Malware Related > Tools of the trade / Internet News

Reverse IP Services - Request for suggestions

(1/4) > >>

I'm trying to find a decent reverse IP service provider. My current front-runner choice is '' but i'm curious if anyone here has experience with this technology and if they have any recommendations.

For those of you that are not familiar with reverse IP, the point is to feed it an IP address and have it return all the domain names that point to that IP address. The most common technique of doing this is to maintain a large database of domain names and the addresses that they point to.

From the perspective of malware analysis and malware domains this is very useful. You'll often find a single IP containing a webserver running some browser exploit that is pointed at by many hostnames. Determining an IP from a hostname is trivial, but determining a hostname from an IP is not.

These services are rarely available for free, so before I invest I figured I'd ask around to see if anyone has suggestions. I will write a review of the provider that i end up selecting if/when I get around to subscribing.


MysteryFCM: Stickified :)

I tend to use;

Once I find a decent method for doing it, I'll also be including this as a feature in hpHosts Online :)

Meant to mention, the hpHosts website currently includes rDNS for a single IP;

... and can give you a list of hostnames in the database for a specific or range of IP's

...not a service,but a couple of semi-relevant Python-based tools,
that I've used from time to time and I thought they might be of interest...
Note though the word they're mainly used for info gathering,
during early pentesting steps,ie.not malware analysis related directly,
but then again,it all depends on what someone is up to... attempt to enumerate virtual hosts to a given IP address.

--- Quote ---
--- End quote ---
Only under *nix systems...or at least,I've never attempted testing/modding it to work under win32.

And another one,also works under Windows...
Halberd is a tool aimed at discovering real servers behind virtual IPs.

--- Quote ---
--- End quote ---

Aswell as what is mentioned:   (currently still offline)   (Replacing with the IP you want to check.)     (If you want to see what name servers are on an IP, select the name servers option from the below url.)


[0] Message Index

[#] Next page

Go to full version