IP 历史记录查询是深入进行 DNS 网络安全研究的重要查询类型

实际应用

• 追踪域名转移

  查看域名更改主机并追踪其历史活动的时间范围。

• 调查可疑域名

  找出与域名历史上相关联的IP地址，分析其是否存在以前的可疑活动。

• 揭露威胁行为者的基础设施

  识别历史上链接到已知恶意域名的 IP 地址或某个时间点托管在给定 IP 地址上的其他域名。

• 监测威胁行为者

  Stay alerted to DNS resolutions associated with known threat actors, and uncover patterns or anomalies that could indicate malicious activity.

常见问题

IP 历史查询是什么？

历史 IP 查询功能可查看域名的托管历史记录，即该域名在一段时间内关联的 IP 地址列表。IP 历史记录查询可以显示域名在主机之间的迁移情况，并提供有关其历史关联的更多背景信息。

类似于实时DNS 查询，但它依赖于历史 DNS 数据，可提供具有不同时间戳的多个历史记录。

反向 IP 历史记录查询是什么？

A reverse IP history lookup is a process that allows you to see the historical domain names that have been associated with a specific IP address over time. This means you can track which websites were previously hosted on a given web server, even if they have since moved to a different IP.

Performing a reverse IP history lookup can uncover patterns that may indicate suspicious activity, domain migrations, or shared hosting environments. A reverse IP history lookup is similar to a real-time reverse IP lookup, but it relies on historical DNS data instead. This means it provides multiple records instead of just one current record.

IP 历史记录是如何收集的？

IP history is part of DNS history that is collected using passive DNS sensors. The DNS system has no memory, so it only keeps the current domain to IP associations. The sensors collect this data over a long period of time, tracking changes and adding timestamps to them. We use our own passive DNS sensors and work together with DNS data aggregation partners to keep track of these changes. For more information on how passive DNS works, check out our Passive DNS Primer.

如何通过 IP 历史记录查询相关联的域名？

To uncover domains connected to a given domain, you can run an IP history lookup, finding IP addresses associated with this domain over time. Then, run a reverse historic IP lookup for each of these IP addresses, uncovering other domains that have been hosted on these IP addresses. These domains are likely to be connected to the given domain.

Note that being hosted on the same IP doesn’t guarantee that domains are indeed associated, as they might be using shared hosting.

IP 历史可以追溯多久？

WhoisXML API provides years of historical IP-to-domain records thanks to a vast database of historical DNS data. For domains that are only a few years old, you’ll likely see their entire IP history.

为什么 IP 历史记录会同时显示与一个域名关联的多个 IP 地址？

A domain can have multiple associated IP addresses for load balancing, geographical distribution, or failover. If it uses a content delivery network (CDN) like Cloudflare or employs other load balancing techniques, the historical IP records will show multiple IP addresses associated with the domain at the same time. These correspond to the different servers delivering the content for the website.

For example, below you can see the result of a historical IP lookup for example.com. The records for October 4, 2019, show many different IP addresses associated with it.

是否可以查看除 A 和 AAAA 之外的其他历史记录吗？

当然可以。IP 历史记录是我们DNS 历史记录产品的一项功能，该产品还提供历史 MX、NS、TXT、CNAME、SOA 和 PTR 记录。如需查看这些记录，需要使用DNS数据库下载。查找工具和 DNS 大事记API 目前仅提供历史 IP 到域名和域名到 IP 的数据。