Collect basic information about domain

IP address lookup, whois records, dns records, ping, traceroute, NSlookup.

Find out what technology was used to create the site: frameworks, javascript, libraries, analytics and tracking tools, widgets, payment systems, content delivery networks etc. 

Get a list of sites belonging to the same owner (having the same Yandex.Metrika and Google Analytics counter numbers, as well as other common identifiers)

Find sites with the same Facebook App ID

Map subdomains

Looking for email addresses associated with the domain or subdomains

Download Meta

Download documents (PDF, docx, xlsx, pptx) from the site and analyze their metadata. This way you can find the names of the organization’s employees, user names in the system and emails.


Use Google Dorks to look for database dumps, office documents, log files, and potentially vulnerable pages.

Looking for old versions of the site in archives and caches of search engines (sometimes in this way you can find addresses and contact information of the owners, which are currently already hidden from the site).

Find out the approximate geographical location of the site

Source for more Info:

Source for more Info: