It started like most dark corners of the internet do - quietly, anonymously, and with a shiny new tech twist. Deepfucks[.]com, a website offering AI-generated pornographic videos of celebrities, quickly gained traction, drawing tens of thousands of views on each video.
While the site marketed itself as “entertainment,” what it really served was non-consensual deepfake content, hyper-realistic, sexually explicit videos using the faces of real people without their permission.
Thanks for reading! Subscribe for free to receive new posts and support my work.
But behind the slick interface and synthetic faces was a real person. And after deep digging, I found him.
Through a detailed OSINT investigation, I traced the site’s origin back to a single operational security mistake its creator made when the site first launched.
That error cracked the anonymity he relied on. What followed was the slow, methodical process of connecting dots, emails, domains, and social media breadcrumbs, until the identity of the person behind one disturbing AI porn platform came into focus.
This is the story of how I found him, what I uncovered, and why it matters.
Let the OSINT Begin
This is not the first or last misuse of AI for purposes of Deep Fake porn, but one of the known platforms.
The official website offers direction to social media pages of the “brand” – from Facebook, to Instagram, Twitter, and YouTube, all for the purpose of gaining followers and more views when new users come to the website.
I started digging into those social media for finding clues or references to contact methods, such as email addresses or phone numbers.
Only Facebook and YouTube contained a way to engage with the owner, by solving a CAPTCHA and getting an email address, but it was a generic admin email address, which wasn’t in any data leaks or yielded any results by Google Dorks techniques.
The website itself is registered with privacy restrictions, but... What if it wasn’t always the case?
I started to look at cached versions of the website by using WayBack machine, a viewed dozens of website changes, just for the chance one of them revealed a crucial detail, but nothing was found in this department either.
It’s Pivot Time!
Not for the first time, deep and dark website owners, cyber-criminals, and others who are doing “shady stuff” tend to make mistakes that will lead future investigators to the golden ticket.
OPSEC, known as Operational Security, is the art of hiding personal details that may reveal our identity and actions. One small slip, like using a real email, can blow their cover, especially when using the email address for other needs (personal ones) as well.
Olbricht, the founder of the notorious “SilkRoad” made this mistake, extremist groups fall for this, and hopefully other criminals will too in the future.
I started digging into historical WHOIS records of the domain. There were a few, but the last one, and ironically, the oldest record, revealed the first email address used to open this domain. An email address with the domain “larsersej.dk”, with direct association to the domain “deepfucks[.]com”.
Connecting The Dots
Once I got an email address, I started checking where it appears.
Investors and researchers usually counts on the fact the email address or phone number they found is used for personal usage too, a thing the increases the fact it
associated with personal social media accounts, password breaches and internet posts that may reveal extra relevant data. It was the case.
Using Google Dorks queries, I was able to find GitHub page with metadata that reveals the exact email address used to open the domain of deepfucks[.]com, with a full name of a person who claims he owns this email address. It was all in his official GitHub
profile, which also reveals his photo, his experience and other coding projects.
In the picture: direct connection between the name on GitHub to the email address he registered with.
Also, in his GitHub BIO there was a website address with the exact same domain of the email he opened Deepfucks[.] with.
The final stage was to find clues that would claim his current location if the authorities wanted to catch him.
His Google Maps account was abundant, and no hard techniques were needed here. His recent activity claims exactly where he can be found.
A Complete Intelligence Profile
Profiling the person behind the website reveals contact methods and his social
accounts, a thing that may assist the authorities and other intelligence agencies to engage with him when needed.
For this purpose and to maintain his privacy, all PIIs (personal identification information) is blurred.
Thanks for reading! Subscribe for free to receive new posts and support my work.
Interesting 🧐 read 👌
This is excellent