Objective: To gather basic domain registration information to assess the legitimacy of the domain and understand its ownership.

Tools Used: WHOIS lookup tool.

Actions:

  • I performed a WHOIS lookup to gather data about the domain's registration, including the registrar, creation and expiration dates, and domain status.
  • I checked the privacy protection status to ensure whether the domain owner chose to hide their personal information.

Results:

  • Registrar: IANA ID 468
  • Creation Date: 02-Aug-2005
  • Expiration Date: 02-Aug-2030
  • Domain Status: clientDeleteProhibited
  • Privacy Protection: Enabled

Observations: The long registration history (since 2005) indicates the domain's legitimacy. The clientDeleteProhibited status suggests that the domain has a level of protection against unauthorized deletion. Additionally, Cloudflare DNS is in use, which adds an extra layer of security by reducing direct exposure.

None

Step 2: DNS & Subdomain Information (Passive DNS)

Objective: To identify any subdomains associated with the domain and check email security configurations.

Tools Used: Passive DNS tools.

Actions:

  • I examined the domain's DNS records to identify active subdomains.
  • I also reviewed the MX, SPF, and DMARC records to evaluate the security of the domain's email infrastructure.

Results:

Identified Subdomains:

Email Security:

MX Record: ProtonMail

SPF: Configured

DMARC: Policy set to reject

Observations: The domain has proper email security configurations (SPF and DMARC), which reduces the risk of email spoofing. Additionally, no abandoned or suspicious subdomains were found, suggesting the domain owner maintains a clean infrastructure.

None

Step 3: Hosting & IP Information

Objective: To gather information about the hosting provider and IP addresses associated with the domain.

Tools Used: IP lookup tool

Actions:

  • I looked up the domain's IP addresses and hosting provider details to identify where the website is hosted and if there are any potential risks associated with the hosting provider.

Results:

IP Addresses:

  • 76.76.21.21
  • 66.33.60.66

Hosting Provider: Vercel

ASN: AS16509

Location: Walnut, United States

Observations: The domain is hosted on Vercel, a reputable platform known for secure and fast hosting services. No risk indicators were found for the hosting provider, meaning that the infrastructure is generally reliable and secure.

None

Step 4: Certificates & Technology Footprint

  • Objective: To assess the security of the domain's HTTPS certificate and identify the technology stack used by the website.
  • Tools Used: SSL/TLS certificate lookup tool, website technology analysis tool.
  • Actions:
  • I checked the HTTPS certificate to verify that the website uses strong encryption for secure communication.
  • I used a tool to identify the website's technology stack (frameworks, libraries, and platforms used).

Results:

HTTPS Certificate:

Issued for: paulstamatiou.com

Certificate Authority: Valid chain up to root CA

Signature Algorithm: sha256WithRSAEncryption

Key Type: RSA/ECDSA

  • Technology Stack:
  • Frontend Framework: Next.js
  • CSS Framework: Tailwind CSS
  • Animation Library: Framer Motion
  • Hosting Platform: Vercel
  • CDN for Media: AWS CloudFront
  • Observations: The domain uses modern technologies, including Next.js for the frontend, Tailwind CSS for styling, and Framer Motion for animations. The website is HTTPS-enabled with strong encryption, ensuring secure communication with users. The technology stack follows best practices, indicating a high level of security.
None

Step 5: Historical Website Analysis (Wayback Machine)

Objective: To examine archived versions of the domain to identify changes in its structure, security practices, and potential risks from legacy content.

Tools Used: Internet Archive (Wayback Machine).

Actions:

  • I used the Wayback Machine to review archived versions of the website from the past and compare them to the current version.
  • This allowed me to track changes in the domain's structure, layout, and technology stack over time.

Results:

2005 Version:

  • Plain HTML-based website with no HTTPS.
  • No modern frameworks or encryption.
  • Blog posts displayed directly on the homepage.

2026 Version:

  • Fully HTTPS-enabled website with modern JavaScript-based architecture.
  • Dynamic content delivery with CDN support.
  • Redesigned layout with improved content structure.

Observations: The historical analysis revealed that the website has evolved significantly since 2005. The initial version lacked HTTPS and modern frameworks, exposing it to plaintext traffic. However, the current version uses HTTPS and modern security practices. The historical data also exposed legacy URLs and paths that attackers might exploit.

None
None

Analysis & Reflection :

1. Attacker-useful public information

  • Domain ownership details
  • Subdomains
  • IP addresses
  • Hosting provider
  • Historical site structure

2. Potential risks

  • Tech stack fingerprinting
  • Forgotten subdomains over time
  • Archived legacy paths

3. Reducing passive exposure

  • Regular subdomain audits
  • Review historical archives
  • Minimize unnecessary metadata exposure

4. Legal yet sensitive

  • Data is public but becomes powerful when correlated

5. Passive vs active reconnaissance

  • Passive: No interaction, no traffic sent
  • Active: Scanning, probing, detectable by targets