This study addresses the underutilization of publicly available BitTorrent metadata for tracking illicit activities and constructing user profiles. The authors propose a five-step OSINT methodology to systematically collect torrent metadata from over 60,000 IP addresses via The Pirate Bay and UDP trackers. By enriching these IPs with geolocation data, anonymity indicators, and associations with child sexual exploitation material, the framework enables behavioral analysis and risk assessment. Innovatively leveraging torrent metadata within an OSINT context, the approach integrates IP enrichment, network clustering, co-download modeling, and privacy tool detection to distill actionable intelligence from noisy data. Empirical results demonstrate its effectiveness in identifying high-risk user groups and their interests in illegal content—such as sensitive e-books—offering law enforcement and cybersecurity practitioners a scalable, automated analytical framework.

This work investigates the potential of torrent metadata as a source for open-source intelligence (OSINT), with a focus on user profiling and behavioral analysis. While peer-to-peer (P2P) networks such as BitTorrent are well studied with respect to privacy and performance, their metadata is rarely used for investigative purposes. This work presents a proof of concept demonstrating how tracker responses, torrent index data, and enriched IP metadata can reveal patterns associated with high-risk behavior. The research follows a five-step OSINT process: source identification, data collection, enrichment, behavioral analysis, and presentation of the results. Data were collected from The Pirate Bay and UDP trackers, yielding a dataset of more than 60,000 unique IP addresses across 206 popular torrents. The data were enriched with geolocation, anonymization status, and flags of involvement in child exploitation material (CEM). A case study on sensitive e-books shows how such data can help detect possible interest in illicit content. Network analysis highlights peer clustering, co-download patterns, and the use of privacy tools by suspicious users. The study shows that publicly available torrent metadata can support scalable and automated OSINT profiling. This work adds to digital forensics by proposing a new method to extract useful signals from noisy data, with applications in law enforcement, cybersecurity, and threat analysis.