Molfar OSINT Challenges Walkthrough #1 — #3

5 min readJun 7, 2023

What is Molfar?

Molfar is a Ukrainian private OSINT investigation group. They specialize in exposing Russian military war crimes, revealing Russian spies, and more. With an extensive collection of OSINT investigations, cases, and tools on their website, Molfar has garnered significant attention.

Recently, they started to post OSINT tasks in Telegram channel. They also have a website you would like to visit: lots of OSINT investigations, cases, tools.

In this article, I will share my solutions for a selection of Molfar’s OSINT tasks. With around 40 tasks available and more being added regularly, this series will cover various challenges. Join me as we explore intriguing insights and strategies.

Since Molfar’s Telegram blog is primarily in Ukrainian, I will provide English translations for the tasks. If you have Telegram Premium, you can use the automatic translation feature to read the posts in English.

Before we start, I would like to ask you to subscribe to my Patreon.

Let’s go.

Task #1:

Under the hour of collecting information on the case, we were able to take a photograph of the front part of the car. Now it is necessary to recognize the brand of the car and month of manufacture! We add a photo from the video warning camera.

I’m idiotic when we are talking about car models, so I even won’t try to assume what kind of car it could be, but let’s check the information that lies on the surface.

We know that most license plates contain country code, alike phone numbers. Let’s google this number!

Hm…

CYLOHHB or CY10HHB…

Let's google both!

Ok, ok, it’s definitely CY10HHB.

Let’s visit the first site.

We got the answer!

Answer: Fork KA Titanium, Silver. Manufactured and registered in June.

NB! I want to emphasize that this plate can lead to the thought, like the first two characters, CY — means Cyprus. Yes, if we’ll search the Wikipedia, we will find next:

But if we check this site, we will find out, that it is an internal car code of Cymru (Wales):

So, keep in mind, when we are talking about car plates, sometimes a country's internal codes can match with international codes.

Task #2:

We are trying to access this web address: http://time-traveler.icec.tf/
The server is not responding! It is important that we find the information contained on this site as we suspect it to be part of criminal activity.
Sources suggest the site was available around 4 years ago, not sure how relevant that is, but maybe that means something to you?
The answer to the task is a line of text placed on the site. Find it!

That is an easy one. For those new to OSINT, one of the most valuable resources to be aware of is the Internet Archive Wayback Machine. This impressive project houses a collection of various versions of websites that have been published on the internet. The popularity of a site determines the number of available versions for examination. To access this valuable tool, simply visit https://archive.org/web/ and enter the URL you wish to explore.

Great! We can see spikes in 2016. Select it.

We’ll see a calendar with marked days when snapshot was done. Select earliest, choose correct snapshot and we’ll see…

We will see the Answer!

Moving forward.

Task #3:

We rummaged through the social networks of the Person of Interest (the object of the study). And found this boarding pass. It seems the person who owned it was a bit paranoid. And not for nothing, because they are looking for her!
Looks like we can still do something about it… There’s one thing here that might help us.
We really need to find this person’s LANDING PLACE NUMBER to link it to the other evidence the team has collected.
We have attached a photo of the boarding pass for you. Please find a boarding place for us.

In my initial task, I encountered some difficulties until I stumbled upon something incredibly obvious. I began by extracting as much textual information as possible from the picture, such as “British Airways,” “Class,” “Flight”, “Destination”, etc.

But then I simply noted a barcode that holds the potential for valuable information…

Cut the barcode from the picture.