Anyway to get website address from an ip?

[DaZzZa]

As title have a few malwarebytes alerts from a user but only have an IP address of the site?

Cheers chaps

 

[Steveocee]

Packet inspection through Wireshark? Most website will be on shared hosting so an IP won't be of much help.

 

[DaZzZa]

Managed to pull them as ****book someone's getting bored with their marriage.....

 

[RoyMi6]

A reverse IP lookup is what you want (or rather, will do what you're asking) http://www.viewdns.info/reverseip/

Of course, Steveocee is right that the results you'll get will simply list every site that's hosted rather than just one though.

Packet inspection is really the only route. Or... send the user the list and says "Oi! Which one of these dodgy sites are you visiting?"

OR.. you could visit each one in turn and monitor your own traffic.

 

[DaZzZa]

Cheers chaps seems to be going on to sites to watch fuzball and popups are setting off malwarebytes

 

[Caged]

Another thing you can do is connect to HTTPS and see what names are in the certificate

 

[Sp00n]

Another thing you can do is connect to HTTPS and see what names are in the certificate

Unless they're only using SNI.

 

[DaZzZa]

Have that part sorted just trying to locate or contact a rogue computer IP on the network now or block it all together on a draytek 2860

 

[Delta3D]

Cmd Prompt -> ping -a *ip*

 

[On Holiday]

Cmd Prompt -> ping -a *ip*

That's just the rDNS record for the IP address so of very little use in this case.


As previously mentioned; http://www.viewdns.info/reverseip/ is the best method to view domains hosted on an IP.

Going on to sites to watch football will no doubt be filled with ads.

Just disabled the notifications from Malwarebytes, it's doing it's job. Wouldn't worry about it at all.

 

[opethdisciple]

nslookup

 

[Steveocee]

Adblocker? Could even be worth spinning up a pihole DNS to run locally, *should* purge the stuff you don’t want before it even downloads it.