1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anyway to get website address from an ip?

Discussion in 'Networks & Internet Connectivity' started by DaZzZa, 6 Feb 2018.

  1. DaZzZa

    Mobster

    Joined: 2 Dec 2002

    Posts: 2,618

    Location: Peterlee

    As title have a few malwarebytes alerts from a user but only have an IP address of the site?

    Cheers chaps
     
  2. Steveocee

    Soldato

    Joined: 5 Nov 2011

    Posts: 5,176

    Location: Derbyshire

    Packet inspection through Wireshark? Most website will be on shared hosting so an IP won't be of much help.
     
  3. DaZzZa

    Mobster

    Joined: 2 Dec 2002

    Posts: 2,618

    Location: Peterlee

    Managed to pull them as ****book someone's getting bored with their marriage.....
     
  4. RoyMi6

    Mobster

    Joined: 9 Mar 2010

    Posts: 2,679

    A reverse IP lookup is what you want (or rather, will do what you're asking) http://www.viewdns.info/reverseip/

    Of course, Steveocee is right that the results you'll get will simply list every site that's hosted rather than just one though.

    Packet inspection is really the only route. Or... send the user the list and says "Oi! Which one of these dodgy sites are you visiting?"

    OR.. you could visit each one in turn and monitor your own traffic.
     
  5. DaZzZa

    Mobster

    Joined: 2 Dec 2002

    Posts: 2,618

    Location: Peterlee

    Cheers chaps seems to be going on to sites to watch fuzball and popups are setting off malwarebytes
     
  6. Caged

    Capodecina

    Joined: 18 Oct 2002

    Posts: 23,940

    Another thing you can do is connect to HTTPS and see what names are in the certificate
     
  7. Sp00n

    Capodecina

    Joined: 18 Oct 2002

    Posts: 18,143

    Location: Brighton

    Unless they're only using SNI.
     
  8. DaZzZa

    Mobster

    Joined: 2 Dec 2002

    Posts: 2,618

    Location: Peterlee

    Have that part sorted just trying to locate or contact a rogue computer IP on the network now or block it all together on a draytek 2860
     
  9. Delta3D

    Hitman

    Joined: 16 Apr 2014

    Posts: 660

    Location: Durham, UK

    Cmd Prompt -> ping -a *ip*
     
  10. WoodyUK

    Soldato

    Joined: 29 Dec 2009

    Posts: 6,513

    That's just the rDNS record for the IP address so of very little use in this case.


    As previously mentioned; http://www.viewdns.info/reverseip/ is the best method to view domains hosted on an IP.

    Going on to sites to watch football will no doubt be filled with ads.

    Just disabled the notifications from Malwarebytes, it's doing it's job. ;) Wouldn't worry about it at all.
     
  11. opethdisciple

    Capodecina

    Joined: 18 May 2010

    Posts: 20,735

    Location: London

  12. Steveocee

    Soldato

    Joined: 5 Nov 2011

    Posts: 5,176

    Location: Derbyshire

    Adblocker? Could even be worth spinning up a pihole DNS to run locally, *should* purge the stuff you don’t want before it even downloads it.