I’m pretty sure every longtime Internet surfer has had a craving, at least once, to find out who the author of a particular website is. A likely motivation is to expose someone who ripped off a “friend of yours” online or track down a black PR crew that’s slandering a company – in fact, there can be lots of different scenarios.

The desire to find those people and perhaps hand them over to law enforcement is perfectly understandable, but there is one nontrivial snag – how do you actually hunt down the villains? The “Contact us” page on most of scam sites usually provides nothing but fake details.

Of course, this objective is a piece of cake for certain authorities that have unrestricted access to special forensic resources, but unlike you, they won’t bother doing it to help a “friend of yours” sort out their problem. This is both your weakness and your power at the same time. With a strong desire and plenty of time on your hands, you may be able to do a lot of interesting things and get some impressive results.

I will make hardly any references to specific services in this article. They are easy to find if you know what to look for, and they can turn out to be more effective than you could ever imagine.

1. Human error can leave some breadcrumbs behind

This one boils down to a simple speculation: the shenanigans were done by a person or a group of culprits, and people make mistakes. Well, there are high-profile cybercriminals out there, but this isn’t always the case. A “friend of yours” may have been targeted by professionals, meaning that those people have a background of doing similar things for a reward. If you are persistent and meticulous enough and if you get a little bit lucky, you’ll find the traces of their past activities along with new mistakes they made.

2. Obvious things are sometimes not as obvious and important and small details

First of all, you need to scrutinize the contents of the website. Have a look at what they write, who they write about, whom they endorse and whom they criticize, who they make references to or advertise, and whether there is any private information. All the different how’s, where’s, and why’s, along with the language and vocabulary used, will give you some important clues regarding the authors’ skills, motives, and customers who pay them for what they do.

If you are a linguist – good for you. If you aren’t, it’s no big deal. A bit of ordinary logic and attention to detail can suffice for effective de-anonymization. The author’s style, punctuation, narration, text structure, and favorite words can speak volumes about them. Additionally, if you manage to spot some unique patterns and look them up in search engines, you can obtain way more data.

Keep in mind that penmanship isn’t reflected in text only – it can also be discerned in “technical” elements of the website, including the footers and specific hyperlinks.

It can be extremely effective to analyze source code fragments. Unfortunately, major services like Google (News - Alert) don’t allow for source code-based search. However, there are alternative search engines, but they are gradually fading away and don’t feature nearly as complete indexing as regular search providers. By the way, be sure to run a Google search for “site:domain name”.

3. The universal truths

Even elementary school students know what an IP address, domain name and the “whois” service are, therefore identifying website authors should be a more creative process than that.

Yet, given a domain name, you have to check the following:

• IP address of the site.
• Domains registered with this IP address.
• Registrant details (first and last name, company name, email, phone number.) You can later locate cell phone by number.
• Other websites with the same registrant data.
• Other resources used by the DNS servers.
• Mail exchange (MX) details. Furthermore, not everyone uses VPN services. Some people may forget to enable VPN and give away their actual IP address when responding to emails. Detailed instructions can be found on VPNBrains.com.
• Verify the information via search engines and social networks.

When analyzing the list of websites using the same IP/DNS, look for similar ones by name, niche, theme, and design. Admins often use the same hosting service for different websites – perhaps out of laziness or in pursuit of saving money – thus making it easier for you to find other resources made by the same webmaster. If the creators realize the risk, though, then your odds are pretty scarce.

Speaking of IP obfuscation through anti-DDoS services and identity concealment via “Private Person” attribute, that’s actually a problem. You may still be able to get around it using Google and the Codeby service.You

There is a fairly broad choice of applicable resources. These include official free services and search engines, open-source data integration tools, and paid services that cost a pretty penny to use.

4. History, sir, will tell lies, as usual

If you are dealing with an old resource, a “whois” history lookup can help you a lot. At the dawn of the World Wide Web, as we know it, would-be criminals used to register domains with their real identity information. Therefore, some services – paid ones or not – will output the owner’s entire background, including their actual mobile numbers and email addresses.

However, keep in mind that the site might have been sold, handed over, or re-registered. If so, you may chase down the wrong guy. In other words, once you obtain the person’s details, be sure to double-check whether they could have possibly caused trouble to a “friend of yours”.

One of the latest trends gaining momentum in the western world is the new data protection regulation known as GDPR. It tangles information retrieval about an individual significantly.

Of course, you shouldn’t underestimate website history when performing your reconnaissance. Archives and cached versions of the site might work wonders.

5. The only thing people need from each other is confirmation of love rather than love itself

Let’s suppose you have found some other suspicious site, but how can you verify that it was made by the author you’re looking for?

Coining numerous absolutely different websites is what only well-paid paranoids do. Therefore, it won’t hurt to check the original and every supposedly related site for the CMS, plugins, modules, fonts, themes, design styles, and pictures used. This isn’t the ultimate source of information, but the totality of matches should help you gauge the credibility of your hypothesis.

6. Poverty is not a vice

It isn’t indeed, but when combined with stupidity and greed, it becomes a major cause for screw-ups. For instance, some people don’t bother purchasing a new SSL certificate for their website. In that case, a few mouse clicks in the browser will reveal a bevy of interesting facts.

7. To understand recursion, you must first understand recursion

Let’s say you have spotted sites that really resemble each other by a number of properties. Now, scrutinize their contents and go back to tip 1 – keep on looking for mistakes and giveaways. At the end of the day, you will collect a data set that will allow you to de-anonymize the scoundrels. That’s a whole different story, though.

Finally, don’t forget that the offenders are likely to have done the same misdemeanor to someone else before. Chances are that a predecessor of a “friend of yours” has already unearthed their identities, punished them and posted the results online. In this scenario, all you need to do is find that readily available data.