If you do a lot of web-based OSINT research like I do, you’ve most likely conducted username searches using a powerful tool like https://whatsmyname.app that scurry out onto hundreds of websites in search of profiles bearing the username you’re interested in. In doing so, you may have come across CashApp user pages that usually bear a few common things: a cashtag (username), a display name, and most of the time… a seemingly useless QR code. Or is it? You see, while it is the case sometimes that the account holder hasn’t actually populated a profile photo, and therefore just displays a QR code ..read more

Based on how often Twitter, oh sorry… I mean X, is changing these days, there’s a pretty good chance this blog will be obsolete by the time you read it but here goes anyway… Have you recently found yourself trying to visit a Twitter profile (when not logged in), and while it may initially load on the page, instantly you’re met with an annoying pop up after being redirected to a login prompt? Without a sock puppet account (which is getting harder to create and hang onto), you’re unable to get beyond that unexpected barrier. ANNOYING. Annoying, but not impossible. That is, if all we need to see ..read more

In this Quick Tips blog post (yep, that’s a thing now), I’ll be showing you a couple additional (and quite useful) functions of my favorite WHOIS Lookup site, and hopefully adding a little something new to your ever-growing OSINT methodology. Much like my desire to stay in college, this blog is going to be over just about as soon as it starts. Disclaimer/Warning: WHOIS records can be falsified, outdated, and in the case of things like common names they may not even be same person you’re investigating. Stop saying “I learned it from the internet” when you get in trouble for not exercising your ..read more

The faces and names shown in this blog are real, and are being used with their permission. Some details have been redacted or obscured to protect the privacy of others. Every Veteran’s Day for nearly a decade, my friend Bill Stevens has attempted to locate and reconnect with a very special Army battle buddy of his from more than 20 years prior. For a number of those years, Bill has aired his pleas publicly via Facebook, accompanied by photos of this bygone era, in hopes that somehow his plea would go viral and word would reach his long-lost friend… but it never did. Now, I’ve known Bill for a ..read more

I received this email to my business back in 2022, and it landed directly in my spam folder, exactly as it should have… It’s a scam so old it has become cliché in much of the world. The overseas millionaire, perhaps a Prince, or in this case a rich & dead businessman whose living proxy has miraculously plucked me from the masses of all the email-owning people on earth to be the sole benefactor of an oddly specific fortune! What luck! I mean, never mind the fact that I can’t even conjure up enough luck to win the monthly business card raffle at my local Subway restaurant, looks like things ..read more

In today’s episode of “Blogs That Should Have Been a Tweet”, I want to give you a tip about Snapchat. More specifically, a tip about Bitmoji users on Snapchat. First though, let’s back up a few steps… Bitmoji is an app that allows users to create a cartoon representation of themselves by picking everything from features to accessories to clothing. You can use this “cartoon you” in many places online and in apps, but it’s most commonly associated with use in Snapchat (the company who bought Bitmoji back in 2016). An estimated 3/4 of all Snapchat users use Bitmoji! It’s hard to overstate the va ..read more

A while back I posted a companion blog that was mostly a list of links from a talk I did on Telegram OSINT at the 2022 National Child Protection Task Force conference. The idea behind the talk was approaching Telegram for an OSINT investigation in the lowest-barrier ways possible, meaning not having an actual account on the platform, and utilizing a web browser rather than using the app on a mobile device. Is that you? Many investigators either can’t get an account on Telegram (it does require a phone number) or only utilize a web browser for their investigative work, and while it’s not the mo ..read more

This blog is simply a placeholder for the links and related content for a talk of mine at the 2022 National Child Protection Task Force conference about the many different OSINT approaches you can take to Telegram without needing to be logged in. Many investigators are unable to join Telegram for one reason or another, but there’s still plenty of clues that might be found if you know how to look. This post will make sense if you saw the talk, and if you haven’t it might seem a bit cryptic but you can still probably pick a thing or two up. Telegram OSINT From The Outside Links List! Basic Teleg ..read more

This blog serves as a companion post to my talk at the 2022 National Cyber Crimes Conference called “Advanced OSINT: The Art of Pivoting” The conference audience is law enforcement and prosecutors, but even you OSINT super-gurus catching this blog version online might find something of use hidden inside, so read on! While this will still serve plenty of value for those who did not attend the talk, it is a companion post after all, so this will not be my usual in-depth guide to a topic… caveat emptor! (even though it’s free) Bonus: if you’re reading this before the talk you can always decide to ..read more

If you don’t spend much time in the r/Scams subReddit, you really are missing out. Aside from the never-ending landslide of scam examples to learn about… if you’re an investigator, it also means a never-ending landslide of research fodder! One such example presented itself to me the other day, when I read a post about someone helping out their mother, who had clicked on a Facebook advertisement that led her to purchase a steeply-discounted set of patio furniture from what she believed to be a legitimate site bearing a highly recognizable company name and logo. The site was called “Weeyfair”, a ..read more