Search Posts

A cunning scam targeting people selling online is going around on WhatsApp. The con is remarkable because it operates with professionally designed phishing pages and tailored chat messages. The criminals’ goal is to get the credit card details of the unsuspecting sellers on Gumtree, eBay and other marketplaces.

This OSINT analysis found a novel hosting infrastructure, many targeted brands, and strong ties to Russia.

Protect your privacy and keep expenditures low during OSINT investigations with tfvpn, a VPN automation project allowing an effortless deployment of self-hosted VPNs in the cloud.

Various government organisations are providing a convenient service to find unclaimed money. People in Australia can visit these websites looking for funds that could be owed to someone alive or deceased. The unclaimed money finder service is rather useful to ascertain whether someone owes you a few hundred dollars here and there. Each state of Australia is providing this handy lookup service at everyone’s disposal.

When it comes to OSINT, however, these unclaimed money search engines allow investigators to discover the registered addresses of its subjects under investigation.

How lucrative is being a phishing service operator? How the facade of his professional life look like? Today, we review how much money can be made with phishing in merely two years and how large the Bulletproftlink operation is.

How the phishing campaigns ran by ‘thegreenmy87’ is linked to a bulletproof hosting provider? Who is responsible for the phishing campaigns facilitating identity theft? How could we pinpoint an individual behind ‘Anthrax Linkers’? We provide further insight into a long-running scam operation in this article.

Today’s OSINT investigation involves a talented young hacker, who slowly turned into the operator of a large-scale phishing network. What we found on the surface is a story of a happy father, who facilitates identity theft when nobody is looking. In this article, we demonstrate how we managed to track down the operator of this phishing operation called ‘Bulletproftlink’.

I watch YouTube more frequently due to COVID-19 and I found these pesky Dick Smith ads soliciting a get-rich-quick scheme popping up recently. The ads are illustrated with a photo of the Aussie entrepreneur himself claiming that everyone can become a millionaire within a matter of months. So what is this scam about and who runs the YouTube campaign?

One interesting offshoot of researching .gov.au websites running outside Australia was an odd service running from Russia. How the Service NSW – a website offering government services online – ended up associating with a Russian datacentre?

In this article, we are hunting for websites under the .gov.au domain hosted outside Australia. We explain why it is a risk of running services associated with the Australian Government overseas and how things are changing.

New Roku and other streaming device users beware. These scammers are running a large network of lookalike websites tricking into paying “activation” or “set-up” fees for something coming free of charges.

How do these scams work? What Roku scam websites belong to the same circle of scammers? Read on to find out.

I wanted to write this since I competed in the National Missing Persons Hackathon in Sydney last October. For those who are unfamiliar with the concept, the competition was the first-ever nationwide Missing Persons CTF. As the police receive more than 38,000 missing persons report each year and there are circa 2,600 long term missing persons in Australia, the noble intention was helping the authorities find missing persons by providing as many leads as possible.

Although there are plenty of write-ups about the tools used and practices followed on these OSINT competitions, most of them are revolving around the United States.

In the following article, I summarised the various Australian public data sources I found useful in the Missing Persons competition. The list of the data sources below is a non-comprehensive list with a heavy bias (e.g. NSW-focussed).

Muni Hosting is a boutique bulletproof server hosting provider knee-deep in running phishing scams, SIM swapping attacks and bank fraud. My latest research takes an attempt at mapping the scale of the operation and identify the perpetrator behind these illegal acts.

This is an OSINT analysis of a lending company called MEDIAAN ABS Financial Services. Nothing on the company’s website appears to be genuine, and third-party reports confirm that the firm is likely to be linked to advance-fee scams.

The latest investigation using open-source data reveals how a small web design and SEO company runs dozens of websites associated with remote support scams.

I received this spam other day telling me my business’s domain name is about to expire (no it’s not!). According to the email, I urgently needed to click on this link to extend my domain name.

So, I clicked on the link to see what happens and I managed to find a few pointers to the person presumably running this particular domain name slamming operation.

How not to survive the coronavirus pandemic? I stumbled upon the following email in my spam folder the other day. The email is painting a picture of Wuhan, where the police – according to the sender – is knocking on doors and this violation could happen to my city as well.

The pitch was enticing enough to click on it to see what ‘my last chance’ was to survive the coronavirus pandemic and the dystopian police state.

So I took my OSINT toolkit and what I found was a network of websites pushing fear-mongering ebooks amidst the COVID-19 pandemic. I also found a webshop providing platform for products with questionable benefits and a successful business making a bank with affiliate marketing.