For this challenge we were tasked with finding the airport this soldier is standing at. The easiest approach to solve this challenge is to reverse image search it. Landmarks usually provide the best matches, so we went ahead and RISed the mountain in the back (as seen below).

The image of the Goma Airport provided a near perfect match. But remember, Verifying is everything in OSINT, so we went ahead and verified it with Google Earth.

As you can probably tell by now, this is the correct airport. Getting the ICAO code is just one google search away now.

Flag: `FZNA`

Company data is public most of the time, meaning we should be able to use a dork to find more information. We're looking for the company that was founded in 2018 with REDACTED being a registered officer of it. We converted the name to the latin alphabet as it usually yields better results and ended up with this dork:

"REDACTED NAME" + "company" + "2018"

which yielded both African Energy Investment LTD and AO Futuro LTD, with only "African Energy Investment LTD" being founded on the given date.

Flag: `African Energy Investment LTD`

Checking the other company from the last challenge (Part 2) we can see that it was founded on 19th of February 2013, which matches this challenge! 2-in-1 :)

Flag: `AO Futuro LTD`

Coming back to the page we found in part 2 we can head to the "People" tab, which lists all officers. As there was only one other officer than REDACTED, we can confidently assume that the other is the one we're looking for.

Flag: `******* ********` (7 chars [_] 8 chars)

We are tasked with finding a company named similarly to AO Futuro located in Malta that has a relation to REDACTED. Using this information we can craft another dork:

"AO FUTURO" + "malta" + "SURNAME OF REDACTED".

Multiple sources mention a company named "AO Futuro LIMITED" with a connection to REDACTED based in Malta. Looking for an exact match on google we can find an offshore leaks database entry.

Scrolling down to the officers we can see that there's only one female officer, the director & representative of the company.

Flag: `***** *****` (5 chars [_] 5 chars)

Another day, another dork, this time using the site and the provided name:

site:facebook.com + REDACTED_2

Surprisingly this dork only yielded one match, with it being www.facebook.com/SURNAME.PRENAME of REDACTED_2. This can only be verified to the extent where the approximate age and the country matches with the one on Offshore Leaks.

Flag: `www.facebook.com/SURNAME.PRENAME`

There was one address that had a relation to REDACTED_2 mentioned on Offshore Leaks. We decided to check that out on street view just in case and indeed, there it was.

Note: The flag is just the street name without any numbers.

Flag: `****** **** *****` (6 chars [_] 4 chars [_] 5 chars)

First of all we have to figure who owned the screeenshots.org domain. We can use any historical WHOIS tool for this, such as Whoisxmlapi. We can see that the name was redacted in 2022, but historical data shows that it was owned by a Ukrainian person.

Running a reverse WHOIS search with the name only returns a singular other domain, which does however have the .org TLD and therefore doesn't match. Running a reverse WHOIS on the email returns 7 results on the other hand, which includes exactly one .cards domain.

Flag: `dota2.cards`

We were given a Google Ads page that shows an ad of "LCK Investments LLC", advertising a casino website. Using this company name we had to find the ad with the least amount of countries. Looking for this name on the Google Ads Transparency center we can see that there are 3 ads.

Unfortunately there's no faster way than to manually go through all of them and check the regions. The first 2 were identical with the third one having a much smaller reach.

Simply extract the creative ID from the URL for the third ad.

Flag: `CR11259045643051597825`

We first have to figure out which companies are behind these websites. Daddyskins publicly lists MIXABIT LTD as the owner on their website footer. Casino Oasis isn't accessible at the moment, but google has indexed it before, so we can try to dork it. We used this dork to find the name:

site:casino-oasis.net + "LTD"

which yielded a few results, but only the company mentioned on their about us page is the actual owner.

Now we just have to compare the registered officers for TORIBIT LTD and MIXABIT LTD, which shows that they have the same secretary in common.

Flag: `******** ***********` (8 chars [_] 11 chars)

Using the name from the last challenge we can look it up on a website such as b2bhint.com, which shows approximately 43 results. Going through all of them there's only one company that matches 16/03/2023, which is DELTAPRIME LIMITED.

Flag: `DELTAPRIME LIMITED`

We know the company's name and location, which means we can look it up in a trademark DB (e.g. the EU's official DB). Searching for the applicant "DELTAPRIME LIMITED" shows 6 results, with the first one being filed on the 19th of December 2023 with filing number 018966079.

Flag: `018966079`

As company databases didn't return any useful results, we pivoted to google dorking the exact name. Multiple websites mentioned DELTAPRIME LIMITED being a paying agent of Fortuna Games N.V.

Flag: `Fortuna Games N.V.`

Dorking the name together with "Company registration" yielded a PDF of the Online Gaming License Registry of Curaçao published by the Curaçao GCB.

This means we can now look it up on the Curaçao company registry. The registry only shows one official with the role of "Statutory Director", which is another Curaçao based company.

Flag: `(SMES) Solutions for Management and Employment Support N.V.`

Same approach as part 5, look up the name on the Curaçao company registry and look for the managing director.

Flag: `****** ******** *******` (6 chars [_] 8 chars [_] 7 chars)

First of all, we'll have to find the 2 companies REDACTED_3 is associated with. Google dorking the exact name returns a DB entry on Offshore Leaks, which shows her involvement in 2 companies (Incomeborts Ltd. and Norgulf Holding Ltd.). Offshore Leaks has a visual graph which shows relations between companies & people, which is extremely useful in this case. 3 people share relations between both companies — REDACTED_3, a person with a Kazakhstani name and a third, presumably American person.

Knowing that there's only one individual with Kazakhstani origin, we can safely assume this is the person we're looking for.

Flag: `********** **********` (9 chars [_] 10 chars)

1. Locate ship name in the article - The Grinch
2. Search the IMO number for The Grinch ship (e.g. on Marinetraffic or Vesselfinder). → 9288851

Flag: `9288851`

Locate year built from any maritime website.

Flag: `2004`

Locate ownership information from a maritime tracking website.

Flag: `CUBE VENTURES SHIPPING SA`

Locate annulment info from business information/sanctions databases.

Flag: `2025-01-10`

1. Locate previous ship names due to new owners usually changing the name of the ship. → Previous name: CARL
2. Locate ownership history for the ship CARL. → UML Dorset Ltd

IMPORTANT: The IMO number does NOT change if the owner changes the ship's name. This is important because you can track the ship over time by using the unique IMO number.

Flag: `UML Dorset Ltd`

1. Locate legal documents from the UK Companies House charges register for UML Dorset Ltd.
2. Sift through documents for loan history. → Northern Shipping Fund III LP

Flag: `Northern Shipping Fund III LP`