Security Basics mailing list archives
Re: Investigation- Web pages visited
From: Austin Murkland <amurkland () merydion com>
Date: Thu, 03 Nov 2005 17:57:31 -0800
I can't take credit for this website, or how well it does or doesn't function but when this question came up before, this website was posted in response... hopefully this will prove more useful to you than it did for me.
http://www.searchmee.com/web-info/ip-hunt.php Austin Murkland David Gillett wrote:
It's really easy for multiple sites to be hosted on a single server, so the IP address is inadequate for this. If I see suspicious activity like this, I look inside the HTTP "GET" header to find the site name. You *might* be able to make a pretty good guess by logging DNS resolutions, too.... David Gillett-----Original Message-----From: Steve Barron [mailto:thurgoodj187 () hotmail com] Sent: Wednesday, November 02, 2005 11:09 AMTo: security-basics () securityfocus com Subject: Investigation- Web pages visited HiI am trying to investigate some possible corporate policy violations, mostly involving porn. My IDS matches rules for certain criteria and looks for banned words in html. When I get the ip, i can query it, but most of the time I get info about a hosting provider. When I attempt to access the ip http://155.X.X.X i get either some generic page or a 404 error. Is there any way to find out what sites are hosted at a given IP? My logs have not been much help for this.Thanks Steve
Current thread:
- Investigation- Web pages visited Steve Barron (Nov 02)
- Re: Investigation- Web pages visited Bryan S. Sampsel (Nov 03)
- Re: Investigation- Web pages visited Saqib Ali (Nov 03)
- Re: Investigation- Web pages visited Brian Loe (Nov 03)
- RE: Investigation- Web pages visited David Gillett (Nov 03)
- Re: Investigation- Web pages visited Austin Murkland (Nov 04)
- Re: Investigation- Web pages visited Mark Owen (Nov 07)