On Friday, Senator Pauline Hanson said One Nation registered 46 websites as part of its campaign to oppose the Indigenous Voice to Parliament. We (@arielbogle @doctorworkman) found ~31 of them, many redacted and some owner details were suppressed at the weekend. OSINT THREAD~
About two-thirds of these sites are registered under the registrant name or registrant org as "Pauline Hanson's One Nation", "ONE NATION QUEENSLAND DIVISION INC." or under the typo "Pauline Hanson' s One Nation". Searching via conventional traditional will only a handful of sites
The first websites, confirmed by the Daily Telegraph, were voicetoparliament.com.au and ulurustatement.com.au. The owner details for these two are still visible, the other 29 were never made public or had disappeared in the past five days since they were registered.
Domain ownership is often the focus of a lot of my investigations, but it's become harder since the GDPR. Below is an example of information you can pull out from something as easy to use as viewdns.info. I've highlighted fields which are useful to me in this work: 
Results from Domain Research Suite (DRS) as of 20 minutes ago using the highlighted fields, have produced limited results: tools.whoisxmlapi.com/reverse-whois-…
This morning we found 11 sites with this method. Now it's two. If a domain owner redacts its details, they're no longer searchable.
This morning we found 11 sites with this method. Now it's two. If a domain owner redacts its details, they're no longer searchable.
Not ideal, but manageable when someone is trying to domain squat. We started running every variation of known sites. For example, our initial search found notovoice.org under PHON. Searching notovoice.net and notovoice.net.au provided a crucial finding
Despite both of these having most of their registrant details redacted, we found commonality in their creation timestamps as well as the state/province it was registered in. Both on August 2 and both in QLD.
Once we figured out the pattern, we started tweaking the URL through .net, .com, and .org. Then we started added .au until we finally arrived at ~31 domains. None of these domains have active websites yet. All our findings available in XLS form at the end of this thread.
This is rather basic #digitalforensics work. But some caveats:
- Different services might only update their database every day or longer.
- This is all current details. Historical ownership details can be expensive to pull
- We have asked PHON directly for all their websites
- Different services might only update their database every day or longer.
- This is all current details. Historical ownership details can be expensive to pull
- We have asked PHON directly for all their websites
Here is the final list where we've permanently archived our findings. If you spot anything interesting, please hit up @arielbogle @doctorworkman or myself. /THREAD
docs.google.com/spreadsheets/d…
docs.google.com/spreadsheets/d…
*searching via conventional services will only produce a handful of sites
• • •
Missing some Tweet in this thread? You can try to
force a refresh
