-1

I want to identify the Public IP address of a local company. More specific, i need the IP address where the offices are located. Because it's a small company, i assume they only have 1 public IP. The only thing i had, was the domain name. But i already did some investigation in DNS based on that domain name.

Result of the investigation based on domain name:

The company has 1 website, hosted by a hosting company. In DNS i did a lookup and i fetched the IP address of the website (A record), but it's the IP of the hosting company.

I found the domain name and IP address of 2 DNS servers registered for the domain, but they both are DNS servers of the hosting company which hosts the domain (NS records).

I found the domain name and IP address for 1 mail server registered for the domain (MX record). it seems that the company uses outlook as a mail server because the (MX record) is: domainname.com01c.mail.protection.outlook.com.

As you can see the results i already got are useless because they all point to services that are not hosted in the company's local offices but elsewhere.

Is there another way or method that i can use to identify the public IP used from the company's local offices? Or can i do more investigation based on the results i already found in DNS?

Dmitry Streblechenko
  • 62,942
  • 4
  • 53
  • 78
snorkel
  • 17
  • 3
  • There is no relationship between a domain name (hosted anywhere or not even published) and the IP address used by its supposed owner on its day to day life from its office, except if it would host everything locally which is almost never the case. The DNS, in general, will not help you at all for that. Imagine: a company may not have a domain name even if it has Internet access, it can also have multiple domain names (or multiple offices)... You have probably another real problem because searching for the office IP address is clearly something that has different goals, what are those for you? – Patrick Mevzek Dec 05 '18 at 23:38

1 Answers1

1

Use their Domain name to do a Whois Lookup:

https://whois.domaintools.com/

For example, with Google: https://whois.domaintools.com/google.co.uk

You can also Use Maltego for more in-depth information on this but this is probably a question for https://security.stackexchange.com/

Maltego: https://www.paterva.com/web7/

Guybrush Threepwood
  • 1,096
  • 2
  • 10
  • 18
  • The information that i fetched from https://whois.domaintools.com/ is the same as the information i aready discovered. I googled the Maltego website and it seems very interesting. But it is proprietary software and the cheapest license is 999$ for 1 year. I am not willing to pay that much money, is there a service somewhere where you can pay per single Maltego search/query? – snorkel Dec 05 '18 at 12:35
  • @snorkel You can get a free version of Maltego, their community edition: https://www.paterva.com/web7/buy/maltego-clients/maltego-ce.php This allows you to use very similar tech but **cannot** be used commercially and prohibits the number of items returned, but with it being a small business, these return amounts might be just enough. – Guybrush Threepwood Dec 05 '18 at 13:09