Advanced OSINT for China: SOCMINT on WeChat, Weibo, and More

Navigating the Great Firewall for OSINT Insights.

At first glance, OSINT for China seems daunting. China’s digital ecosystem is unique. Unlike the Western internet, dominated by familiar platforms like Instagram, Facebook, and Google, China’s online world revolves around its own set of social media giants that many English-speakers have never heard of. Faced with WeChat, Weibo, Douyin, and many others, a lot of Western OSINT investigators are clueless.

This guide aims to change that. For 18% of the world (that’s 1.4 billion people), these platforms are second nature. Understanding China’s tightly controlled digital sphere keeps OSINT moving forward. Corporate due diligence, geopolitical risk assessments, cyber threat intelligence, or investigative journalism are increasingly reliant on intelligence from China’s unique social sphere. Soon, if you can’t conduct OSINT on Xiaohongshu or Zhihu, you’ll only see half the picture. 

When we’re done, you should be able to recognize popular Chinese social media networks, and leverage platform-specific OSINT techniques to find usernames, email addresses and more. You’ll understand the nuances of China’s censorship mechanisms, have walked the length of the Great Firewall, and learned which workarounds allow researchers to employ OSINT on Chinese accounts – while maintaining good operational security (OpSec).

So, "我们开始吧!" (‘Let’s get started!’)

What is SOCMINT?

Most cybersecurity professionals, journalists, law enforcement, or investigators can define Open-Source INTelligence (OSINT) – collecting and analyzing public open-source data. Before it becomes OSINT via analysis however, it is classed as OSINF data, and this comes from anywhere freely accessible, without restrictions: news sites, government databases, public records and, most notably, social media platforms.

(For futher details, check out ‘OSINT Basics: What is OSINT?’)

The latter is Social Media INTelligence (SOCMINT). A rapidly growing subcategory or branch of OSINT, SOCMINT gathers intelligence from socials. Social media continues to shape global communication, in China like anywhere else; this means SOCMINT has become a must for modern OSINT investigators, analysts, and researchers. SOCMINT can help investigators to understand trends and behavior: key influencers, sentiment analysis, trend forecasting, and more. It’s also vital for verifying identities – and for cybersecurity.

Like OSINT, SOCMINT doesn’t see borders. Operating on a worldwide scale, open-source publicly available data is perfect for global investigators. This means SOCMINT is uncovering hidden networks, tracking assets, analyzing geopolitical events, and exposing transnational crimes as we speak. It should be in every international investigator’s toolkit.

Forbidden City: Specific Challenges in OSINT for China

Conducting OSINT in China’s heavily regulated, localized and fragmented social media sphere has its unique challenges.

Perhaps the biggest hurdles for English speakers are language and cultural barriers: diverse dialects and unusual emojis. Like Western socials, Chinese platforms have unique slang and coded language, sometimes to evade censorship. Westerners might not know that 666 (pronounced ‘liù liù liù’) means ‘cool’ or ‘amazing’ — or that ‘吃瓜 (chī guā, lit. ‘eating melon’) is the Chinese equivalent of ‘grabbing the popcorn’.

If you can, collaborate with a native speaker. You can also familiarize yourself with Chinese internet culture by actively following local forums, reading popular Chinese content, and using resources like dictionaries or online communities that specialize in Chinese slang. You might not think reading Chinese gossip forums would help your OSINT, but it will. AI translation tools can help decode slang in real-time, but you’ll need help understanding the context in which these terms are used. 

Chinese internet slang is often equivalent to English, and can be illuminating for OSINT:

• 黑粉 (hēi fěn) – ‘Anti-fans.’ People who are over-critical or negative about a celebrity or public figure, or ‘haters’. Useful for trend and sentiment analysis
• 吃土 (chī tǔ) – ‘Eating dirt.’ Being so broke that you can’t afford anything. This can reflect a subject’s financial status.
• 翻车 (fān chē) – ‘Flip the car. A situation that failed, like an English ‘trainwreck’.
• 学霸 (xué bà) – ‘Study overlord.’ Used to describe a person who excels academically, like a straight-A student (or a committed OSINT researcher). 

Of course, another major hurdle is government oversight and content control. Posts, discussions, and even entire accounts can be suddenly deleted or modified by authorities. Historical data retrieval is difficult, and your OSINT investigation might have ‘flipped the car’.  

Additionally, China has real-name registration laws. This limits anonymity, making it harder to track users covertly. If you’re identifying a subject, this is a double-edged sword.

Finally, legal risks. OSINT activities that are routine elsewhere may violate China’s cybersecurity and data protection laws – with serious consequences.

What is the Great Firewall of China?

The Great Firewall of China (GFW) is not a historic monument, but the Chinese government’s extensive system of internet censorship and surveillance. Officially part of  China’s Golden Shield Project, the GFW blocks foreign websites, regulates Chinese users’ internet usage, and monitors domestic online activity.

The GFW employs DNS filtering, IP blocking, keyword censorship, deep packet inspection (DPI), and manual content moderation. The simplest result of this is that major international platforms like Google, Facebook, Twitter, YouTube, Instagram, and Wikipedia are blocked in China. They’re only accessible via VPNs, proxy servers, or Tor, which are mostly restricted or illegal there. 

For OSINT investigators, this means a whole new approach. Beyond blocking content, the GFW drives Chinese users to local platforms. OSINT in China works with WeChat instead of WhatsApp, Weibo instead of Twitter, and Baidu instead of Google. These alternative platforms operate under strict government oversight; keep in mind that Chinese authorities monitor discussions, remove sensitive content, and actively enforce real-name registration policies. There’s not really an equivalent oversight in Western media. 

The GFW is why traditional OSINT tools designed for Google, Twitter, or Facebook are ineffective. Researchers must make sure to use OSINT tools (like OSINT Industries) that incorporate Chinese platforms in their scope.

Tech Giants: Which Platforms Are Popular in China?

Just like any other country, China’s Internet users are hooked on social media – and generating public, open-source social content. The platforms may be different, but they offer the same OSINT opportunities as their Western equivalents.

It’s rare for these platforms to cross over into Western popularity. However, during America’s temporary TikTok ban in early 2025, a migration of US users to Chinese alternative Xiaohongshu (known in the West as ‘RedNote’) brought the platform to the Western world. 

Social Networking and Chat 

1. WeChat (微信): This multifaceted app combines messaging, social networking, mobile payments, and e-commerce – a successful ‘super-app’ or ‘everything app’ with over 1.3 billion monthly active users.
2. Douyin (抖音): The original local version of TikTok, also popular for short-form videos and live streaming.
3. Xiaohongshu (小红书, lit. ‘Little Red Book’) aka RedNote: This social commerce platform lets users share product reviews, fashion tips, and lifestyle content – it often functions like TikTok in the West.
4. Weibo (微博): This microblogging platform is China’s Twitter, with news and public discussions.
5. Zhihu (知乎): A question-and-answer platform similar to Quora, letting users engage in in-depth discussions alongside answering user queries. 
6. QQ – An instant messaging service with online games, music streaming, and file sharing; functionally a mix of Facebook (social) and Skype (chat).
7. Baidu Tieba (百度贴吧) – This popular Reddit-like discussion platform lets users create and join ‘bars’ (forums) dedicated to specific topics.

Search Engines, Business and Tools

8. Baidu (百度) – The dominant search engine in China.
9. Sogou (搜狗) – A search engine that also indexes WeChat content.
10. QCC.com (企查查) – A business directory containing company information (though be aware of CAPTCHAs on this site to limit foreign users).
11. TianYanCha.com (天眼查) – A business registration and verification site (you will need a mainland IP to access this).
12. Dianping (大众点评) – A business review and listing platform, similar to Yelp‍
13. Baidu Maps (百度地图) – A mapping service with business listings.‍
14. Gitee – A Chinese Git-based development platform.

What to Look For: OSINT on Chinese Emails, Phone Numbers, and Usernames 

The information located with Chinese OSINT will be a little different if your subject is a Chinese local. OSINT for Chinese phone numbers and emails will require you to familiarize yourself with what this data looks like.

1. Cell Phone Numbers in China

All Chinese mobile or cell phone numbers begin with +86 (China’s area code). Mobile or cell phone numbers start with 1, followed by a second digit that identifies the carrier: 

• 130–139, 150–159, 180–189, 190–199 – China Unicom, China Mobile, or China Telecom
• 170, 171, 175, 176, 177, 178 – MVNOs or resellers like Snail Mobile or DianXin.

For example: “+86 138-1234-5678” connotes a China Unicom customer, on a cell phone, in China. In OSINT terms, an MVNO number can suggest a business number, a subject seeking anonymity – or even a ‘burner’ commonly used for fraud, scams, or other illicit activity.

2. Landline Numbers in China

As you can see, these are useful for geolocation purposes. Again, all Chinese landline numbers begin with +86 (China’s area code). Area codes then vary by city:

• 010 – Beijing
• 021 – Shanghai
• 020 – Guangzhou
• 0755 – Shenzhen

For example: “+86 021-8765-4321” connotes a number in China, particularly in Shanghai.

2. Email Addresses in China

Email addresses in China are often registered with services that comply with China’s internet regulations: namely, real-name registration. This is good news for OSINT-ers. Some popular Chinese email providers include:

• 163.com / 126.com / yeah.net – Operated by NetEase, popular for personal and business emails
• qq.com – Provided by Tencent via QQ Mail, often linked to QQ, WeChat and other social accounts
• sina.com / sina.cn – Offered by Sina, popular with media professionals
• aliyun.com – With Alibaba Cloud, commonly used by businesses.‍
• sohu.com – Hosted by Sohu, used for business and personal accounts

Silk In-Roads: A Platform-by-Platform Approach to Chinese OSINT

Getting emails, phone numbers, and usernames from Chinese sources requires a tailored OSINT approach. You’re probably aware by now that unlike the Western web, China’s digital ecosystem relies on unique search engines, social media networks, and databases – and these require localized and specialized OSINT techniques to navigate. Let’s break it down by platform.

1. WeChat (微信)

• In Platform-Search: WeChat’s ‘People Nearby’ feature can allow you to discover usernames, a key OSINT starting point, with a simple search.
• Profile Scraping: Some business accounts list email addresses or phone numbers in WeChat account descriptions. Comb them for useful intel.
• WeChat Groups: Some groups are industry-specific and may share business (or personal) contact details – browse and search posts to see what you can find. 

2. Weibo (微博)

• Username Search: Many users use similar usernames across platforms, making Weibo a good starting point for OSINT. 
• Bio and Posts: Look for business accounts – some business users display contact details in their Weibo bios or posts.
• Reverse Image Search: Profile images can be traced back to other accounts where contact details might be available.

3. Zhihu (知乎)

• Expert Profiles: Many professionals on Zhihu share their emails for collaboration, or to connect with other users for business opportunities.
• Comment Sections: Some users leave contact details in responses, especially in business-related discussions. Search thoroughly for these.
• Backlinks to Other Sites: Many profiles link to personal blogs or company websites that contain additional contact info – you can also find links to other Chinese social media sites.

4. Xiaohongshu (小红书) – Little Red Book/RedNote

• Influencer Bios: Many influencers list their WeChat IDs or email addresses for business purposes on Rednote. 
• Product Listings: There’s also an eCommerce aspect here, so sellers often include contact details for orders and brand partnerships.

5. Chinese Business Directories

• QCC.com (企查查): Because this is a business database, registered companies often display contact information publicly.
• TianYanCha.com (天眼查): Similar to QCC, this site provides business registration details, including emails and phone numbers, in public view.‍
• Baidu Maps & Dianping: These are useful for geolocation, as many businesses list phone numbers on these platforms.

General OSINT techniques for extracting Chinese contact information include:

Baidu and Sogou for Advanced Search

This is similar to Google Dorking. Chinese search engines like Baidu and Sogou index social media pages and business websites, and can be a rich source of intel. You can use advanced search operators like:

• Email search: "@qq.com" OR "@163.com" site:weibo.com
• Phone number patterns: "13*" OR "15*" OR "18*" site:qcc.com (as Chinese mobile/cell numbers start with 13, 15, 18, etc.)
• Username tracking: intitle:"profile" "WeChat ID" site:xiaohongshu.com

Reverse Username, Phone and Email Lookups

OSINT tools are designed to search for the data you need; make sure to utilize a tool, like OSINT Industries, that incorporates Chinese platforms.

Our 1000+ lookup modules include all the Chinese platforms mentioned in this article. Usernames, phone numbers or email addresses are fuel for investigation. Reverse searches like reverse email lookup and reverse phone lookup are ideal for account-finding tasks. Using these tools, you can cross-reference information and reveal any accounts or personal information. 

What’s more, you can automate searches, visualize connections – with tools like Maltego or OSINT Industries Palette – and automatically adhere to high ethical and legal standards without unnecessary complications. 

Scraping Publicly Available Data (with Extreme Caution)

Be careful when scraping Chinese data. Many platforms actively block scrapers, and unauthorized access may have legal consequences – so stick to public data, and exercise extreme caution. 

Weibo & Zhihu Scrapers like Scrapy can be configured to extract profile data. Alternatively, try dorking on Baidu for emails, with commands that search for spreadsheets like:

filetype:xls OR filetype:csv "contacts" site:tianyancha.com

More Challenges and Ethical Considerations

• Legal Risks: China has strict data privacy laws; make sure you follow them.‍
• Internet Censorship: The Great Firewall restricts access to many Western websites, but it can also limit the visibility of certain topics within China.‍
• Misinformation/Disinformation: Fake details aren’t the only hazard. Be cautious of state-sponsored influence operations. Dis- and misinformation campaigns that may skew data.‍
• Chinese Phone Numbers: Some platforms may require local Chinese phone numbers for registration. This will pose hurdles for foreign researchers.

To see Chinese OSINT in action, check out our Case Study.

‘Julian was able to reveal, through research with OSINT Industries, not only proof of Chinese culpability… but, with some degree of certainty, that guilty actors were members of the Chinese Communist Party (CCP)...’

Read: An OSINT Investigator Exposing the Truth About Chinese Fentanyl