Recently I’ve encounter list of IPs that are related to CoinHive. So I want to check for domains that tied to these IPs. We can do that by using dig command to perform reverse DNS (rDNS).

Reverse DNS (rDNS) is a method of resolving an IP address into domain name, just as the domain name system (DNS) resolves domain names into associated IP addresses.

I found this script at this site:

#!/bin/bash

for item
    do
        domain=$(dig -x "$item"  +short)
        if [ -n "$domain"  ] ;
            then
            echo "$item" - "$domain"
        else
            echo "$item" result is NULL
        fi
    done

Just save this code above in your Linux/*nix machine, and run this command as below:

root@box:~# cat ip.txt | xargs bash reverse_dns

The result should be like this:

By zam

Any Comments?

This site uses Akismet to reduce spam. Learn how your comment data is processed.