robust OSINT workflow.