Investigator Use
Central Ops is a free online network reconnaissance toolkit providing a range of domain and IP investigation tools accessible through a single web interface. It combines WHOIS lookups, DNS queries, traceroutes, email server tests, and more into a unified platform that requires no local software installation — making it accessible for investigators working from any browser.
What investigators use Central Ops for: performing quick multi-tool reconnaissance on a domain or IP without switching between separate services, checking DNS record configurations alongside WHOIS data, testing email server connectivity and configuration, and running network path analysis through traceroute.
What Central Ops exposes: WHOIS registration data from domain and IP registries, DNS records including A, AAAA, MX, NS, TXT, and CNAME entries, email server banner information and SMTP connectivity tests, traceroute results showing network hops between the probe and target, and domain availability checks for related domain names.
Central Ops is particularly useful in the early stage of a domain investigation when you want to gather multiple data points quickly. Rather than visiting several separate tools, Central Ops returns WHOIS, DNS, and network information in a single session. The email server testing capability reveals whether a domain is configured to send and receive email, helping identify whether a suspicious domain is operational.
MX record investigation: the email server test in Central Ops connects to a domain's MX records and records the server banner. Email banners often reveal the software stack (Exchange, Postfix, Google Workspace), the hosting provider, and sometimes the actual server hostname — all of which support infrastructure attribution in phishing and fraud investigations.
Limitations: Central Ops performs live queries in real time, so its data reflects current configurations rather than historical records. For historical DNS and WHOIS data, use SecurityTrails or DNS History in parallel. Results may also be throttled during periods of high usage.
In a workflow: use Central Ops as a first-pass tool at the start of a domain investigation to gather baseline WHOIS and DNS data. Follow up with SecurityTrails for historical records, DNS twister for typosquatting variants, and Shodan for exposed services on discovered IP addresses.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
ARIN
Domain OSINT
ARIN is a nonprofit, member-based organization that administers IP addresses & ASNs in support of the operation and growth of the Internet.
Cert Graph Crawler
Domain OSINT
An open source intelligence tool to crawl the graph of certificate Alternate Names
DNS History
Domain OSINT
DNS History archives historical DNS records, letting investigators track IP changes, hosting migrations, and infrastructure pivots over time.
DNS twister
Domain OSINT
DNS Twister generates and monitors domain permutations for typosquatting detection, brand protection, and phishing infrastructure discovery.
Domain Tools
Domain OSINT
DomainTools provides WHOIS lookup, IP history, domain ownership records, and reverse WHOIS for domain and infrastructure investigation.
Domainiq
Domain OSINT
DomainIQ provides WHOIS research, domain name investigation, brand protection tools, and cybercrime attribution resources.