01
Clean the URL
Separate protocol, root domain, subdomain, path, and tracking parameters.
Check: Root domain and full URL are written separately.
Back to workflows
Domain
Is this website or domain suspicious?
A safe passive workflow for reading a domain, URL, DNS trace, and archive history.
Goal
Understand when a domain appeared, which public infrastructure traces are visible, and what can be stated safely.
Best for
Suspicious links, brand lookalikes, new websites, and first defensive checks.
Inputs
Domain, URL, Observation date
Steps
02
Read DNS and registration context
Check RDAP/WHOIS, nameservers, mail records, and visible DNS records.
Check: At least two passive sources are compared.
03
Check certificates and archives
Use Certificate Transparency and web archives for a short timeline.
Check: Archive time is not treated as publish time.
04
Write a limited finding
State visible traces, confidence, and what remains unknown.
Check: No ownership or malware claim is overstated.
Output
Domain profile, timeline note, visible signals, sources, and open questions.
Report line
Public records show visible domain and infrastructure traces; ownership, intent, and current risk still need separate confirmation.