In Part 1 of this topic, we saw how the so-called “Contact Path”—branches of investigation that stem from the registrant contact information in a Whois record—can often lead to the identity of a person or organization of interest. But sometimes the contact information is either fully privacy-guarded or is false data that leads to dead ends. In today’s blog, you’ll learn an additional set of tricks that can often move things forward; A branch of investigation we’re informally calling the “Network Path.”
You will recall that our imaginary investigation began with the Whois record for a domain of interest. Step 1 of the Network path is to try checking Reverse IP for the IP address associated with the domain. If the number of sites on the IP address is very large, then the site is hosted by a big hosting provider, and this method may not be helpful. But if the number of other sites is low, then it’s worth checking those sites—there is the possibility that they are related to your target domain, which a quick look at the sites themselves can reveal. It may be that one or more of these other domains can also yield contact information via Whois. This can provide additional branches for your investigation.
If Reverse IP doesn’t get you any closer to your target, Step 2 is to try doing a similar analysis of the name servers for your target domain. As with the IP address, if the name servers have only a few other domains (rather than hundreds or thousands), then there’s a higher probability of affiliation between the domains, and one of the others could yield useful information. A Reverse Name Server Lookup will show you those domains. And Hosting History shows you previous name servers for each of the domains—so your search is not constrained to the present day.
The Network Path can be used by itself, or in conjunction with the Contact Path, to establish connections between domains and to pinpoint the people or organizations behind those domains. Some of the world’s biggest names in cybercrime and fraud investigation use these paths every day to track down and stop criminals all over the globe.
The difficulty of a puzzle can be thought of as the gap between the available information at the beginning, and the information—or cogitation—required to solve it. Your investigations may not require all of the steps we’ve looked at here; but when you’re starting with a small fragment of information, the path to the answer may be a complicated one. DomainTools strives to push our customers’ success rates as close to 100% as possible, and we believe that our tools and data will get you closer than any other resource you can find. We hope you agree!
Director, Product Management