Re: Investigation- Web pages visited

[Austin Murkland <amurkland () merydion com>]

I can't take credit for this website, or how well it does or doesn't 
function but when this question came up before, this website was posted 
in response... hopefully this will prove more useful to you than it did 
for me.

http://www.searchmee.com/web-info/ip-hunt.php

Austin Murkland

David Gillett wrote:
>   It's really easy for multiple sites to be hosted on a single
> server, so the IP address is inadequate for this.  If I see
> suspicious activity like this, I look inside the HTTP "GET"
> header to find the site name.
>   You *might* be able to make a pretty good guess by logging
> DNS resolutions, too....
>
> David Gillett
>  
>
>   
> > -----Original Message-----
> > From: Steve Barron [mailto:thurgoodj187 () hotmail com] 
> > Sent: Wednesday, November 02, 2005 11:09 AM
> > To: security-basics () securityfocus com
> > Subject: Investigation- Web pages visited
> >
> > Hi
> >
> > I am trying to investigate some possible corporate policy 
> > violations, mostly involving porn.  My IDS matches rules for 
> > certain criteria and looks for banned words in html.  When I 
> > get the ip, i can query it, but most of the time I get info 
> > about a hosting provider.  When I attempt to access the ip 
> > http://155.X.X.X i get either some generic page or a 404 
> > error.  Is there any way to find out what sites are hosted at 
> > a given IP?  My logs have not been much help for this.
> >
> > Thanks
> >
> > Steve
> >
> >
> >     
>
>
>
>