Contents x
      Find domains that have pointed to a specific IP address (reverse A)
      • 02 Apr 2024
      • 1 Minute to read
      • Print
      • Dark
        Light
      Contents

      Find domains that have pointed to a specific IP address (reverse A)

      • Updated on 02 Apr 2024
      • 1 Minute to read
      • Print
      • Dark
        Light
      Article Summary

      A "reverse A" lookup is a DNS query that maps an IP address to its corresponding domain name.

      By using a reverse A lookup to find domains that have pointed to a specific IP address, security teams can identify other domains that may be associated with the same infrastructure or threat actors.

      Cyber criminals often use tactics such as domain squatting, where they register a domain that is similar to a legitimate domain in order to deceive users, and domain spoofing, where they impersonate a legitimate domain by using a similar or misspelled domain name.

      By identifying other domains that have pointed to the same IP address, security teams can identify potential instances of domain squatting or spoofing and take appropriate action before either become a problem.

      1. Navigate to Explore DNS Data > Domains Hosted on IP

      2. Specify an IP address

      3. (Optional) Specify a netmask

      4. (Optional) Choose to either include or exclude subdomains

      5. (Optional) Specify the time frame when the A record(s) was first seen

      6. (Optional) Specify the time frame when the A record(s) was last seen

      7. (Optional) Tick Last 24 Hours to show records first seen in the last 24 hours

      8. Specify a Sort Order that applies itself to outputted results

      9. Click Search

      Monitoring reverse A lookup data

      You can monitor results populated on the Explore screen for any changes, saving you time and resources by automating key queries across a range of internal workflows.

      Monitors run once every 24 hours. You'll be alerted when Silent Push detects new results via email (filtering/sorting options are not applied)

      1. Once you've received a set of results, click the Monitor button on the top right

      2. Specify a Monitor name

      3. Enter a Description

      4. Click Save

      5. Your monitored query is now visible in Monitors > Monitored Queries

      6. Read this article for information on how to share a monitor

      Was this article helpful?
      What's Next