![Fixxx](https://pic-cc.com/data/avatars/m/0/110.jpg?1710675581"){kind=avatar}
- Joined
- 31.10.19
- Messages
- 749
- Reaction score
- 1,681
- Points
- 93
In this overview article, we will discuss how to identify a website owner using OSINT. The material is aimed at non-specialists, so we will start with the basics and then cover some less obvious methods that will help us find out who owns a particular web resource. Let's start with the fundamentals.
A website is a collection of web pages and associated resources that are accessible via the internet. Each web page within a site has a unique URL (Uniform Resource Locator) that allows users to easily find and access a specific page. Web pages are usually linked together by hyperlinks, which facilitate navigation through the site. Websites can be static or dynamic. A static website consists of pre-created web pages that remain unchanged for all users. A dynamic website is built on templates and databases, allowing for the generation of unique content and interaction with users.
Accordingly, the owner of a website is the person or organization that owns the domain name and/or hosting. Depending on their status, they can be either a natural person or a legal entity. The administrator of a website is typically referred to as the person or group responsible for managing and maintaining the site. They may perform tasks such as managing hosting, installing and updating software, backing up data, managing access rights and so on. The developer of the website is responsible for creating and programming the website itself. They work on coding, designing, implementing functionality, integrating third-party services and providing technical support. It's important to note that the administrator and developer of the site may possess significant information about its owner, as they have been involved in negotiations or contractual relationships with them. Thus, they are key figures leading to the owner of the website in question.
The first key to determining the owner of an internet resource is WHOIS. This is a protocol used to request information about the owner of a domain name or IP address from the registrar's database. WHOIS provides public access to information about registered domains, such as the domain owner, contact details, registration and expiration dates, as well as information about DNS servers. A WHOIS query can be performed through various online tools or command line commands by specifying the domain or IP address of interest. Results may vary depending on the policy of the specific organization managing domain registration.
WHOIS registration data may be hidden for several reasons. Firstly, due to compliance with the General Data Protection Regulation (GDPR) regarding the protection of personal data of owners. This restriction can be lifted within the framework of OSINT by using archived WHOIS records made before the GDPR requirements came into effect. Archived WHOIS records are available through the following services, as well as directly from domain registrars upon official request from a lawyer, law enforcement or judicial authority:
Again, back to the basics. Website hosting is a service that allows a website to be placed on a server so that it's accessible on the internet. When you create a website, all its content (text, images, videos and other files) must be stored on a server for users to access it. Hosting providers offer server space and other resources necessary for the website to function. They ensure a constant internet connection and server maintenance so that the site is available 24/7. Many hosting providers of various scales and specializations operate in Russia. Some well-known hosting providers include "Timeweb", "Beget", "Jino", "Hostinger", "Majordomo" and many others.
To find out where the website of interest is hosted, you can use several methods. For this, online tools such as HostAdvice, as well as specialized systems designed for researching network infrastructure (like "SpyderFoot" and "Maltego"), can be helpful. You will need to enter the URL of the site or its IP address and the service will provide information about the hosting provider. Additionally, you can use the "ping" command. Enter the command ping example.com (replace "example.com" with the name of the site you are interested in). Next to "Pinging" or "Reply from", you will see the IP address, which you can use to determine the hosting provider using services like MaxMind. Finally, you can use DNS lookup services. You will need to enter the URL of the site and you can obtain information about the hosting provider from the DNS records.
Check the website for sections like "About Us", "Contact" or similar areas where the owner's contact information may be provided. This could include details about a legal entity (especially in the privacy policy and terms of service), email addresses, phone numbers, registration addresses, links to social media groups or channels and payment details, including cryptocurrency wallet addresses. Sometimes, the website may not have an "About Us" or "Contact" section at all. Often, the contact page is simply removed from the menu but remains on the resource, making it invisible to users. In this case, you can try to search for hidden sections using the sitemap, which is created for search engine bots. This is an XML file that lists the paths to the pages. To open it in a browser, type the direct path domain.com/sitemap.xml. Finding contact information published on the website can be facilitated by the following services:
Keep in mind that over time, contact details and content published on the website may have changed. To view archived versions of websites, you can use the following services:
For these purposes, you can also use cached versions of the website through search engines like Google (for example, using the advanced search operator cache:domain.com) and Yandex (the "Saved Copy" option in the context menu of the found website).
Email addresses are typically created following a common pattern: info@domain.com, admin@domain.com, support@domain.com, contact@domain.com, office@domain.com, etc. You can replace the domain in the address with the one you need and create an advanced search query in Google, such as site:domain.com + info@domain.com | admin@domain.com | support@domain.com | contact@domain.com | office@domain.com. Google will find all web pages with those addresses and display them in the results. Before sending an email to a potential website owner, it's worth checking the email address, as it may be inactive or non-existent. To verify, you can use an invisible SMTP request that allows you to check its activity and obtain other technical information (such as details about the mail server being used).
The relationship between different websites can be established by identifying matches in the owner's name (through services like Whoisology, Phonebook, 2IP), contact details (phone number or email address), as well as by the IP address of the website's location (using Mxtoolbox, Cy-pr, Hackertarget, Osint.sh). Generally, such connections can be automatically established using specialized software products like "SpyderFoot" and "Maltego" which greatly simplify the analysis.
To analyze links, you should find websites that link to the domain name of the site we are studying (Backlink Checker). This can be done using an advanced search query link:domain.com as well as specialized services like Majestic, Moz and Ahrefs. Website owners often place links to their site in their profiles on forums and social media and they may also order articles about themselves to be published on specialized platforms. Frequently, in posts and comments, administrators provide email addresses for potential clients or their personal details. Examine the links and the context in which the resource is mentioned. This can become another key to de-anonymizing the owner of the website we are analyzing.
Websites may use advertising identifiers and counters for various purposes, such as traffic analytics, monetization through advertising, content personalization and targeted advertising. To detect these, you will need to open the page's source code (Ctrl+U) or use the following services:
Identifying the owner of a website through OSINT involves a combination of various techniques and tools. By utilizing WHOIS databases, analyzing hosting information, examining website content, and exploring connections with other sites, you can gather valuable insights into the ownership and management of a web resource. Happy hunting!
What is Website?
A website is a collection of web pages and associated resources that are accessible via the internet. Each web page within a site has a unique URL (Uniform Resource Locator) that allows users to easily find and access a specific page. Web pages are usually linked together by hyperlinks, which facilitate navigation through the site. Websites can be static or dynamic. A static website consists of pre-created web pages that remain unchanged for all users. A dynamic website is built on templates and databases, allowing for the generation of unique content and interaction with users.
Who is Considered the Owner of a Website?
Who is Considered the Owner of a Website?
Accordingly, the owner of a website is the person or organization that owns the domain name and/or hosting. Depending on their status, they can be either a natural person or a legal entity. The administrator of a website is typically referred to as the person or group responsible for managing and maintaining the site. They may perform tasks such as managing hosting, installing and updating software, backing up data, managing access rights and so on. The developer of the website is responsible for creating and programming the website itself. They work on coding, designing, implementing functionality, integrating third-party services and providing technical support. It's important to note that the administrator and developer of the site may possess significant information about its owner, as they have been involved in negotiations or contractual relationships with them. Thus, they are key figures leading to the owner of the website in question.
I Have a New Website. Who is it?
I Have a New Website. Who is it?
The first key to determining the owner of an internet resource is WHOIS. This is a protocol used to request information about the owner of a domain name or IP address from the registrar's database. WHOIS provides public access to information about registered domains, such as the domain owner, contact details, registration and expiration dates, as well as information about DNS servers. A WHOIS query can be performed through various online tools or command line commands by specifying the domain or IP address of interest. Results may vary depending on the policy of the specific organization managing domain registration.
Here is a list of popular WHOIS services:
- https://whois.domaintools.com/
- https://whoer.net/checkwhois/
- https://www.iana.org/whois/
- https://lookup.icann.org/
- https://whoisology.com/
What to do if WHOIS Data is Hidden?
What to do if WHOIS Data is Hidden?
WHOIS registration data may be hidden for several reasons. Firstly, due to compliance with the General Data Protection Regulation (GDPR) regarding the protection of personal data of owners. This restriction can be lifted within the framework of OSINT by using archived WHOIS records made before the GDPR requirements came into effect. Archived WHOIS records are available through the following services, as well as directly from domain registrars upon official request from a lawyer, law enforcement or judicial authority:
- https://drs.whoisxmlapi.com/whois-history/
- https://www.whoxy.com/archive.php/
- https://osint.sh/whoishistory/
- https://whoishistory.ru/
How is the Hosting Provider Involved?
How is the Hosting Provider Involved?
How to Identify the Hosting Provider?
How to Identify the Hosting Provider?
Obtaining Contact and Other Information from the Website
Obtaining Contact and Other Information from the Website
Keep in mind that over time, contact details and content published on the website may have changed. To view archived versions of websites, you can use the following services:
For these purposes, you can also use cached versions of the website through search engines like Google (for example, using the advanced search operator cache:domain.com) and Yandex (the "Saved Copy" option in the context menu of the found website).
Some services for this purpose include:
To search for embedded documents and databases on the website using advanced search operators (dorks), you can use the following types of queries: site:domain.com filetype:xls (this should reveal all publicly accessible xls (Excel) files on the site). You can also search for documents in other formats (doc, ppt, txt, etc). Additionally, pay attention to dorks like site:domain.com filetype:log (which reveals publicly accessible logs) and site:domain.com filetype:csv (which reveals publicly accessible databases). Be attentive to files (documents, photos, videos and audio recordings) on the website. They often contain metadata. The metadata of photos and documents includes information about the file, such as creation date, author, camera (in the case of photos), resolution, geographical coordinates (if geolocation was used) and other details that can be used for identification and classification of the file. You can use Metadata2go to extract and view the metadata of documents. Some documents on the website may be hidden. To find them, type the direct path in the address bar: domain.com/robots.txt. In this file, website owners specify which files and folders they want to exclude from search engine indexing. There may be old pages containing personal data or photos listed there. Many use their servers as cloud storage and may store personal documents there. Typically, the robots.txt file is located in the root directory of the site.
Tracking Connections with Other Websites
Tracking Connections with Other Websites
The relationship between different websites can be established by identifying matches in the owner's name (through services like Whoisology, Phonebook, 2IP), contact details (phone number or email address), as well as by the IP address of the website's location (using Mxtoolbox, Cy-pr, Hackertarget, Osint.sh). Generally, such connections can be automatically established using specialized software products like "SpyderFoot" and "Maltego" which greatly simplify the analysis.
Analyzing the Link Profile
Analyzing the Link Profile
To analyze links, you should find websites that link to the domain name of the site we are studying (Backlink Checker). This can be done using an advanced search query link:domain.com as well as specialized services like Majestic, Moz and Ahrefs. Website owners often place links to their site in their profiles on forums and social media and they may also order articles about themselves to be published on specialized platforms. Frequently, in posts and comments, administrators provide email addresses for potential clients or their personal details. Examine the links and the context in which the resource is mentioned. This can become another key to de-anonymizing the owner of the website we are analyzing.
Studying the Technologies Used on the Website
Studying the Technologies Used on the Website
Websites may use advertising identifiers and counters for various purposes, such as traffic analytics, monetization through advertising, content personalization and targeted advertising. To detect these, you will need to open the page's source code (Ctrl+U) or use the following services:
- https://urlscan.io/
- https://pulsedive.com/
- https://themarkup.org/
- https://pagexray.fouanalytics.com/
Conclusion
Conclusion
Identifying the owner of a website through OSINT involves a combination of various techniques and tools. By utilizing WHOIS databases, analyzing hosting information, examining website content, and exploring connections with other sites, you can gather valuable insights into the ownership and management of a web resource. Happy hunting!
