Stats
Actions
Tags
From investigator
Investigate a domain's registration, DNS, certificates, hosting, and history using passive public sources. Use when mapping a domain's infrastructure or researching who owns/operates it.
How this skill is triggered — by the user, by Claude, or both
Slash command
/investigator:domain-intelThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Produce a domain intelligence report for $ARGUMENTS using passive public sources only.
Produce a domain intelligence report for $ARGUMENTS using passive public sources only.
Look up WHOIS to establish registrant, registrar, creation/expiry dates, and nameservers.
Choose the right registry for the TLD:
Note: many registrations use privacy protection — log this as a finding, not a failure. Proceed with DNS and certificate transparency.
Fetch DNS records via MXToolbox or dnsdumpster.com.
Collect: A, AAAA, MX, TXT, NS, CNAME records.
TXT records frequently reveal: email providers (Google Workspace, Microsoft 365), SPF/DKIM configuration, third-party service ownership verification (Stripe, HubSpot, Salesforce), and site verification codes.
Search crt.sh for all certificates issued to the domain and its subdomains.
Certificate transparency reveals:
Use ipinfo.io or BGP.he.net to identify:
Cross-reference with MX records to identify email hosting (separate from web hosting is common).
Search ViewDNS.info for other domains registered to the same entity (registrant name or email where not privacy-protected).
This can reveal related brands, acquired properties, or shell domains.
Historical gaps (domain registered but no Wayback content for a period) can be significant.
Domain intel often surfaces leads worth deeper investigation:
/investigator:entity-footprint for the full organisational picture/investigator:ip-intel/investigator:corporate-ownership for the legal entity structure## Domain intelligence: [domain]
**Date:** [today]
**Purpose logged:** [stated purpose]
**Methods:** Passive open-source only
### Registration
| Attribute | Value |
|---|---|
| Registrar | — |
| Registered | — |
| Expires | — |
| Nameservers | — |
| Privacy protection | Yes / No |
### DNS records
[Key records with interpretation — not just raw data]
### Certificate transparency findings
[Subdomains discovered, naming patterns, certificate history]
### Hosting
| Attribute | Value |
|---|---|
| Hosting provider | — |
| ASN | — |
| IP range | — |
| Email hosting | — |
### Related domains
[Domains sharing registration details — or "none found" / "privacy-protected, unable to determine"]
### Historical findings
[Wayback Machine observations, DNS history anomalies]
### Notable observations
[Anything that stands out — unusual configurations, patterns, discrepancies]
### Gaps
[What couldn't be established; what would require deeper access]
### Sources
1. [Tool/Registry](URL) — [what it contributed]
npx claudepluginhub hpsgd/turtlestack --plugin investigatorProvides CDSS development patterns for drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), and alert classification integrated into EMR workflows.