a better archive for finding websites and information as it will find subdomains or related hosts for the url that you searched
can lookup social media and google maps
consider using spoonbill in conjunction with archive.is searches on Twitter, spoonbill technique (below) will let you see all a Twitter account’s profile changes over time
BUT it no keyword search tool
reportedly has less data than the Internet Archive
https://webarchive.loc.gov/ – The Library of Congress Web Archive is categorized and its content was deliberately chosen, therefore I think it is best to search for you subject matter before looking for a specific website. Alternatively, if you see your website-of-interest is archived there, look at its category so you can maybe find other useful sites. :
LOC is best used if you are looking for a specific subject. Go to the central page – https://www.loc.gov/web-archives/ – will let you search by subject, dates, locations, series, etc.
https://carbondate.cs.odu.edu/ – attempts to figure out when a website was created (consider using this in conjunction with whois history searches from previous post)
This posts lists out the current free resources available for obtaining history whois domain registration information. Be aware that these services will also let you search often by email or name of the registrant too
1 – WhoIsXMLAPI
The Domain Research Suite of WhoIsXMLAPI is currently the best bet.
See the post below from ToolsForReporters.com to read a walkthrough of the service. The main points are that you have to sign up for a free account, you will only get a limited number of searches, and you have to login and go to the Domain Research Suite in order to access the Whois History Search tool.
2 – Whoxy
Whoxy is also a great source that will let you run a few free searches. You may need to sign up for a free account at some point
This is a run through for how to document one new person and one fact about them in the free version of the genealogy software RootsMagic.
Short Version (without citing any sources)
If you want to just start building your family tree without worrying about documentation, getting started is very easy.
A.) Open RootsMagic,
B.) choose to open a new file,
C) choose a file name and place to save it,
D.) an empty family tree will appear, looking like the picture above,
E.) Double click where it says to “Add Person”, a window appears where you can type in any info about the person
F.) Now just click “OK”, a new window will appear asking you to source your information but you can ignore it and just click Cancel on the bottom right corner.
And then you are done! you have added a new person onto your family tree!
The process is basically three parts, A.) open a new file, B.) create a source C.) label one person on a family tree.
Longer Version (with how to cite your information)
In this example we have a named person, and we have one fact about them that we want to include on our family tree and cite where we obtained the information.
The person is a random “John Smith”, who’s date of death is documented in FindAGrave.com (see below).
So in order to document this information in RootsMagic, take the following steps.
1 – Open opening the software click on “new file”, then “Empty File”, and then “Documents”
2 – you will be prompted to choose a place to save the new file and what to name it. I default to choose the location as Documents and choose a random name.
3 – You will then be prompted with the following options. You can ignore and just hit OK, but to check LDS support and Family Tree Support (but that is for reasons that will be addressed in a separate post).
4 – Now you will be presented with an empty family tree and the spot for one unidentified person highlighted.
5 – In order to document a fact, then we first want to create a source for the fact. On the left side click on “Sources”
6 – You are brought to the page seen below. At this point, click on the plus sign on the top bar.
SIDE NOTE: Do not be confused by the “Edit Source” section on the right, especially since it says free form under source type. This gives the false impression that you can type sourcing information in there. But that section is only for editing an existing source. If you type anything in there it will not be saved because there are no sources yet that you could edit. So do NOT touch the section on the right, just click the plus sign on the top bar.
7 – Clicking the plus sign will bring up a menu of different source types as seen below. But for this post, we will just use Free Form for the sake of simplicity. So click on “Free Form”, make sure it is highlighted, and then click “Next” on the bottom right.
7 – A window pops up with different sections for inputing information about the source.
8 – Now input the relevant information into the source file. In this case we are just documenting the existence of a gravesite based on a webpage from FindAGrave.com.
At the very least, you should input 3 pieces of information.
a title (for example, “FindAGrave record for John Smith”)
information that you want recorded (for example, “John Smith”, “died in 1788”)
some kind of sourcing for the record, in this case i just pasted the url for the webpage listing the information
The final result looks like below. Then hit “ok”
9 – This returns you to the Sourcing page and now you see that a source has been added to the list.
10 – On the left side, click on “People” and you are brought to a page with a blank family tree and a spot for one unidentified person. Click where it says “+ a person”
11- A popup window appears where you can input information about the person.
12 – Input the name and date of death as seen below and then hit “OK”
13 – A new window appears where we can provide the source for the information that we provided.
14 – Next to each fact about the person, there are 5 boxes on the right that have pictures above them. In the line on top where it lists the name as John Smith, we click on the box to the right that is under the picture of a pen. (note that the same fact is at the bottom of the screen, but this is just redundant, feel free to ignore)
15 – After clicking on the box under the pen, the heading on the right side of the screen will change from “Person”, to “Sources”. Under the heading “Sources”, click where it says “+ Add source citation”.
16 – This brings you to a new screen where all of your sources are listed and you are supposed to choose the source that supports the fact (in this case the person’s name) that you have chosen. However, in this example you only have one source so it is automatically chosen and highlighted.
Now you click “Next” on the bottom right corner, followed by “OK”, then “OK”.
There are several companies and websites that make use of your personal information but they are required to allow you to opt out. Here is a list of the places and relevant links for you to find where your information is collected and opt out so that it cannot be used by these companies.
The following links will let you opt out of the major marketing data brokers selling your information
Do a Google search of “[insert credit card company name here] opt out of sharing my information”
You will likely be brought to a page that tells you that you need to actually call them and request to “opt out of sharing my information”. This is inconvenient but most companies make the process relatively convenient. As two examples, see the info below for Capital One and Discover
You can take your name out of Caller ID databases. You should have an account on your carrier’s website. When you log in you will see there is a name listed next to your phone number. If you have more than one phone on the same account there will be a different name listed next to each number. If you change this name it will eventually be reflected in caller ID databases. You can test by calling a phone that does not have your number in its contacts.
You can opt out of some of these offers if you:
Visit DMAchoice.org to create an account with the Direct Marketing Association (DMA) and decide which mail you want to receive from DMA members. There’s a $2 processing fee, which will cover you for 10 years.
Request to be taken off non-DMA mailing and marketing lists, such as those run by RetailMeNot and Valpak.
No Call Lists
You can register for the National Do Not Call Registry – donotcall.gov – which is limited in its effect but still useful
As a backup to the Do Not Call Registry, you can also go to No Mo Robo – nomorobo.com –
You may choose to simply google your name and see which websites show up in your results with your personal information and focus on those.
Remove Google Street Views of Your Home
1 -Go to Google Streetview and look at your home. (note that the address has been blocked out with red for privacy)
2 – Click on the three dots (circled here in yellow) and then in the drop down choose “Report a Problem”
This brings you to a new page where you can adjust the photo to center the red and black square over your home
You choose from a list of options what you want to blur (in this case we chose “my home”)
And then you have to input a justification, such as “I am concerned for my privacy”
Don’t forgot two more issues, the first is that even after you have blurred the one image, you can move down the street one space and turn and see the same house, so you have to blur the house from a few different locations and angles
Second, don’t forget about Google Maps’ time machine feature.
See the little clock on the bottom left
When you click on it, you will see the same location from different times in the past. You will also have to blur them individually.
You can often find good data from a website if you use a right-click.
Here is a quick example, below is a screenshot of a people-searching website. The results from a name search show that the website knows the person’s Facebook account, but you may have to pay for this info.
Instead, you can just right-click on the “Facebook” button and choose “inspect”
Now we see the publicly accessible coding that exists behind the website’s front facing page. A window pops up below showing the site’s coding and if we hover our cursor over a part of the code, we see that the corresponding part of the website will be highlighted so that we know what we are looking at. So you cannot see my cursor, but it is hovering over the highlighed part of the coding text that includes the word “Facebook” and now you see that this is the part of the code that tells the website to show the word “Facebook” on the screen.
What is more important is that 4 lines up from the highlighted line of code, you see a line of code that starts with:
<a class=”detail” href=
The term “href” signals that a link will follow it (In case you are curious, “href” stands for Hypertext REFerence)
As you see in the screenshot below, if we highlight the “href” line we see that it corresponds to the “Facebook” button on the webpage. So when the coding says “href=”, it means that the link in the button on the webpage screen will take you to the url that follows “href=”.
I you want to be overly literal about it, the code is communicating that the href is the location that the button takes you, so the code is saying that the href “=” (or “is”) the following url. Though I have obscured the full link, you see below that the link is for a specific Facebook account and therefore you now know the location of the Facebook account without actually haveing to click on the button itself.
This is just one example. You may notice that some company websites will have a page with photos of all of its staff members but you need to hover your cursor over a photo for the name and info of the staff member to appear. This is an increasingly common trend in corporate websites. If you encounter such a page, you can right-click and hit inspect. Doing so will bring you to the coding behind the website, which will include all of the info for each staff member, thereby allowing you to avoid the cumbersome process of hovering your cursor over each photo one at a time. This is especially useful if you are looking for a specific name.
If you find yourself needing to access, download, and manipulate (on your own computer) the data from a website (such as info on staff members), you can consider using the tool Parsehub. There is a great explanation of how you can use this tool even if you are a complete novice. See the guide “Saving time and rearranging websites” written by Samantha Sunne on ToolsForReporters.com (one of my favorite websites).
When researching an email account, you can use Data Breach Websites to find a variety of information such as, but not limited to, websites where the email registered an account, alternate emails / phone numbers, coworkers, and social media accounts.
This post explains what Data Breach Websites are and discusses several sites that are available as of May 2021 (these sites regularly disappear and then are replaced by new ones).
What is a data breach website?
Data breaches occur in almost any website and the leaked information is often posted on dark web forums or discovered elsewhere before ultimately being taken down.
Before that information is taken down, breach data websites will obtain the information, verify it, and identify which breach it came from. Data breach websites will let you search for your own email address and find out which breaches had your email address in them, as well as other information listed along with it. You can then request that the breach data website remove your data from their holdings.
If you are researching an email address that is not your own, it can be helpful to research it in one of these websites so find out more information about it. For example, if the email was listed in a data breach of account information for LinkedIn accounts, you will know that the email address is registered to a LinkedIn account.
It is important to note that data breach websites maintain deep web databases so you can only obtain their information by going to the site itself.
List of Websites
The following is a list of Data Breach Websites and the information you can search as an input:
Standard breach databases (haveibeenpwned.com, and breachchecker.com) will let you search for an email address and the website will tell you which data breaches had the email in them. The screenshot below is a classic example of search results. The email that was searched was found in two different breaches and the breach website gives an explanation of each breach.
EmailRep.io gives an overview of data on an email address that includes, whether it has been seen in breaches and the timeframe. This is a great place to start so you have an idea of what sort of information is out there.
See a standard set of results below
reputation – means likelihood that it is a legit, not spam email address
references – refers to the number of places the website has spotted the email, see below for more info on where the website gets its data.
blacklisted – self explanatory
credentials_leaked – presumably referring to a breach data leak
data_breach – gets right to the point and tells you if the email is in any breaches and the dates below are the earliest and latest dates of the breaches
valid_mx – refers to an mx lookup, which is basically a test to see if the domain of the email ( or website associated with the domain) is currently capable of hosting email addresses.
profiles – this is where it will list if the email is registered to a Linkedin or Twitter account.
EmailRep claims that it does not rely soley on databreaches but also uses “hundreds of data points from social media profiles, professional networking sites, dark web credential leaks, data breaches, phishing kits, phishing emails, spam lists…” etc.
The website also has a free api available.
Search More Than Emails
Some Breach Websites will let you search for other things in breach data. For example, leak-lookup.com will give you a limited number of lookups for free when you register and it lets you also search for phone numbers, IP addresses, Passwords, and Usernames. But in this case the results will only identify the data breaches. So if you search for an email domain, it will not show you the email addresses with the domain.
Intelx.io and Leakpeek.com will often give you limited access to the raw data from a breach. This is a great way to find new email accounts owned by the same user. This is especially helpful for finding the true identity of internet trolls who will often set up a “burner” email account for troll-like activities but there is often a link to their true email which could link to their true identity.
Companies will often store users’ data internally “hashed” or encrypted in case it is breached. When you see a random string of about 25 characters in a data breach, that usually means that it is hashed data. Depending on the kind of hash, it might be possible to decrypt it with Hashes.com. Just paste the string and hit the “Submit & Search” button.
Searching for email domains (at sites like phonebook.cz)will let you search a website domain for email addresses with the same domain. So in the example below, I wanted to research the website Snov.io so I searched for email addresses with the same name. This listed several work email addresses. If you click on one, it automatically opens a search for the email in intelc.io
Another site that can be used for this purpose is leakpeek.com. This website is notable because it will also let you search for email addresses by domain (though it will not identify the full email addresses) and because it will often give partial information from the breach itself.
Several websites provide information for only one data breach. They are usually only worth checking if you have other reason to believe that the email is located in that database.
Note that the breach for publicmailrecords.com, River City Media Breach, is unlike the other two breach-specific sites because this breach may appear in the results of a standard data breach website’s search. See the example search results above for a regular breach site, which indicates that you should look for the same email at publicmailrecords.com.
This post explains how to find a company’s employees by using publicly available OSINT tools.
A previous post explained how to find employees’ work email addresses for any company. That process simply required that you search for the company’s website domain in the tools Phonebooks.cz, Snov.io, and Hunter.io to look for email addresses that have the same domain as the company’s website. This process gave a list of work email addresses used by employees.
This current post will address how to identify the users of those email addresses in addition to other company employees as well.
Who Owns the Email?
Using the list of work email addresses that we gained from the aforementioned tools, we can identify the person that uses the email address. We start with the email username which will be a partial identification of the person’s name. Usually there will be an established pattern where “John Smith” working at “Fake Company” will be something like “jsmith@Fake_Company.com”.
AIHIT identifies company employees from corporate registrations, domain registrations, social media, company websites, and other sources. It logs each name and title and even continues to monitor its sources in case a new name appears on a registration and replaces an old one. For any company in a country with public corporate registries (like the United States) you can assume it will appear in this database.
We search for our company by name in the search bar and then in the results page we click on “people” and we receive a list of employee names, titles, and sometimes their work email addresses.
From here we can take an educated guess about who owns which email address. For example, you can see on the right that an employee named Alexander has the username “al” for their email address. From here we can search for the personal contact information for each employee using professional recruitment websites like Apollo.io, Contactout.com, and Rocketreach.co.
Professional Recruitment Websites
These websites have databases full of the names, titles, and contact information for employees of various companies large and small. The sources of their data are not clear. Rocketreach.co vaguely states that their information comes from “publicly sourced data,” and their leads are “generated by tying together 100s of pieces of data using learning algorithms”. What IS for certain, is that there are a lot of complaints by people on sites like Reddit and Trustpilot (see here and here) claiming that these sites are publishing personal contact information that was not intended to be public.
Professional recruitment websites have databases that are specifically built so that you cannot find someone by their name. Instead, you have to search using someone’s employer and title. Now that we have linked a number of work email addresses to a name, title, and employer, we can search for them in these websites. Note that these websites will require that you sign up for a free account if you want to see the person’s contact information.
Here we see the same employee on Apollo.io and the site offers to give you their work email and personal phone number if you get a free account.
And here on ContactOut.com we see the employee’s Gmail address is available
You can find more information about the employee by searching for their email address in Breach Data websites, which were explained in a previous post.
Some more tools below for searching random employees:
Aleph.occrp.org – and – littlesis.org – are good for random searches of an email, name, or phone number as they use a variety of unusual data sources.
Bearsofficialstore.com – scrapes LinkedIn and other sources, let’s you search by name or employer
The Social Security Death Index (SSDI) is an official list of American’s whose deaths were reported to the Social Security Administration. The SSDI is available online (though only included deaths after 1965) and can be accessed for free at FamilySearch.org, GenealogyBank.com, and Ancestry.com. See the URLs below:
The SSDI is a public database maintained by the Social Security Administration of US citizens who had received social security benefits (so not everyone but still most people in the US) and died after 1965 (when the list was computerized). This is a more or less comprehensive list of Americans who have died.
Genealogy websites often include this data in their repositories.
You can submit a Freedom of Information Act (FOIA) request to the Social Security Administration to request the information listed in the deceased person’s original application form for a social security card, which is called an SS-5. You will have to pay a fee of about $20. You can request a copy of the original document, if it is available, or a computer generated list of the information from the form (this is called a “Numident printout”).
This service was surprisingly fast, I submitted my request for a Numident printout and received a response in the mail 16 days later.
2 – in the next page, there is a drop down menu at the top where you choose which agency you are interested in. After you choose Social Security Administration a form appears for your SS-5/Numident request.
3 – Now you have to fill out the form, choose SS-5 or Numident, pay the fee, and hit “submit”
I requested a Numident printout and received my response in the mail 2 weeks later. Below is a redacted copy of what I received in the mail:
In particular, note the following pieces of information included in this response: