#TrackingTheTrackers I'm digging into tools these days, #faup provides lookups if a string is a known domain name, and #ipgrep returns all strings that resolve to an IP address. The #ipgrep approach seems much more useful since it doesn't need a pre-prepared list of "known domain names", instead #DNS provides that
https://github.com/stricaud/faup
https://github.com/jedisct1/ipgrep
It has been interesting to dig into this, the vast #malware body of knowledge has gotten us started, but it isn't the same problem, so similar but different tools are needed.