Comand line use to check IP reputation

Looking for reputation of an IP address is one of the most frequent task of an SOC analyst. There are number of online tools and script that does the task.

However, I always used command line to identify whether a IP address is blacklisted on any blacklist. The reason is number of online tools still show the IP as blacklisted but actual blacklisting parties such as spamhaus has already removed the IP from their blacklist.

Analyst can use either scripts or command line to get the results. nslookup, dig and host can be used to check the IP address against known blacklisting vendors.To check analyst need to know that the information that they are looking should be available by using certain DNS records.

If an analyst is using online tools than he/she can enter actual IP address such as However, for the command line one has to reverse the IP address to be able to match to the blacklists.

samples :

dig -x

More blacklists to check :

site to check 1 IP against multiple blacklisting  :

Related Posts

Leave a Reply

%d bloggers like this: