In this Quick Tips blog post (yep, that’s a thing now), I’ll be showing you a couple additional (and quite useful) functions of my favorite WHOIS Lookup site, and hopefully adding a little something new to your ever-growing OSINT methodology.
Much like my desire to stay in college, this blog is going to be over just about as soon as it starts.
Disclaimer/Warning: WHOIS records can be falsified, outdated, and in the case of things like common names they may not even be same person you’re investigating. Stop saying “I learned it from the internet” when you get in trouble for not exercising your own critical thinking skills 🙂
Performing a WHOIS lookup can be a pretty hit-or-miss tactic in OSINT investigations, let’s be honest. These days, it’s becoming exceedingly rare to find useful contact information in a website’s historic WHOIS records (though you should always check). Unfortunately for those of us hunting for digital clues, the use of privacy-guard features are pretty much the standard when you register a domain now.
You can’t escape your digital past though, and my favorite site to perform WHOIS history searches to find those OPSEC mistakes is Whoxy. A lot of you are probably familiar with the site already, but did you know it offers more than just a query using a domain name? Have a look…
Clicking the dropdown menu next to the search field on the top of the page reveals multiple options.
Searching by a person’s name is possible:
Click the drop down menu and select “Owner Name” before typing.
There are lots of places on the internet you can be searching the name of your target, from search engines to social media and everything between, but when was the last time you checked to see if the name you’re interested in comes in as registering a website? Selecting “Owner Name” from the dropdown and typing in a name will search for a match.
Searching by a company name is possible:
Click the drop down menu and select “Company Name” before typing.
Investigating a business? Good chance they’ve got some kind of web presence, and that can mean registering domains! A tip here, since you do not know how their company name will appear, you may need to try a number of variants based on what you’re seeing in other business records to find just the right search terms.
Searching by an email address is possible:
Click the drop down menu and select “Email Address” before typing.
Next time you find yourself with an email address, either work or personal, why not give Whoxy a try and see if there’s a website registered with it? You just never know, maybe your clever online criminal forgot about that time he registered a domain back in the day using his gmail, which you cleverly discover using this trick and then pivot over to captures of his old website on Archive.org to amaze your coworkers!
Searching by a domain keyword is also possible:
Click the drop down menu and select “Domain Keyword” before typing.
This one is by far my favorite! Think of how much we love using the inurl: Google search operator to look for keywords or phrases in URLs Google has indexed, and then think of just how much is being missed when we do that search. Domains that no longer exist, webpages with directives asking Google not to index them, domains who didn’t have any web pages on them at all but maybe had other uses, like email services running on them. Well, the “Domain Keyword” lookup is one hell of a powerful tool in those cases. Does your target have a username? Search it! Do you know their real name? Run it! Do you know their business name, telegram group, club name, or something else unique to them? RUN THEM ALL! Any of those things may appear in a domain name that Whoxy has some data on. The only thing limiting you here is your own creativity.
That’s it! That’s the blog. I sure hope this sparked some new ideas for you, and next time you’re doing OSINT research, remember… go beyond WHOIS!
You ever wonder who’s on the other side of one of these emails?
Well I did, and although it seemed like an impossible feat at the time, I decided to take a swing at exposing the fraudster on the other end of the line and see what kind of end game they had in mind for me, their hapless and less privileged victim. What resulted was a wild OSINT and social engineering ride I’ll never forget!
To start off, I take a moment to define a goal. While things may change as we move along, at the outset I know that I want to elicit information from the scammer that may help me identify them in real life. Ok great, how do I do that? I need to think of the kinds of people the scammer expects to engage with when he or she is successful. Not very savvy? Perhaps unwise about technology? Maybe greedy? I’ll definitely need to play a role in order to accomplish my goal and I figure the more I act like like what they’ve experienced from prior victims, the more likely it is that I might draw something out of them.
How will this all go? Well I don’t know quite yet.
Although I am almost completely certain that I’m dealing with a freshly created throwaway email address, I can’t just assume they’ve not made some kind of mistake and not do the research on it. So I check all the usual boxes to start: run the email through breach data tools, https://haveibeenpwned.com, https://emailrep.io, Google, check the username portion in https://whatsmyname.app, etc etc etc. If you’ve spent any time doing OSINT work, you know those angles quite well, but if not, I would encourage you to check out my prior blog on pivoting off an email address HERE.
All of that was a bust, as expected. Now I know I’m going to need to start the active engagement at this point, so I fire up the VM, open a sock-puppet Gmail, and get to work. I’m not going to email them back from my work account and expose anything about me so this will be done under my favorite alias. (Bonus points to anyone who recognizes where the name Tommy Gemcity comes from) Hint: It may be spelled differently than the actual origin.
So I’m basically cold-emailing them from a new account they’ve never seen before, but given the fact that I’m sure they spammed countless email addresses in their quest for a victim, I doubted they’d notice at all. I was right. You might also notice my email signature where I’m actually taking a stab at (harmlessly) phishing them right back. The Treasure Hunter’s Club? Does that sound interesting enough to click on the link in my signature? If it did, their IP address would be instantaneously captured before they were redirected to a completely normal and harmless website I’ve pre-programmed to be the final destination. How you might ask? There are a number of sites and tools who shall remain nameless, that can help you set something like this up and may even let you choose from some pre-made URLs or use a link shortener to help make your IP-grabbing link look just a little bit more legit. (Blah, blah, don’t break laws, blah, blah, don’t violate policy, blah.
Now I will admit I started out a bit greedy here, and at this early stage of the game, our adversary was too wise to click on my tricky signature link. Let’s carry on.
A few days pass, and I receive a reply with good news! All they need in order to transfer my millions is: my full name, my address, my phone number, and a copy of my passport or ID. AMAZING! Suddenly though, I get cold feet. You see, I’m a little leery about giving out my information online. Or so I say…
I’m hoping that my need for reassurance will result in the scammer giving me something I can work with. Let’s see what they come back with…
BRILLIANT! Turns out they had some concerns about me as well, but I’ve now proven myself the worthy recipient of this “legal and risk free” fortune, which is coincidentally my favorite kind of fortune! Let’s have a look at these OFFICIAL documents:
Now I’m no bank fraud investigator but I could tell these documents were authentic right when I noticed they used at least 6 different kinds of fonts. And while I’ve never actually seen what kind of paperwork you have to do when you drop that kind of coin in the bank, I definitely image there being lots of stamps and signatures, so check and check! Looking good to me! [rolls eyes]
The scammers are still waiting for my personal information, so I oblige, providing them with the address and phone number for the largest apartment complex in the United States and of course a link that will take them directly to the web page of Google files, while conveniently grabbing whatever IP address they might be using at the time. Yes, I’m trying that trick again. What have I got to lose?
I’m really starting to wonder though… what is their end game here? It can’t be just simple identity theft, can it? Perhaps more will reveal itself as we carry on.
As you can see, I’m being passed off to a new and much more official sounding email address. I will fast forward over this part of the story because it involves multiple email exchanges with them assuring me they are ready to transfer the money but need my ID photo, and me fumbling through various reasons why I can’t manage to attach a simple JPG to my email, trying to keep them on the line to expose something useful.
But in the meantime, something amazing happened… they clicked the link!
I’ve got an IP address to work with! Of course, I’m not holding my breath that this is going to be someone’s actual IP and not one of the zillions of easily accessible VPN IPs available to literally anyone with even the slightest ability to Google, but I’m still going to check…
I see that the Internet Service Provider (ISP) is Orange, from the Ivory Coast area in Africa, and I check it in several tools like https://maxmind.com, https://ipinfo.io, and https://dnslytics.com to see what they can tell me. All say Orange is the ISP, general area is Abidjan in Cote D’Ivoire, and now I’m seeing it’s negative for VPN/proxy/TOR/relay. This is looking really promising!
One other thing I like to look at for someone’s IP is a site called https://iknowwhatyoudownload.com, which checks for torrent download and distributions. In many parts of the world, this is still popular and while it might not offer me any value in terms of identifying someone, I can use this to get a sense of whether an IP might be from a VPN or not by looking at the volume. Many VPN IPs, when checked through this site, will reveal a very long list of torrents (often X-rated), that would be more than a typical household would consume on its own. In this case, the IP in question had just a handful of results for some TV shows, not what I would expect from a commercial VPN IP.
You might be saying to yourself, “all of this is great, Griffin, but it’s not getting us any closer to identifying someone!” You’d be right. Without a legal order or some kind of special access, finding the person behind that IP isn’t going to happen. Or is it?
You see, we have one hail mary left to throw here, and its our good old friend breach data. I call it a hail mary because it has only worked for me a handful of times over the years with IPs due to a number of factors around how they can be changed as well as the move to IPv6 from IPv4, but it’s still something worth checking. As it turns out, this IP address HAD been part of a data breach, and it was connected to someone’s account. Someone we’ll call “PB” from here on out.
This is (potentially) great news! I say potentially because there are a ton of asterisks that should accompany information like this. For one, it does not put this person behind the keyboard in my situation. For another, we do not know if this IP address from the breach is still with this person. The list goes on, but for the moment we’re going to call “PB” a person of interest and see where things go.
Now we get to the fun part, OSINT! We’re working with an email and a name, and we want to see who this person is, what they’re about, and where they are in the world.
Finding a foothold in this person’s online life was a challenge at first, because they do not go by their (presumed real) “PB” name in social media handles, they go by a version of what I will call “Bright Man”. Here’s a little tip for you… I was able to locate a Facebook profile for this person by letting Google do the work for me, creating a Google dork to view results indexed from Facebook specifically that included parts of the “PB” name in the URL. Something along the lines of site:facebook.com "TERM1 AND TERM2". You see, a lot of Facebook users may start out an account using their full name, and then adjust the display name to something new like Mr Bright Man did, but they never change the URL (yes that’s a feature). So when John Smith starts a Facebook account at facebook.com/john.smith and then changes his display name to Jethro Gibbs, well his URL will remain unchanged. I can’t even count the number of times I’ve found someone’s Facebook account by just trying firstname.lastname in the URL, try it out sometime!
OK, so Mr. Bright Man is merely a person of interest here, and may very well be unrelated to the scam so I’m going to blur him out, but I will say he had quite the online presence to explore:
I was also able to gather up several phone numbers and email addresses from clues left in his online posts and videos, as well as determine roughly where he lives by geolocating a few of his YouTube videos. So now I’ve got a decent handle on who this person of interest is, should that become helpful down the road.
All the while I’m researching Mr. Bright Man there’s still one question burning in my brain… what is the scammer’s end game? Obviously, scams are for money, but so far the worst thing they’ve tried to do is get a copy of my passport, address, and phone number. Could they monetize that? Sure. Is it more work than just getting me to send them money somehow? Yup.
And just then, the answer finally arrives in my inbox. It’s a bit small to read in the picture below, so let me just spoil the surprise for you now… it’s an advance fee scam. I’m being advised that the account holding my $4.6M is a “suspense account” which requires reactivation by way of paying a fee before they are able to release the full funds. I am offered two options: 1 reactivate the account and claim the very substantial interest accrued for the fee of $1260, OR reactivate the account and forego the accrued interest for a smaller fee of $860. Classic!
What kind of a money-hating idiot would turn down hundreds of thousands of dollars in accrued interest just to save $400 on fees? NOT THIS SOON-TO-BE MILLIONAIRE!! Sign me up for that $1260 fee right away please and thank you very much!
Is this the end then? That’s really all there was? Well, no. I’m not ready for this to be over. Much like Ted Lasso, I know the end will come eventually, but I won’t let myself think about it being over until the last possible moment. Goldfish memory!
I’m going to take one more stab at getting information from the scammers and see where it leads. If I assess what’s happened, I know they want me to send them money, I know they must have a way to get that money, and I know that their banking information may reveal new clues for me, so I press on. I’m ready to send the money, just tell me where…
Ah crap! Thomas Smith??? That just screams obviously fake.
But wait.
Aren’t they expecting me to send them money to this account? So that means they intend to get it. There must be more to this that what I though. Maybe Thomas Smith is actually a real person. Maybe Thomas Smith is a victim as well! You see, there’s this thing called a money mule, essentially a middle person usually uninvolved in the actual scam who facilitates movement of the funds involved. In some cases they are tricked, in some cases coerced, and in other cases they may actually get a cut of the money for performing services like cashing out and sending the balance elsewhere. (Work from home job scams anyone?)
I need a plan. Finding a Thomas Smith somewhere in the world is going to be impossible without some other kind of information, so I play the helpless, bumbling victim angle in hopes of gaining something I can use. I tell the scammer that my bank won’t allow me to transfer the money despite my best efforts, but let them know that I do have access to PayPal and Venmo instead if only they’d be willing to provide an email address or phone number for me to look up their account. But will they fall for it?
More has been revealed! Let’s get to work on finding Mr. Smith, and seeing what he’s all about. First, we check the PayPal profile using the search by email feature of the mobile app and see what appears.
A face! It’s a start, and we still have the email. If you’ve read any of my other blogs, you know how much I love the https://epieos.com tool for researching email accounts. In this case, I find that the email is connected to a Google account for Thomas, and that Thomas has left a number of reviews of businesses in a fairly tight geographic area.
Using Thomas’ very common name, and some of the names of towns near the area where he left those restaurant reviews, I start hitting the Facebook advance search feature. Combining his name with various town names, it doesn’t take me long to find an account with a face that looks remarkably similar to the PayPal I was referred to by the scammer.
Success!! As I look more into Thomas’ life, I realize that he’s most certainly not someone wrapped up in an international wire fraud scheme, he’s most likely an innocent victim himself, either being preyed upon or compromised in some way. I’d like to see if I can locate his contact information or residence now, because I have every intention of passing him off to local authorities who can help him. I return to his online life in order to gather more information. Part of what I do is read the many different business reviews Thomas has written looking for clues, and I discover one for a church. This particular review leads me to believe that Thomas is very active at this church and I wonder if their social media may have other photos or information about him.
Bingo! I read on and find other posts mentioning him, explaining his background, and listing his family members including his wife by name. This is more than enough information for me to hit some people search sites like https://truepeoplesearch.com and begin researching the addresses. I locate an address that appears to be current, but just to be extra sure I Google for the County GIS portal in order to research property tax information on the property address. You’d be surprised how many US Counties have these kinds of sites and searches available.
Just the thing I was hoping for. Thomas and his wife are both still listed on the property, and through the people search sites I was able to gather information for them as well as locate additional social media. More than enough information for someone to make contact with Thomas and help him out of the situation he may stuck in. Elder scams are sadly quite prevalent, and often extremely detrimental to their victims who can unwittingly lose large sums of money in a short period of time before even realizing something is not right. My hope for a happy ending here is that someone can help Thomas, and I know just the folks to do it.
My findings get packaged up into a report, and despite the fact that I never actually proved that Bright Man was behind the scam, I provided more than enough information to the authorities to demonstrate what was occurring and compel them to at least help Thomas. This was all delivered to a friend at a US agency who deals specifically with these types of crimes and who happened to have a fellow agent and friend right in Thomas’ area that would follow up.
Wow, what a journey that was! By playing the part of a clueless victim, I was able to take a run of the mill scam email, elicit potentially identifiable information from a person or persons halfway around the world, and by utilizing OSINT I was able to put together a significant amount of intelligence on a person of interest, and most importantly identify and lead authorities to a likely victim who may have really needed help. I’d say all in all that’s a pretty impressive result!
Thanks for sticking with me till the end. I hope you enjoyed the story, maybe picked up a few things, and most importantly became just a little more aware of the dangers lurking out there online.
This blog serves as a companion post to my talk at the 2022 National Cyber Crimes Conference called “Advanced OSINT: The Art of Pivoting” The conference audience is law enforcement and prosecutors, but even you OSINT super-gurus catching this blog version online might find something of use hidden inside, so read on!
While this will still serve plenty of value for those who did not attend the talk, it is a companion post after all, so this will not be my usual in-depth guide to a topic… caveat emptor! (even though it’s free) Bonus: if you’re reading this before the talk you can always decide to skip it and go watch someone much better!
And here’s the dessert before the meal, the workflow diagram I made to visualize what is probably more like a spaghetti-string trash patch floating in some remote corner of my head.
organized chaos, I swear.
This approach to investigating is centered primarily around Open Source Intelligence techniques, however, in the setting of the NCCC talk there are portions directed specifically towards those who would have subpoena powers.
Within the world of investigations into missing, exploited, and trafficked children specifically… you often don’t start with much information. What I’ve experienced though, is that in many cases you can at least find yourself with some combination of an email, a phone number, or a user name. This can be the case in other types of investigations as well, so there’s a little something here for everyone in the crime-fighting world, no matter what’s your case du jour. For the purpose of this talk, we’re going to break down several aspects of my more common approaches to working an email address.
Now, if you’re wondering to yourself what you can really do with just an email address, you’re probably not alone.
An email address these days can be a vital part of ANY investigation. People keep them for years and years, connect them to accounts, devices, and more. They often name them in a way that makes them useful in finding other types of accounts, and if you’re one of those folks in the crowd with the power to compel companies to produce data by way of a court order… well an email might just solve your whole case. But what can OSINT do here? When you have many other options as a police officer, prosecutor or the like, why care about what’s possible online? Well, the answer is pivoting of course! A simple email address can open an entire world of other places you can look for information on your victim, suspect, or person of interest. You can pivot from one information source to another using the common linking points, and the investigation might just break wide open.
This was the case for one such investigation I’ll outline in the talk (but not share the details of out here on the internet), where a teenage girl went missing in the middle of the night from her home, leaving her devices behind, and the traditional approaches to locating her had failed, despite significant quality efforts by the investigating agency. For this case, I used a person of interest profile provided to pivot through online accounts on several platforms, solidifying an identity, which led to police making contact. The POI ended up having a vital and previously unknown piece of information that immediately led to the rescue of that child… 28 hours away from her home.
So, as I prepared for this talk I started thinking about what my approach is for working with an email, and much like the first time I was married, I realized I didn’t have stuff on paper like I wish I had. I went to work writing it all down, and quickly realized I needed to refine this down quite a bit to something a little more manageable. What I ended up with is the workflow diagram, which breaks down the key components of what I’m typically trying to do with an email. Once again, not meant to be exhaustive, just representative of some things I would typically do.
First thing… I’m generally either validating it or researching it. From there I’m either finding it in use, connecting it to something, or finding mentions of it or something related to it. It’s a constant process of finding and flipping over rocks. Simple, right?
As you can see, the research side of this chart is heavy. Sorry about my brain, I get a little carried away when I get to thinking of all the ways I can dig into something. After some editing, what I tried to do here was break the email down into 3 parts and then focus on some of the main things I would do with each of those parts: the username portion, the domain portion, and the whole email. Each of these 3 things can take you on very different paths to finding new information you can pivot onto, but each of them offer a variety of options to explore.
The username portion of an email one of the most commonly leveraged pieces of information in OSINT research. Usernames follow us everywhere, and typically have some level of consistency across different platforms and timeframes. If I’m GriffinTheHandsome on Instagram, I might also be GriffinTheHandsome on Twitter (don’t take those). Of course a bunch of people smarter than I figured out ways to automate this type of search and create push-button solutions that save us time, and look in up to 2500 websites in one shot! In this talk I’m outlining some of these useful username tools & sites:
Each of these offer different benefits over one another. My preferred web-based username search is webbreacher’s whatsmyname.app. It’s clean, easy to use, has well-constructed output options, and is always growing. As mentioned for some of the other sites, you may want to check for things like a website that is the username of your focus and some of those sites do that for you. You may also want to make quick adjustments to the text you’re searching (like going up or down a number if there is one), and a site like instantusername lets you do that while the results change on-screen without the need to resubmit. I recommend getting familiar with each and what they offer. If you’re a command-line tool fan, I’ve dropped a few of those in as well, Maigret being the one that checks the most sites (roughly 2500 total they say). However, I would caution you that before you jump in those CLI tools, you get familiar with the code and its creators, and make sure that is in line with your governance and policy.
Summary of a couple ideas we’ll cover for usernames beyond the traditional research: -Using multiple search engines: Google, Bing, Yandex, Duck Duck Go, Regionally Specific SEs, etc. -Using advanced search operators & time frame filters to refine your results. -Searching for mentions or links to known account URLs.
Next up is working with the whole email. If you aren’t familiar with https://tools.epieos.com by Sylvain Hajri, well then get out from under that rock because you’re in for a treat. Sylvain’s tool takes an email address, and using a process that used to be incredibly manual, finds an associated Google profile with some very pivotable information. (Tip: Even a non-gmail account, if linked to a Google profile, will produce the account.) In many cases, the person will have a profile photo (investigative topic for another day), their user-generated name, and the photos and reviews they’ve left on Google. When you’re talking about pivots, this tool has opened so many doors for me since its inception I’d say it’s probably one of my most used resources on a daily basis. The tool also incorporates a web version of Megadose’s HoleHe, which checks to see if the email is in use on more than 100 sites across the internet. (CLI version of that available at https://github.com/megadose/holehe)
We’re also covering the good ole contact exploit using an Outlook email (outlook.live.com) to expose a connected LinkedIn account. Just add the email you’re looking for, open their contact card, and check the LinkedIn tab!
Ok, in this next section we’re getting a little dicey. We’re talking about “account knocking”, which is basically going to a site and pretending you are the account owner and need to reset your password, in order to see what information (often heavily redacted) will be shown to you that potentially exposes other data points or helps to confirm something you may already have. This is a grey area, and I’ve written about it before here:
Most likely you haven’t read it (except you mom, I see you!) but it’s worth a few minutes to consider the legal and ethical implications of doing something like this, not to mention the potential risk of exposure or tip-off. Do your homework before grabbing this tool off the shelf folks! Great power, great responsibility and all that. Tip! In one section, I give an example of how knocking a utility company account can produce different results when starting with different pieces of information, and even how some utility sites allow you to check for service at an address, letting you know an account could possibly exist for your focus subject who lives at that location. Stuff like that can be extremely valuable when you’re talking about a time-sensitive investigation and need new places to look for information.
Finally, we’re onto the domain portion of the email. For our purposes in this talk, that has been sub-categorized into two parts: provider domain (think emails with @yahoo.com) and owned domain (think emails with @hatless1der.com).
If you’re working with a provider domain, this is the part where you can be glad that you’re a subpoena-wielding person of the law, because that’s what you’re going to want to do. From the OSINT side, options are somewhat light beyond what we’ve covered, but you can try account knocking again (if that’s acceptable for you) to see if the knock on the account offers a backup email option to pivot onto, or perhaps try swapping out whatever domain you have for another commonly used one. For example give [email protected] a try instead of [email protected] and run some of these processes back on the new one you’re testing. You never know, I might have GriffinTheHandsome through a bunch of email providers, providing all new leads!
When you’re talking about an owned domain, that’s where we can start to really have some fun! If we’re looking at something like [email protected] where the domain is perhaps owned/controlled by your investigative focus, or their employer, or something of that type… there are a number of options to work with. I’ll break this next section down by topic so we can understand the approach to each part:
Who hosts the email service? Ok, so here’s another one for you law enforcement folks out there. You may need to track down the email hosting provider to see where to send all that lovely paper. Many sites will tell you this information, but the two I’m showing are builtwith.com and mxtoolbox.com/mxlookup.aspx. I like them both for different reasons beyond just finding providers, and MX Toolbox offers a variety of other email tools including a headers analyzer that comes in handy at times. (Spammers make mistakes too) Speaking of spam, keep in mind that using these sites to find the email provider from an MX record may not always lead you to the ultimate source, for example you could be seeing the spam filter in front of what you’re really trying to reach. For the most part though, great place to get you going in the right direction.
WHOIS & WHOIS history. This is where we try to find out who owns a site, or perhaps who owned it in the past looking at what is called WHOIS. Keep in mind, this can be populated with fake or intentionally misleading information. Recently, I was researching the WHOIS for a site made to smear a person in a powerful position, and the registrant information was also that person. Of course that was intentionally false information, not even I’m that self-deprecating! Anyway, many options here but my favorite go-to is whoxy.com, which offers a look at current WHOIS records, but also has a robust database of historic records. While most sites nowadays seem to hide behind private domain registration or hosting services, you’d be surprised at how often a site wasn’t sent up that way in its infancy. If you owned elonmuskwillneverbuytwitter.com and registered it under your own personal information with no type of privacy safeguard in place… well, hiding it now so you won’t look stupid really won’t help, because as Abraham Lincoln famously said “Stuff on the internet is forever.”
What other domains have been registered using an email address with the same domain you’re researching? For example, if you’re working with [email protected], what sites out there have been registered by someone using a @hatless1der.com email address? Turns out there’s a place to search for that! viewDNS.info offers a reverse WHOIS lookup box, and that box will accept the @domain as a search term, giving you for example, all the data they’ve found where someone using an @tesla.com email registered a site! Shout out to webbreacher once again, for demoing this on an old OSINTcurious stream.
Is there a site hosted there? By whom? And finally, is there even a website on that domain? I could spend a whole day talking about what we could do to break down a website into delicious little investigative nuggets, but for the purpose of this talk we’re really just interested in who is the host. Again, I’m talking to the cops and prosecutors in the room who would want to track that kind of information down. A simple site to look this up is hostingchecker.com. One quick search and bada-bing, you now know that grumpycat.com is hosted by SEDO GmbH and off you go.
Now, if you’re reading along at home, you’ll notice I skipped a number of things on the chart, this was simply due to lack of time. A number of research tactics as well as the entire validation section is still sitting there waiting for you to print it all off and chuck it straight in the garbage. Actually, I’m hopeful that the viewers, listeners, and readers who are truly interested in learning more about growing or refining their own approach, might take the time to look this over in detail and see what else they can explore. I hope you had fun, maybe picked up a few new ideas or re-remembered some old ones. I could probably follow this up with a more in depth write up, but let’s be honest, no one reads blogs anyway. (except you mom, I know you’re still here!)
