Case Study: The Script That Outlived Its App
A Shopify Plus store redirected shoppers to scam pages while scanners reported it clean. The cause was an orphaned app script loading cloaked malware.
Read Details
A Shopify Plus store redirected shoppers to scam pages while scanners reported it clean. The cause was an orphaned app script loading cloaked malware.
Read Details
A Melbourne optometry practice’s Wordpress site took around twelve seconds to become usable on mobile. With no staging, a redesign already in progress, and a live ad-campaign landing page that couldn’t go down, I made reversible, measured changes that cut server response by 70% and halved the page weight, then tested one ‘obvious’ deeper win thoroughly enough to correctly defer it to the redesign.
Read Details
A digital-marketing agency hired me to document a Google Ads Manager Account (MCC) takeover that was already cleaned up. The investigation had never been done, so we rebuilt it from the logs and found the real root cause: a terminated employee’s account that was never disabled.
Read Details
Two WordPress sites, built by an outside freelancer and then quietly controlled through administrator access that was never revoked. One was stuffed with gambling spam; the other carried a file-manager backdoor. The owner didn’t even have an account on one of his own sites.
Read Details
An established watch brand’s Shopify store was blocked by Avast and AVG as dangerous. It looked like a hack but a full forensic audit found no compromise and traced the blacklisting to the brand’s own ad campaign and an abandoned tracker.
Read Details
An aged-care provider’s WordPress site kept reinfecting after prior cleanups, with gambling spam and Search Console hijacks returning. The cause was database malware, two backdoors, and a stolen admin credential.
Read Details
A medical billing company’s cold-email campaign damaged its domain reputation so badly that ordinary one-to-one client emails vanished into spam. Untangling it took sixty days of mail logs, a five-test placement study, and a signature that was secretly impersonating a phishing attack — while revealing an active impersonation campaign nobody knew was running.
Read Details