Passive information gathering
It is passive in the meaning that it doesn't directly send packets to the service. But in any other sense of the word there is nothing passive about this phase.
Visit the website
Okay, I guess this actually sends packets to the target, but whatever. Visit the page, look around, read about the target. What do they do?
Find out who is behind the website.
Resolve the DNS
The the IP address and check it with
Most of the info found on netcraft is not unique. It is basic whois info. But one thing is really good, it lists the different IP-addresses the page has had over the years. This can be a good way to bypass cloudflare and other services that hide the real IP. Using netcraft we can find the IP that was in use before they implemented cloudflare.
Another detail that is good to know is the hosting-company or domain-provider. Those details can be used if we want to try some social-engineering or spear-phishing attack.