27 Apr 2020

Finding Fake News Networks with Dataprovider.com Transforms

Maltego Team

Note: The Dataprovider.com data integration is no longer available in the Maltego Transform Hub. Please visit our Transform Hub page to see other Hub items for similar use cases.

One of the reasons that investigators love working with Maltego is the ability to integrate and connect all kinds of data in one place. Via the Transform Hub, you can connect data from a variety of public sources (OSINT), over 30 partners, as well as your own data.

Dataprovider.com Transforms in the Transform Hub provide you with access to one of the largest databases of public website data in the world. And best of all, you can try them out for free, using our free-tier functionality. The Dataprovider.com directory contains 280 million domains, 30 to 50 pages deep, and holds over 200 data variables for each website. You can use this data to discover new pathways through networks of websites and gather unique insights into online domains.

Without WHOIS data it is difficult to find detailed information on who owns a website. The Dataprovider.com Transforms in the Maltego Transform Hub give you the tools to find incoming links, companies, IP addresses, phone numbers, e-mail addresses and social profiles of all Entities within a network. Take a look at the full list of Dataprovider.com Transforms here.

To get you started on working with Dataprovider.com’s Transforms, let’s look at one example of how we unravel the global network of fake news website.

Unraveling the global network of fake news websites 🔗︎

The sprawling number of fake news networks propagating and spreading false information have gotten a lot of attention lately. And as with all things online, it’s not easy to discover just how deep the rabbit hole goes.

To Incoming Links Transform in Maltego

Let’s start by investigating the infamous website, www [dot] infowars [dot] com

Our first step is to run the Transform ‘To Incoming Links’ on the Website Entity. This immediately presents us with 971 websites. We can view the properties of these websites in the Detail View and discover more about them individually, but right now, we’re interested to see which of these websites also link back to one another. We’ll run incoming links on the entire Collection of Website Entities. The results are quite staggering.

Incoming links on entire collection of website entities

However, we don’t want things to get too complex just yet. Simply running incoming links on every single domain will only generate a larger and larger graph which might not give you any promising leads at all.

A useful feature in Maltego is the ability to “trim the leaves” off your graph as it grows. In the Investigate tab, there is an option called ‘Select Leaves’. When we click it, we see that 29.875 out of 39.796 Entities do not have any outgoing links. We can remove these (hit ‘delete’) to get a better idea of the extent that the networks are interconnected. Let’s give it a try:

Select Leaves Feature in Maltego

Select Leaves in Maltego result

You’ll notice that the various clusters and links have become much more discernible. Investigating one of these clusters, we find an interesting collection of websites. Virtualbegging [dot] com - a website dedicated to genealogy – strangely has links to websites of the Obamas, Bryon Hefner, conservative travelers org, and more inside the body of the text, with seemingly no relation to the content of the paragraphs or the sentences in which they appear.

Or donaldpeltier [dot] org, a mostly text-based website that opens with this landing page:

donaldpeltier dot org

And then, endoftheamericandream [dot] com, a website that posts articles like this one:

endoftheamericandream dot com

As you can see there are interesting discoveries to be made here. There are many more tricks to broaden and deepen your investigation here, such as running reverse ISP and DNS lookups, as well as IP2Company Transforms to find out even more about these websites.

If you’ve found an interesting website you’d like to investigate within these results, you can isolate it and related websites in its network by highlighting the Entity and choosing Copy ► To New Graph ► With Neighbors.

Copy to new graph with neighbors

… which gives you a result such as this:

Finding fake news websites with dataprovider transforms

Play around with these Transforms on your own and see what you can discover. With the Dataprovider.com Transforms, you can explore even further and uncover subdomains and social profiles that may be linked to particular websites.

Note: The Dataprovider.com data integration is no longer available in the Maltego Transform Hub. Please visit our Transform Hub page to see other Hub items for similar use cases.

Follow us on Twitter and LinkedIn or subscribe to our RSS feed to stay tuned with new use cases, product updates and news!

By clicking on "Subscribe", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.