Domains on the Same IP Address
Domains on the same IP address refers to the practice of identifying all websites hosted on a specific server by finding every domain that resolves to the same IP.
This technique is useful in OSINT, cybersecurity assessments, and attack surface mapping because many servers host multiple domains (shared hosting, virtual hosting, CDN edge nodes, etc.).
How It Works
1. Resolve Target Domain
-
Use DNS lookup to find the IP address of the target domain.
2. Reverse IP Lookup
-
Search databases or scan the IP to find other domains pointing to it.
-
This is often called Reverse DNS or Reverse IP domain check.
3. Result Analysis
-
List the domains and identify which ones are relevant to the same organization or threat actor.
Cybersecurity & Pentesting Perspective
Benefits:
-
Expanded attack surface: Other domains on the same IP might be less secure but still lead to the same server.
-
Infrastructure mapping: Helps identify different projects, services, or brands under the same hosting.
-
Threat hunting: Malicious actors often host multiple phishing sites on one IP.
Risks for the target:
-
A single vulnerable site on a shared IP can compromise the entire server.
-
Hosting unrelated domains may affect reputation if one gets blacklisted.
Tools & Resources
Free / Open Source:
-
host/digcommand-line tools for DNS lookups
Example
Step 1: DNS lookup → IP: 203.0.113.25
Step 2: Reverse IP search finds:
-
example.com– Primary domain -
api-example.com– API service -
exampleportal.com– Customer portal -
othercompanyexample.com– Unrelated site (shared hosting)
Security Insight:
When multiple domains share the same IP, vulnerabilities in any of them may impact all, especially on shared hosting without proper isolation. Pentesters often test every related domain for misconfigurations or outdated software.