Talking about edge #shun devices and how to handle multi-hosting IP addresses.

When I say "shun device" I mean a device that sits at the edge, outside the firewall, and makes a block / allow decision on every packet with a much simpler rule set, and does so at near-wire-speed.
Our shunning is handled by #ThreatBlockr which works great. No complaints. It has category based rules, geolocation rules, and static lists.
Unfortunately, due to the need for speed, the rules are all based on IP address and, as you know, sometimes multiple hosts are on the same IP address.

We used to use #robtex (https://www.robtex.com/ip-lookup/) to reverse lookup what else was on a particular IP address, but it has made some changes and the API hasn't worked quite right in a few weeks. They offer a Pro API, but I cannot find any way to actually buy the credits needed to use it. Robtex was the best because it would provide the most results for free.
Other sites we've used are dnslytics (https://dnslytics.com/reverse-ip) and yougetsignal (https://www.yougetsignal.com/tools/web-sites-on-web-server/)

We need to know what else is hosted on a particular IP address to make an informed risk-based decision on creating an allow rule.

How do y'all get accurate reverse lookup information for IP addresses?
Does anyone have an inside line to robtex to find out how the back-end work with the API and the pro accounts is going?

#infosec