Have you ever wondered which websites your PC has visited, or which apps have been silently contacting servers in the background?
Windows actually keeps a short-term DNS cache, and with a simple command, you can see all the domains and IP addresses your system has looked up.
The Magic Command
Open your Command Prompt and run:
ipconfig /displaydns
his command will display your computer’s DNS Resolver Cache — a list of recently resolved domain names along with their corresponding IP addresses.
This cache includes:
-
Websites you visited in your browser.
-
Background requests made by installed apps.
-
Operating system updates and background services.
Why This Matters for Cybersecurity
By looking at this DNS cache, you might:
-
Spot suspicious domains your PC connected to.
-
Identify malware communication attempts to Command-and-Control (C2) servers.
-
Detect apps secretly “phoning home” without your permission.
A Real Example
Here’s what your DNS cache might look like:
| IP Address | Domain Name | Number of Visits | Notes |
|---|---|---|---|
| 93.184.216.34 | example.com | 5 | Legitimate website |
| 45.155.205.233 | suspicious-malware-server.io | 3 | 🚨 Possible C2 server |
| 172.217.16.206 | google.com | 20 | Google search traffic |
Step 1: Count the Visits
You can export the ipconfig /displaydns output to a file:
ipconfig /displaydns > dns_log.txt
Then, with a simple Python script, you can parse the file, group by IP/domain, and count how many times each appears.
Step 2: Check the Reputation of Each IP
For cybersecurity purposes, check whether any of these IPs have been flagged for malicious activity.
You can use free APIs like:
-
VirusTotal — Scan an IP for malware reports.
-
AbuseIPDB — Check if an IP is involved in spam, hacking, or DDoS.
Step 3: Monitor Live Traffic with Wireshark
While ipconfig /displaydns shows past DNS lookups, Wireshark lets you capture real-time network traffic to see exactly which IPs your PC is contacting at this moment.
By combining:
-
ipconfig /displaydns— recent history -
Wireshark — live monitoring
-
VirusTotal / AbuseIPDB — reputation checks
…you’ll have a powerful toolkit for spotting malware, spyware, or unwanted tracking.
✅ Pro Tip: If you discover unknown IPs with bad reputations, disconnect from the internet immediately and run a full antivirus scan.
If you want, I can also add a full working Python & PyQt6 tool that automatically runs ipconfig /displaydns, counts visits, checks IP reputation on both VirusTotal and AbuseIPDB, and displays it in a table.
No comments:
Post a Comment