dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2570
share rss forum feed


jimmybeans

@comcast.net

How to find all subdomains aliased to IP?

I'm trying to do some sleuthing and I can't seem get the results I expect.

I know a certain IP address has two subdomains pointing to this for web traffic. I'm curious to see if I can find all subdomains that point to this single IP address.

For example:

service.companya.com and service.companyb.com point to the same external IP address. I"m trying to see if there is a companyc or a companyd, etc. that are using this "service" subdomain.

I used IP tools com to do a reverse IP lookup and it just shows cache3.theplanet.com, not the actual subdomains or domains.

Is what I'm trying to do possible?

Thank you.

Jimmy



Leathal
Premium
join:2002-02-09
canada
kudos:2

said by jimmybeans :

I'm trying to do some sleuthing and I can't seem get the results I expect.

I know a certain IP address has two subdomains pointing to this for web traffic. I'm curious to see if I can find all subdomains that point to this single IP address.

For example:

service.companya.com and service.companyb.com point to the same external IP address. I"m trying to see if there is a companyc or a companyd, etc. that are using this "service" subdomain.

I used IP tools com to do a reverse IP lookup and it just shows cache3.theplanet.com, not the actual subdomains or domains.

Is what I'm trying to do possible?

Thank you.

Jimmy
You either need access to the domain records for the domains, or access to the servers or firewall were companyb and companyc are being hosted.

efflandt

join:2002-01-25
Elgin, IL
reply to jimmybeans

There is no way to do that other than getting that from whoever is operating that specific site, or wild guessing. I have an old Celeron 300 box as a webserver connected to the internet on my home network. There is no way that anyone could find the no-ip.com names that point to that (unless they know one of the names), and even if you stumble on my IP address, accessing the server without one of the set hostnames leads to a dead end one page worm catcher.

And actually no-ip.com names have a wildcard for unlimited subsubdomains, so *.yourname.no-ip.com points anything.yourname.no-ip.com at the IP.

So you would have to try a dictionary attack and they might notice their swelling logs (my worm log is separate to avoid bloating other logs with garbage).



jimmybeans

@comcast.net

Efflandt - I have no idea what you're talking about. What you seem to imply doing is not right.

I'm just trying to figure out companies that might use a service that is complementary to our product. I realized these companies use the same subdomain name for every client using this product. I thought this could be a easy way to find prospects for our business.

There is no one attacking anybody or doing worm holes, etc.



cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7

said by jimmybeans :

I'm just trying to figure out companies that might use a service that is complementary to our product. I realized these companies use the same subdomain name for every client using this product. I thought this could be a easy way to find prospects for our business.
Unfortunately for you, there isn't. If they were all subdomains off the same parent domain (e.g. clientA.somecompany.com, clientB.somecompany.com, etc) then a zone transfer would tell you, if they allowed them (almost everyone doesn't). From time to time I've stumbled across some IP tool websites that might tell you some of the hosts at a given addresses, but it's far from complete. And it's not usually not for service type websites.

You might be able to try doing a google phrase search on a specific unique phrase found on the page. If google has indexed different customer's versions of the same page, it might be able to return you a client list. For instance, I've dealt with a shopping cart in the past called ASPDotNetStoreFront. At the bottom of the default template, there is a link back that reads "Powered by shopping cart". If you do a google search as such, you'll get back potential ecommerce sites that use that software. You also get some false positives, but you can get the idea.