Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: tjs on March 08, 2008, 01:44:47 am

Title: Reverse IP Services - Request for suggestions
Post by: tjs on March 08, 2008, 01:44:47 am
I'm trying to find a decent reverse IP service provider. My current front-runner choice is 'domaintools.com' but i'm curious if anyone here has experience with this technology and if they have any recommendations.

For those of you that are not familiar with reverse IP, the point is to feed it an IP address and have it return all the domain names that point to that IP address. The most common technique of doing this is to maintain a large database of domain names and the addresses that they point to.

From the perspective of malware analysis and malware domains this is very useful. You'll often find a single IP containing a webserver running some browser exploit that is pointed at by many hostnames. Determining an IP from a hostname is trivial, but determining a hostname from an IP is not.

These services are rarely available for free, so before I invest I figured I'd ask around to see if anyone has suggestions. I will write a review of the provider that i end up selecting if/when I get around to subscribing.

Thanks,
TJS

MysteryFCM: Stickified :)
Title: Re: Reverse IP Services - Request for suggestions
Post by: MysteryFCM on March 08, 2008, 01:51:53 am
I tend to use;

http://robtex.com
http://cert.uni-stuttgart.de/stats/dns-replication.php

Once I find a decent method for doing it, I'll also be including this as a feature in hpHosts Online :)
Title: Re: Reverse IP Services - Request for suggestions
Post by: MysteryFCM on March 08, 2008, 01:55:15 am
Meant to mention, the hpHosts website currently includes rDNS for a single IP;

http://hosts-file.net/?s=85.17.40.13

... and can give you a list of hostnames in the database for a specific or range of IP's

http://hosts-file.net/pest.asp?show=85.17.40.136
Title: Re: Reverse IP Services - Request for suggestions
Post by: sowhat-x on March 08, 2008, 03:34:18 am
...not a service,but a couple of semi-relevant Python-based tools,
that I've used from time to time and I thought they might be of interest...
Note though the word semi...as they're mainly used for info gathering,
during early pentesting steps,ie.not malware analysis related directly,
but then again,it all depends on what someone is up to...

Revhosts.py attempt to enumerate virtual hosts to a given IP address.
Quote
http://www.revhosts.net/Revhosts
Only under *nix systems...or at least,I've never attempted testing/modding it to work under win32.

And another one,also works under Windows...
Halberd is a tool aimed at discovering real servers behind virtual IPs.
Quote
http://halberd.superadditive.com/
Title: Re: Reverse IP Services - Request for suggestions
Post by: JohnC on June 25, 2008, 02:51:34 pm
Aswell as what is mentioned:

http://serversniff.net/content.php?do=hostonip
http://www.domainsdb.net/   (currently still offline)
http://whois.webhosting.info/
http://onsamehost.com/
http://www.myipneighbors.com/
http://www.sitedossier.com/ip/127.0.0.1   (Replacing 127.0.0.1 with the IP you want to check.)
http://www.internic.net/whois.html     (If you want to see what name servers are on an IP, select the name servers option from the below url.)
Title: Re: Reverse IP Services - Request for suggestions
Post by: JohnC on August 05, 2008, 10:02:41 pm
http://www.bfk.de/bfk_dnslogger.html
Title: Re: Reverse IP Services - Request for suggestions
Post by: JohnC on October 14, 2008, 06:34:44 pm
http://www.securityspace.com/bizintel/reverse-ip.html
Title: Re: Reverse IP Services - Request for suggestions
Post by: JohnC on October 16, 2008, 05:03:09 pm
http://huehacker.info/?domain=
Title: Re: Reverse IP Services - Request for suggestions
Post by: m0sh3 on October 22, 2008, 09:23:19 am
http://www.ip2location.com/free.asp - will give geolocation and ISP for the IP
Title: Re: Reverse IP Services - Request for suggestions
Post by: sowhat-x on November 11, 2008, 10:07:15 am
http://crushmachine.com/rip.php
Use at your own risk  ;)
Title: Re: Reverse IP Services - Request for suggestions
Post by: sowhat-x on March 31, 2009, 01:10:33 pm
http://www.ip-adress.com/reverse_ip/
Title: Re: Reverse IP Services - Request for suggestions
Post by: JohnC on May 04, 2009, 12:08:18 am
http://www.gwebtools.com/ns-spy

To see what domain names are on a name server :)
Title: Re: Reverse IP Services - Request for suggestions
Post by: JohnC on May 20, 2009, 02:01:33 am
http://tools.web-max.ca/websitesonip.php?
Title: Re: Reverse IP Services - Request for suggestions
Post by: Malware-Web-Threats on May 20, 2009, 02:22:27 am

http://www.yougetsignal.com/tools/web-sites-on-web-server (http://www.yougetsignal.com/tools/web-sites-on-web-server)
Title: Re: Reverse IP Services - Request for suggestions
Post by: JohnC on May 29, 2009, 08:52:10 pm
Monitor name servers
http://www.nsspy.org/
Title: Re: Reverse IP Services - Request for suggestions
Post by: JohnC on June 05, 2009, 07:05:05 pm
http://protect-x.com/reverse/?ip=127.0.0.1