A member asked in this thread for some due diligence help with a site they were looking to buy.
So I decided to do a sort of a case study in the hope that it will serve as a guide to others in his position.
The site for sale was listed at Flippa and was for the domain twitrbackgrounds.com
Here's my shot at what you can research about a site based on just the domain name. This follows loosely from these website due diligence guidelines.
I meander off in different directions and don't necessarily take shortcuts in this post because I'm trying to demonstrate different tools/methods.
Do a WHOIS search. For this domain we get the following key details:
Person and company the domain is registered to
Their contact phone and fax numbers and email address
The date domain was originally registered
The date the domain expires
The Name Servers (NS1 and NS2.THEPLANET.COM)
Already, interesting facts emerge:
The domain is only a few days old
The owner is not hiding behind a privacy registration
The contact email address tallies with the email address the seller is
using for communication (that builds trust)
Double verification is available that you're dealing with the right person (via the phone number - call and ask to speak with Robert)
Any, or most of that information may be fake.
The Admin Contact is sometimes different to the tech contact
The address may not be a real postal address but just a fly-by-night "accommodation address" (so don't be lulled into a false sense of security)
The company may not exist
If you're using Domaintools for the WHOIS enquiry you'll have tabs offering you a "Site Profile", "Registration", "Server Stats" and "My WHOIS". Within a few seconds I discover stuff that I'm going to be finding later with other tools but I do notice that the Profile says that many of his images don't have alt tags. I don't take much notice of the Links and Alexa information provided here as backlink strength and traffic frequency can be better determined by other tools I'm using later. What I do notice is that the registrar is GoDaddy - convenient as it's free to open an account with them and they can "push" domains from one client to another within seconds! The server stats tell us it's an Apache server, the IP is 184.108.40.206 and it's located in Texas. None of it may seem particularly relevant at this point but something like the IP may prove pretty useful later. For example, it could be blacklisted in spamhaus as a major source of junk mail.
I note the expiry is some way away. If it were dangerously close to the transaction date I would insist the seller renew the registration himself for another year to avoid complication at transfer. Why did he register for just a year? Did the owner suspect this wouldn't be a profitable, long term venture? Hmm. Maybe. This experienced-people.net domain is a new domain but I'm in for the long haul and if you do a WHOIS you'll see that it was registered straight off for 5 years. That's what longer term players tend to do. There is some speculation in SEO circles that Google uses the length of registration in some cases as a quality indicator.
In addition to the all the information gained so far, domaintools give you a lot of paid options. You can find out the WHOIS history - when and what changes were made to the WHOIS records - all the other domains ever registered in that person's name and that email address and what other sites are being hosted on this server!
RESEARCHING THE OWNER
There's usually very limited information in the WHOIS. But every scrap holds a lot of potential for a good detective. A little bit of extra information provided - like the company name here - opens up fantastic new possibilities for investigation.
We'll first work on the owner's name. And the simplest possible search. Stick his name into Google. I find that the results are corrupted with personalized search. Google is factoring in my previous search for something similar and tailoring the search results to what it thinks I wanted the last time! So I use a paid proxy. You could try something like the fantastic Scroogle. It gives you the Google results but ensures they're aren't skewed by your past searches or location. (With a search at Google itself someone in the UK may get more UK oriented results otherwise). That it also hides from Google what you're searching for is a nice bonus.
I use "Robert Nelson" in quotes as I don't want every page that mentions either Robert or Nelson.
Damn, there's a famous character with that name, this makes life difficult. A lot of the mentions are going to be about him. I try "Robert Nelson" + Arizona. I run my eyes down the results. Still too much. So I try zoominfo. I get 50-60 Robert Nelsons. I hit Control + F in Firefox and type in Arizona. I find one mention of Arizona on that zoominfo page and it relates to a Robert Nelson who doesn't sound like the one I'm looking for.
I could go to 123people or wink. There's got to be a better way of narrowing down the search. Aha! "Robert Nelson" + "Tree Room" (his company name). It works. I've got his linkedin profile! Success! I can see what he looks like, learn that he owns ninjawarz dot com, effmypic dot com and others. Including the domain used for his contact email address in WHOIS. It's the right guy, alright. I see also that he does indeed live in Phoenix, Arizona. Where did I see that before? Zoominfo? I go back there. I associate the Phoenix Arizona Robert Nelson there with the "National Institute of Diabetes and Digestive and Kidney Diseases". I find this National Institute of Long Names's site and use their internal search to find Robert Nelson. Oops! The picture looks nothing like the Facebook one. This guy has an MD and a PhD and stuff and he does "identification of biomarkers for diabetic kidney disease". Not the type of guy to own a gaming site. It must be someone else. Two Robert Nelsons in Phoenix! What are the chances?
I'd like to do a few WHOIS searches on the other domains that I know he owns but whois.sc (domaintools) has had enough of me. If I want to do any more searches for the day I'm going to have to pay them. Not a problem. I know our RN uses godaddy as a registrar and godaddy have their own WHOIS. I give it a quick shot, but nothing interesting there and no new information is apparent at a quick perusal.
Now that I know this much about him, what he looks like etc., I could make other connections, find him in other social networking sites, see who he associates with, what he's interested in, where he spends his money, what he twitters about and much more. I could do a search on his phone number or, possibly, find his grandmother's maiden name.
But I'm not looking to marry him so decide that enough's enough on the personal search for Robert Nelson.
Google also showed me pages at places like crunchbase. This one discloses that somebody called Jason Moore is President of twitterbackgrounds.com. Hmm. Interesting. He could be checked out too.
But you get the picture. If I were spending half a million dollars on buying a property I'd follow a lot more investigative leads, but for a relatively low priced site you need draw your lines somewhere.
RESEARCHING THE COMPANY
Let's see if that address is an accommodation address. To Americans, "suite" may signify apartment but not so in other parts of the world. "Suite" is used in several contexts and in the UK it's often used by firms offering accommodation (forwarding) addresses.
Plugging in "9237 E Via Linda, Scottsdale, Maricopa, Arizona 85258" into maps.google.com suggests there are a lot of flats around at this post code. Is the "Suite 135" part of an apartment address, or is it a "service" address like a postbox? I don't know yet.
Scrolling up the map shows lots and lots of apartment blocks but the "A" balloon (towards the center of the picture) seems to be on the other carriageway - an area that looks commercial and has a couple of large car parks. And the text accompanying the search suggests there's a "Scottsdate Condo Business Center" at that ZIP code - the type of place for an accommodation/forwarding address. I remember that the "A" balloon is often in the wrong place or the center of a postcode/zip code. I put aside this line of enquiry for the moment as it's not that relevant and I'm getting distracted.
I stick "9237 E Via Linda, Scottsdale, Maricopa, Arizona 85258" into a google.com search. A quick browse through the first few results tell me that the "E" in that address is for East. (Again, this may be blindingly obvious to Americans but the British don't use E Side for Eastside or EEnders for East Enders) That suggests that "east" is an alternate word to plug into the search should we wish to dig further - "East Via Linda"