Data Scraping and Visualizing using Instant Data Scraper, ViewDNS.info, and Maltego

This is a companion blog post to the video posted on YouTube below.

Intro

Hi there! Micah here. In this 10 minute video, I show how to use a combination of Google Chrome and Instant Data Scraper to extract HTML table data from the ViewDNS.info web site. Then, once that is saved in a CSV on the local system, I demonstrates how to import the CSV into Maltego’s Casefile product to visualize and analyze the OSINT data.

Retrieving Data

The Instant Data Scraper extension can extract HTML table data and save it as a CSV or XLSX file on your local system. To show this, I went to https://viewdns.info/ and used the “Reverse Whois Lookup” form at the top of the screen.

This form allowed me to search (for free) for the first 500 domain records associated with a certain email address in Whois data. Not going to get into why this could be important here, just that the output of this process is an HTML table.

Once the results were on the screen, I clicked on the Instant Data Scraper extension which found the HTML content and allowed me to extract and save it to my system as a CSV.

Analyzing with Maltego’s Casefile

Next, I shift to the Maltego Casefile data visualization application. Here I import the data and, in the video I show what options you might wish to choose. These will vary depneding upon the data that you want to view in Maltego.

Also, keep in mind that Maltego’s Casefile (and their “Maltego” products) can import data from almost any CSV.

Once the settings in Maltego are chosen, I imported the data, selected to view the layout in an “Organic” layout, and began my analysis.

Using this technique it was easy to spot:

  1. What the main domain registrar Apple uses for their official domain registrations was.
  2. Multiple domains registered on the same date.
  3. Domains registered at domain registrars other than the “official” one we identified. These outlyers appeared to be in different regions of the world and some appeared to be possible personal domains registered with Apple.com email accounts.

Hope you enjoyed the tip and stay OSINT Curious!