Investigate domains, DNS, infrastructure, and ownership signals.
Begin with WHOIS and DNS visibility, then pivot into infrastructure, hosting history, and reputation signals.
Use this page as a working sequence, not just a list. Start broad, preserve volatile evidence, and corroborate before reporting.
Record target values, search terms, timestamps, and the first source that produced each lead.
Move from identifiers to related accounts, infrastructure, images, archives, or records only when the link is explainable.
Save screenshots, archive URLs, and keep original source links before pages change or accounts disappear.
Avoid single-source conclusions. Confirm important claims with independent tools, dates, and source types.
Open with the strongest domain intelligence sources to establish ownership, records, and core infrastructure quickly.
Open-source self-hosted web archiving platform that preserves URLs, pages, media, and evidence in durable formats such as HTML, PDF, PNG, WARC, and JSON.
Internet-wide search interface for hosts and certificates with large-scale host, service, and virtual host coverage plus API access.
Then widen into IP, hosting, and URL analysis tools to trace relationships, changes, and technical dependencies.
SecurityTrails provides domain and DNS intelligence, including historical records and infrastructure correlations for online investigations. This resource supports WHOIS research, DNS history analysis, and infrastructure mapping.
Whoisology provides capabilities for WHOIS research, DNS history analysis, and infrastructure mapping. A searchable cross referenced database of current and historic domain name ownership records.
ViewDNS.info offers DNS, IP, and domain lookup tools for pivoting across infrastructure during OSINT investigations. This resource supports IP attribution, network reconnaissance, and infrastructure analysis.
DNS History is an OSINT resource for domain and infrastructure intelligence. It supports WHOIS research, DNS history analysis, and infrastructure mapping.
Central Ops provides capabilities for WHOIS research, DNS history analysis, and infrastructure mapping. Free online network tools, including traceroute, nslookup, dig, whois, ping, and our own Domain Dossier and Email Dossier.
Domain/IP lookup is an OSINT resource for domain and infrastructure intelligence. It supports IP attribution, network reconnaissance, and infrastructure analysis.
SingleFile helps you to save a complete web page into a single HTML file. SingleFile is a Web Extension (and a CLI tool) compatible with Chrome, Firefox (Desktop and Mobile), Microsoft Edge, Safari, Vivaldi, Brave, Waterfox, Yandex browser, and Opera.
Use supporting tools for supplementary evidence such as reputation, snapshots, and deeper technical context.
File, URL, domain, and IP analysis platform that aggregates antivirus engines and other signals for malware and infrastructure investigation.
Before turning this workflow into a finding, make the chain of reasoning easy to audit.
Quote or summarize the source output and keep the original URL.
Record collection time, page timestamps, and archive timestamps separately.
State the investigative relevance and whether it is direct evidence or a lead.
List independent corroboration and note any uncertainty or gaps.