Forward-confirmed reverse DNS lookup
"...is a networking parameter configuration in which a given IP address has both forward (name-to-address) and reverse (address-to-name) Domain Name System (DNS) entries that match each other"
#nmap -Pn -sn --script fcrdns <target>
In the command above we are skipping the ping(-Pn) and the port scanning(-sn) stages of the nmap scan.
Above we have two scans using fcrdns.
Both return the host name. Scan two however would be an interesting one to probe further. It starts with "ns....." which for some admins is a naming convention reserved for Name Servers. Next step would be to check for zone transfers and see what "dig" comes up with