From a Real Name to a Home Address [OSINT Case Study]

From a Real Name to a Home Address [OSINT Case Study]
From a Real Name to a Home Address [OSINT Case Study]
From a Real Name to a Home Address [OSINT Case Study]
From a Real Name to a Home Address [OSINT Case Study]
From a Real Name to a Home Address [OSINT Case Study]

In this article, I am going to talk about how I got scammed a long time ago and how I used OSINT to get someone’s home address by only having his real name.

Please keep in mind that I am not trying to show off here. All I am trying to do is to make you aware of this kind of scam and the importance of OSINT.

Note: All the names, addresses, cities, and countries used in this video are fake. I don’t want to expose anybody without their consent.

Scam Story

I went to a car dealership a long time ago to buy my very first car. So, I handed the seller the money in cash, and he gave me a contract saying that I bought the car for this price from this car dealership.

In Germany, when you buy a car, there are two documents that you have to get from the owner:

  • Registration certificate No. 1: includes technical data about the vehicle and the vehicle owner’s address.
  • Registration certificate No. 2: “Evidence of Ownership” of the vehicle.

The car dealership seller [John] gave me the first document [registration certificate 1] but didn’t give me the Evidence of Ownership document because he said that he needed it to make a TÜV certification for the car.

What is a TÜV certification?

TÜV certification means that the car has been tested for safety and found to meet the minimum requirements of the German Equipment and Product Safety Act.

This is where I made my mistake. I didn’t get the most important document [Evidence of Ownership] when I handed in the money. I thought that since we had a contract, then nothing would happen.

Every time I go to him to get the Evidence of Ownership, he makes excuses.

I ended up going to a lawyer and suing him for not giving me the Evidence of Ownership document.

The lawyer told me to ask the car dealership for his home address so that we could continue our lawsuit against him. To be honest, I thought that this was a very stupid idea.

How can I ask someone I sued about his home address to continue my lawsuit against him?

At this point, I decided to use OSINT to find his home address. 

Using OSINT to find the home address

Keep in mind, I only have his full name that is written on the contract. I don’t even know what the man looks like because the one who sold me the car was his partner, who is not the owner of the car dealership.

Firstly, I used Facebook to search for John Smith [the owner]. I got 4 people with the same name. 

One of the profiles had posted many pictures on his Facebook profile. One of the pictures was a hanging sign with the name of his kiosk. The sign also included a landline number. 

I then searched for this landline number on Google and found out that this number is the exact same number as the car dealership’s landline number. I searched further and found that the kiosk address is the exact same address as the car dealership. 

At this moment, I knew that I found the correct Facebook profile. 

My job right now is to use any useful information on John’s Facebook profile that could lead to his home address. 

After hours of inspecting his Facebook profile, I got frustrated for not finding any useful information that could lead to his home address. 

House number – License plate

Only one picture caught my attention which is a picture of a vehicle showing the license plate number that is from Frankfurt and shows a house behind the car and the number of the house is 55.

I initially assumed that this is his car and that he is from Frankfurt and his house number is 55.

My next step is to use this information to search for house number 55 in Frankfurt which looks similar to the one I saw behind the vehicle we found earlier.

I used Google Maps, Bing Maps, Yandex Maps, and Apple Maps to find house number 55 in Frankfurt but found nothing.

At this point, I am very disappointed because I spent hours trying to find his address but got nothing. 

I then tried to find out if there was any leaked data about him, but I got nothing.

Police Station

The next morning, I went to the police hoping they might give me John’s address to proceed with the lawsuit.

The police officer denied sharing any information regarding John but he told me to go to the citizen’s office and they might help me to get his address.

Afterward, I went to the citizen’s office. The employee told me that in order for me to get John’s address I have to have his:

  • Full Name
  • Nationality
  • City of Birth
  • Where he lives now 
  • Date of birth

I went back home and started to collect more information from his Facebook page.

I already have the following info:

Full Name: John Smith
Nationality: German
City of Birth: Berlin
Currently lives in Frankfurt
Date of birth: unknown

Keep in mind, all information is required, and the employee won’t proceed without having at least this information.

I spent hours looking at his social media accounts trying to find any data that might be archived but found nothing. 

Getting the Home Address

What if I searched for one of the family members’ dates of birth? If I were able to find one, I would be able to submit my application to the citizen’s office and I’ll get the address.

I found a picture of a birthday party of one of the family members.

The picture contained the text I am officially 18. By looking at the date of when the picture was posted, which is 20.06.2015 I can subtract the family member’s age which is 18 from the year 2015 which is 1997.

20.06.2015 – 18 = 20.06.1997

If we think of it logically, a huge event like a birthday party, people tend to post pictures at the moment and not days after. At worst people will post the pictures after a day or two and that’s why I assumed that the date of birth is either 20.06.1997 or 21.06.1997.

The next morning, I went to the citizen’s office to submit the information, and luckily for me all the information I submitted was correct and I got the address.

Lessons I learned

  1. If you know what you want but don’t know how to get it, your brain will somehow think of a path to get what you want. 
  2. Every single piece of info like a post, picture, or video is very important because you don’t know when you’ll need this information to dig deeper.
  3. DO NOT BUY A CAR WITHOUT TAKING THE EVIDENCE OF OWNERSHIP FIRST. I admit that this was very stupid for me and I had to ask people before I bought the car.

Saad Sarraj

I am a CyberSecurity and Ethical Hacking/Penetration Testing passionate. I am also a TryHackMe Top 1% CTF Player.

Leave a Reply

Your email address will not be published. Required fields are marked *