The Netherlands is the most OSINT-friendly country in the world. And now also one of the easiest countries in the world to investigate. Why? Because everything is structured, standardized, and publicly documented. I made a page and a couple sub pages of resources where I cover nearly every public register or starting point. https://www.cultrodistro.com/nederland The subpages cover Anti Money Laundering-Compliance, Politically Exposed Persons and Governance. Due to the original Dutch names of the registers, the page appears Dutch. Use your browser to translate if necessary. 📚 1. Public Registers Everywhere The country runs on high-quality public data: - Basic Registries (addresses, buildings, land, companies, property value) - Chamber of Commerce (companies, foundations, political parties) - RDW vehicle data - BIG medical register - Financial regulators (AFM, DNB) These form the national OSINT backbone. 🏯 2. Clear Government Layers Dutch governance is simple and consistent: National → Provinces → Municipalities → Water Authorities → Agencies Each layer publishes decisions, subsidies, and FOIA releases (Woo). 🚰 3. Extreme Transparency Council documents, open-data portals, spatial plans — the Netherlands documents everything. If you know where to look, you can map entire ecosystems in minutes. 🙏 4. Start With Yourself First check what the system exposes about you: business data, vehicles, land records, property, registrations. Understand your own footprint → you understand everyone’s.

Scam emails aren’t random. The recipient fields already tell you a lot. 📥 TO, CC & BCC Explained TO: You’re the main target Your email is openly listed. They contacted you directly. CC: Everyone can see each other If strangers are CC’d, it’s a bulk blast from a scraped or leaked list. BCC: You don’t appear anywhere You’ll receive the email, but your address won’t show in To/CC. Classic sign of mass phishing campaigns. If you see “To: (empty)” or the sender’s own address → you were BCC’d. 🔍 How to Track Where Your Email Leaked ✔ Plus Addressing Use aliases like: name+amazon@… name+instagram@… If spam arrives on that alias → you know exactly who leaked or sold it. ✔ Have I Been Pwned Check if your email appeared in a breach. Turn on notifications so you get alerts immediately. ✔ Email Headers (advanced) or click: “<> Show original” in the menu with the three dots if you use G Mail. Look at return path, server, and SPF/DKIM/DMARC. If it doesn’t match the claimed sender → scam. We’ll take a deep dive into this in an advanced E-mail course. What can you do moving forward? 🛡️ Protect Your Inbox - Use aliases or +addressing - Turn on HIBP alerts https://haveibeenpwned.com - Unique passwords + app-based MFA - Don’t click links! Open sites manually

Your Phone Number Is the Most Unique Identifier You Own! You might think your picture/face, name, email, or IP address gives you away. Wrong. Your phone number is the single most persistent, unique, traceable metric about you online. You change emails, usernames, locations, even devices, but your phone number? Most people keep it for years, sometimes decades. That makes it an OSINT goldmine. And that’s where PhoneInfoga comes in. I’ve made instructions on how to use PhoneInfoga in a Cloud Shell. If you’re unfamiliar with a shell the best way to start in with Google Cloud Console. I’ve linked a video about that as well. 📞 What Is PhoneInfoga? PhoneInfoga is an OSINT tool that allows you to investigate a phone number using publicly available information. It doesn’t hack, exploit, or brute-force, it simply gathers what’s already out there. With PhoneInfoga, you can: • Check which country the number belongs to • Identify the carrier / line type • See if the number appears in breaches • Scan search engines for footprints • Find connected (social) accounts or metadata • Perform reconnaissance without alerting the target It’s one of the fastest ways to understand who is behind a number, or how exposed your own number is. https://youtu.be/27Pb5g7bEAA?si=VDe-x6xRGaaBa7jj