Solution
Based on the investigation subject’s profile, we obtained his alias/username/handle name as justinccase2511.
Our initial objective is to investigate his archived footprints before he changed his username. To accomplish this, we utilize web archives.
Using Wayback Machine, we tested the username justinccase2511 across popular platforms such as:
- https://web.archive.org/web/*/https://www.facebook.com/justinccase2511/
- https://web.archive.org/web/*/https://www.instagram.com/justinccase2511/
- https://web.archive.org/web/*/https://x.com/justinccase2511
- https://web.archive.org/web/*/https://github.com/justinccase2511/
- …
However, we didn’t get the expected results as it appears we’re missing something.
Let’s think about this more carefully. This investigation started many years ago, and since then social media platforms have undergone changes, particularly X which was previously known as Twitter. Therefore, to investigate old X accounts, we should use the twitter domain.
=> https://web.archive.org/web/*/https://www.twitter.com/justinccase2511/
Successfully found an old record of this account, but there wasn’t any valuable information to be gathered from this old Twitter profile.
However, there’s a trick to investigate this case. When a user changes their handle name on Twitter/X, there’s one thing that cannot be changed – something permanently tied to their account: the identifier id.
To obtain this value, we extract it from the web source:
"identifier": "1579193231652405248"
Previously, with the identifier number, we could use tools to search Twitter ID to username. However, it appears X has made changes to the X API, requiring authentication to query User ID to username. Free converter tools no longer work.
A much simpler alternative solution is to construct a URL with the identifier number: https://x.com/i/user/1579193231652405248
Successfully discovered the subject’s current profile at https://x.com/t0mmyx1a0mi with the new handle name t0mmyx1a0mi.
Based on the posts on the timeline, we gathered the following information: https://twitter.com/t0mmyx1a0mi/status/1582677011666829312. Based on the tab icon, it appears he uses Tumblr
Searching for Tumblr accounts based on the information we have, we found his Tumblr at www.tumblr.com/t0mmyx1a0mi
Following the hint in the post, we used the Tumblr Avatars tool to view the avatar in high quality, which revealed an image containing the flag https://api.tumblr.com/v2/blog/t0mmyx1a0mi/avatar/512