4 Tools to Investigate a Domain Name with OSINT

A website’s domain name could possibly be your most valuable asset if you are investigating or researching a digital company or entity. I’ve put together 4 main tools for open-source intelligence use that has helped me the most. Generally, before I even start digging deep into a case the first thing I check is domain name histoy, ownership and activity. All these tools are free, although some have ‘freemium’ options. If you don’t have a domain name to begin your research, read our article on OSINT examples that draw from usernames, aliases, and emails instead.

1. SecurityTrails.com Historical DNS Lookup

I’ve been using SecurityTrails for years, and it’s my go-to for a domain lookup. In addition to historical DNS lookup (everything from A records, nameservers, and TXT records), it’s subdomain lookup feature and reverse NS/IP lookup is probably the best currently on the market. Best of all, it’s free if you create an account. I get great use out of SecurityTrails’ products and if it’s in your budget, it’s worth upgrading to a paid account. Otherwise, an unpaid account should be fine.

4 Tools to Investigate a Domain Name with OSINT
SecurityTrails historical DNS lookup for OSINT domain investigations

2. VirusTotal Domain Lookup

I followup with SecurityTrails’ data with VirusTotal’s domain data. VirusTotal offers the same features as SecurityTrails, but often I find that it has more data when analyzing subdomains and reverse IP lookups. As with SecurityTrails, you can get away entirely with a free account with VirusTotal. Using these two tools mutually together can help you fill in some gaps in data you may be missing.

4 Tools to Investigate a Domain Name with OSINT
VirusTotal for subdomain research and reverse IP lookups

3. The OSINT Swiss-Knife: Archive.org WayBackMachine

I’m adding this one onto the list just to as a reminder: Archive.org is one of the best tools that exist for OSINT investigations and research. I’ll dedicate a seperate post detailing all of the WayBackMachine’s potential uses and features, but the archive database alone can give you what you’re looking for.

Tip: Make sure you look at archive data for subdomains or related domains that you’ve found from VirusTotal or SecurityTrails.

4 Tools to Investigate a Domain Name with OSINT
Using Archive.org Way Back Machine for OSINT research

4. Domain Search Engine Cache with Google AND Bing

Often, many people simply forget that Bing exists. But it does, and it’s search database doesn’t refresh as often as Google. That’s good for researchers (bad for website owners), because old web pages going years back could be sitting on Bing and no one knows. The same goes for Google, simply use the operator: “site:domain.com” and click the organic result and click the cached page.

4 Tools to Investigate a Domain Name with OSINT
Google cache is great for OSINT, but don’t forget to use Bing for looking up cached websites!
4 Tools to Investigate a Domain Name with OSINT
Alexander Hatalahttps://alexanderhatala.com/
Alexander Hatala co-founded Custom Design Partners, a digital strategy firm in Jacksonville, Florida. Combined with his 15 years of experience in digital tech and marketing, Alexander offers a unique perspective in the OSINT field. Currently, Alexander is the lead digital forensics consultant for a licensed investigative agency.

Recent Articles

Leave A Reply

Please enter your comment!
Please enter your name here