This domain is a synthetic indicator of compromise for a public OSINT case study.

What this is

login-portal-secure.com and account-verify-secure.net are two domains registered to the pseudonymous brand nullphase for use as synthetic IOCs in a published case study. The case study walks a synthetic phishing-operator deanonymisation end-to-end against a fabricated operator using these domains as the seed artifact.

Both domains park here. Neither has MX records, mail infrastructure, A records pointing at anything operational, or services configured. No credentials are collected. No tracking beacons fire. The page you are reading is the entire surface area.

Why the names look like phishing

The seven-step methodology in the case study needs a seed artifact that plausibly reads as phishing — believable bait domain, believable reply-to, believable display name — so the walkthrough from seed to attribution exercises the same primitives an analyst would use on a real ticket. Inventing the names entirely defeats the demonstration; using a real operator's infrastructure is not ethical. The compromise: register two domains that look like phishing, never weaponise them, and publish that fact prominently.

Foothold OSINT

Foothold OSINT is the publishing brand. The full case study lives in the Foothold OSINT playbook — a methodology-first reference for security analysts who need to deanonymise attribution work without leaning on commercial data brokers.

• footholdosint.com — the publication
• footholdosint.com/playbook/ — playbook overview + free chapter download
• footholdosint.com/about/ — about the pseudonym + methodology

If you're a security researcher

If you are reviewing this domain for a takedown, scoring, or blocklist decision: treat the infrastructure as inert. No takedown is needed — the domains are registered to a legitimate operator for a legitimate, disclosed purpose. If you want to confirm authenticity, the canonical reference is footholdosint.com/about/.

Reach: hello@footholdosint.com