Our weekly hack for those in the field doing the work & digging up critical intel.

The ability to uncover information on the internet is the primary skill of an online investigator. There are hundreds of thousands of surface, deep, and dark websites, but which are most pertinent to your unique case? Do you know how to utilize Google to its full potential?  With new social media platforms coming online at a rapid pace, capturing leads and evidence in social media networks is more complex than ever. Do you know the latest tools of the trade?

Hg’s OSINT Tips of the week provides you with the latest intel how to be most effective in our tradecraft. We are always looking for new tools, so don’t hesitate to let us know if you  have one you’d like reviewed in a future post!


This week, we provide a list of resources useful in domain searches and geolocation investigations.


The common domain search only allows individuals to search by domain name. However, Whoxy for Whowas is a domain search engine tool that allows people to search for domain information by owner name, company name, email address, or a domain keyword. A search using any one of these filters will show all domains linked with the information you provided. Once the domain you are searching for is located, the Whois record will show information such as when the domain was registered, contact information of the registrant, administrator, and technician involved with the Website. Whoxy can provide these results in both an XML and JSON format.

GEOLOCATION: https://www.maxmind.com/en/home

MaxMind IP geolocation data and services provide a way to trace internet visitors instantly. GeoIP can determine the city, postal code, region, country, and area code of an individual on the web. GeoIP also provides connection speed, ISP, company name, domain name, longitude/latitude, and whether the IP address is a satellite provider or anonymous proxy. GeoIP states, “We employ user-entered location data from sites that ask web visitors to provide their geographic location. We then run millions of these datasets through a series of algorithms that identify, extract, and extrapolate location points for IP addresses.” This model may present an issue with accurate data, since the results are based on information entered by an individual; however, GeoIP can be used for fraud screening, ad-serving, firewall/ spam protection, web analytics, and anti-phishing/anti-identity theft applications.

GEOLOCATION: Whatismyipaddress.com

Received a threatening email? Need to trace back the origin of an electronic communication, and you know enough to trap and trace the Internet Protocol (IP) address? If you are confused where to get that IP address from, and exactly how to go about it, What is my Ip Address offers great page by page instructions about how to decipher and locate IP addresses from various systems, and then how to trace them back. The instructions are very user-friendly, and the free tools are robust.


Have an OSINT tip for us? Contact us, and we will consider reviewing it in future posts! 

OSINT Training

Hg OSINT TRAINING OPPORTUNITY: Online Social Media Primer, 300 minutes 5 CEUs

LIVE Webinars: August 2 @ 2:00 pm – August 30 @ 3:00 pm EDT

How well are you incorporating social media into your cyber investigations? No worries—we all start somewhere! This online social media primer details the treasure trove of riches social media offers to an open source investigator. With just a few mouse clicks away, leads can be discovered, facts challenged, and game changing details can be unveiled—all in support of a case!

This introductory primer series will teach you why to use these platforms, how to crack them, where to look, what nuances and leads you need to chase down, and how they are all interrelated. We’ll also discuss how to capture content per service, so you can present it in your reports. Each webinar covers a single social media platform and its specific details. Platforms to be covered include Facebook, LinkedIn, Twitter, Instagram, and Reddit.