How I Traced a Porn Site Operator Using OSINT Techniques

I discovered a pornographic website and began an investigation to expose its operator.

Using the site’s .cn domain, I performed a WHOIS lookup on the domain and then a reverse WHOIS search on the listed email address, which revealed 28 other sites all sharing the same interface.

The pattern indicated the operator was running a site‑farm, a collection of sites owned by a single individual.

After registering an account on the target site, I accessed a card‑purchase page that displayed a QQ number used as a customer service contact.

I added the QQ, but received no response; the QQ appeared to be a throwaway account.

Further investigation of the purchase page led to a card‑selling site that provided a WeChat contact for a cheat‑software service.

I added the WeChat, obtained the operator’s Alipay account (linked to a phone number), and used Alipay’s transfer details to learn the full name.

Calling the phone number allowed me to capture the operator’s IP address, which I looked up on an IP‑lookup service, revealing a location in a county of Sichuan Province.

Using the phone number, I found a personal ad and a photo, and later a second‑hand electric‑bike listing that gave additional clues.

I called the operator via a VoIP app, discussed a bike purchase, and obtained the exact apartment building and unit.

Armed with this information, I pressured the operator, who panicked, claimed to be a police officer, and agreed to stop.

Shortly after, all related sites became inaccessible and the operator removed my account.

The investigation demonstrates how OSINT techniques—WHOIS, reverse WHOIS, email and phone tracing, and IP lookup—can be combined to identify and confront the operator of illicit online services.