Domain Dossier Investigate domains and IP addresses
 
user: anonymous [35.173.48.18]
balance: 45 units
  log in | account info
  CentralOps.net

About Domain Dossier

The Domain Dossier tool generates reports from public records about domain names and IP addresses to help solve problems, investigate cybercrime, or just better understand how things are set up. These reports may show you:

Domain Dossier normally gets records from their original sources at the time you request them, but it does keep copies in memory for up to 24 hours. Thus, if someone has already requested a particular Dossier, the records shown could be up to a day old.

Contents

Entering an address

To get started, simply enter one of the following:

You can also enter other identifiers, and Domain Dossier will act on the domains or IP addresses they contain:

Below the text box on the input form you’ll see checkboxes that allow you to select what sections you want in the report. We’ll describe those sections next.

Address lookup

Every Dossier begins with a DNS lookup for what you entered:

Upon success you’ll see three labeled results:

canonical name
This is the domain name that actually has IP address records (A or AAAA, if any) in the DNS.
aliases
This is a list of domain names that ultimately point to the canonical name. (A domain name can be an alias for another [the canonical name], having only a CNAME record that points to the canonical name.)
addresses
This is a list of IP addresses associated with the canonical name and the aliases. It may contain both IPv4 and IPv6 addresses.

The dossier will include both the canonical domain name and the first IP address found.

Domain Whois record

The Whois records for a domain provide information about its registration such as:

Domain Dossier displays Whois records for the longest registered domain that contains the domain you entered (or the domain associated with the IP address you entered). For example, if you enter www.example.com the Whois records will be for example.com, which is the domain that’s actually registered.

Domains often have two Whois records, one from the registry and a more detailed one from the registrar, and Domain Dossier will display both. It displays record text verbatim except that it removes bulky headers and footers when it can.


NOTE

Public Whois records may not contain registrant and contact information due to the GDPR or privacy services. You may be able to request such data through ICANN’s Registration Data Request Service, however. Read more.


Network Whois record

The Whois records for an IP network provide information about its allocation or assignment such as:

Domain Dossier displays a Whois record for the IP network allocation or assignment that includes the IP address you entered (or the first IP address associated with the domain you entered). IP addresses can have multiple associated Whois records, but Domain Dossier only displays the most specific one. As with domain Whois records, it will remove bulky headers and footers when it can.

DNS records

In this section, Domain Dossier retrieves and displays records from the DNS for several domains related to your input:

Some of these domains may be the same. The “owner” domain for each record will appear in the first column.

Domain Dossier gets these records using multiple queries, usually to the authoritative nameserver. It does not use zone transfers.

Traceroute

Traceroute shows the path that IP packets take from our server in Dallas, TX, USA to the IP address you entered (or the first IP address associated with the domain you entered). Each row in the table represents a hop—an IP router along the path—leading to the destination on the last row. The columns are as follows:

hop
The hop number, with hop 1 being the first router beyond our server—our default gateway, in other words.
RTT
Round-Trip Time in milliseconds. This is the time it takes for a packet to reach the router and be echoed back to our server. Each hop gets three tries and thus will have three round-trip times. If there’s an asterisk (*) in a column, it means that the request packet didn’t get a reply within 1 second. Sometimes you may see other errors in the RTT columns.
IP address
The IP address of the router or destination host that replied to the request packet. If none of the requests got a response, there will be no IP address to show for the hop.
fully qualified domain name
The domain name of the router or destination host that replied to the request packet. If one of the request packets gets a response and thus an IP address for the hop, Traceroute will attempt a reverse DNS lookup on the IP address to get a domain name. If that succeeds, the domain name will appear in this column.

IMPORTANT

Traceroute is not a way to discover the name or IP address of a hacker or spammer—it just traces the network path from one known address (ours) to another (the one you entered). The first address in the path is always ours.


Traceroute works by sending ICMP echo requests and listening for TTL-expired-in-transit errors and echo replies.

Service Scan

If you entered an IP address or a domain that resolves to an IP address, Domain Dossier’s service scan will try contacting six common services that might be running at that address: FTP, SMTP, HTTP, POP3, IMAP, and HTTPS. For each service that responds, Domain Dossier will show you the headers or banner that it sends. The service scan helps you understand what kind of server is at the address and what software it’s running.