More than three domains hosted on the same IP addressCan address details be “googled” from the whois information, without knowing the domain name?Is pinging a website essentially the same as visiting the website through a browser?Is it possible to buy multiple hardware MFA devices with the same key?

Is Sanskrit really the mother of all languages?

Contractor cut joist hangers to make them fit

Statistical closeness implies computational indistinguishability

Are fast interviews red flags?

Project Euler problem #112

Compiler optimization of bitwise not operation

How is the phase of 120V AC established in a North American home?

Entering the US with dual citizenship but US passport is long expired?

Supervisor wants me to support a diploma-thesis SW tool after I graduated

Male viewpoint in an erotic novel

Filling attribute tables with values from the same attribute table

How strong is aircraft-grade spruce?

Owner keeps cutting corners and poaching workers for his other company

Why has Marx's "Das Kapital" been translated to "Capital" in English and not "The Capital"

Why did Tony's Arc Reactor do this?

Is it right to use the ideas of non-winning designers in a design contest?

Template default argument loses its reference type

Examples where "thin + thin = nice and thick"

What quests do you need to stop at before you make an enemy of a faction for each faction?

Can you pop microwave popcorn on a stove?

Dynamic Picklist Value Retrieval

Passport - tiny rip on the edge of my passport page

Leaving the USA

How to apply a register to a command



More than three domains hosted on the same IP address


Can address details be “googled” from the whois information, without knowing the domain name?Is pinging a website essentially the same as visiting the website through a browser?Is it possible to buy multiple hardware MFA devices with the same key?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








10















Not on purpose I did a reverse IP address look up on my site, and it shows that there are three other websites hosted on my server, and now I'm worried.



My web is arturofm.com, and here is the lookup:



https://reverseip.domaintools.com/search/?q=arturofm.com



It says:




Reverse IP Lookup Results — more than 3 domains hosted on IP address 104.27.182.86




What does that mean? That I've been hacked? Or that Amazon AWS uses the same IP address to serve multiple domains?










share|improve this question


























  • PTR records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.

    – Patrick Mevzek
    6 hours ago

















10















Not on purpose I did a reverse IP address look up on my site, and it shows that there are three other websites hosted on my server, and now I'm worried.



My web is arturofm.com, and here is the lookup:



https://reverseip.domaintools.com/search/?q=arturofm.com



It says:




Reverse IP Lookup Results — more than 3 domains hosted on IP address 104.27.182.86




What does that mean? That I've been hacked? Or that Amazon AWS uses the same IP address to serve multiple domains?










share|improve this question


























  • PTR records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.

    – Patrick Mevzek
    6 hours ago













10












10








10








Not on purpose I did a reverse IP address look up on my site, and it shows that there are three other websites hosted on my server, and now I'm worried.



My web is arturofm.com, and here is the lookup:



https://reverseip.domaintools.com/search/?q=arturofm.com



It says:




Reverse IP Lookup Results — more than 3 domains hosted on IP address 104.27.182.86




What does that mean? That I've been hacked? Or that Amazon AWS uses the same IP address to serve multiple domains?










share|improve this question
















Not on purpose I did a reverse IP address look up on my site, and it shows that there are three other websites hosted on my server, and now I'm worried.



My web is arturofm.com, and here is the lookup:



https://reverseip.domaintools.com/search/?q=arturofm.com



It says:




Reverse IP Lookup Results — more than 3 domains hosted on IP address 104.27.182.86




What does that mean? That I've been hacked? Or that Amazon AWS uses the same IP address to serve multiple domains?







aws whois






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 43 mins ago









Peter Mortensen

7384 silver badges9 bronze badges




7384 silver badges9 bronze badges










asked yesterday









ArturoArturo

1557 bronze badges




1557 bronze badges















  • PTR records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.

    – Patrick Mevzek
    6 hours ago

















  • PTR records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.

    – Patrick Mevzek
    6 hours ago
















PTR records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.

– Patrick Mevzek
6 hours ago





PTR records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.

– Patrick Mevzek
6 hours ago










3 Answers
3






active

oldest

votes


















12
















This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.



A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.



AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.



It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.



In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.






share|improve this answer










New contributor



manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1





    thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

    – Arturo
    22 hours ago







  • 1





    There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

    – Conor Mancone
    21 hours ago






  • 3





    VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

    – domen
    18 hours ago


















24
















This is not a sign of a problem for your server. There's an important detail here, which is:



104.27.182.86 is not your server. That IP belongs to cloudflare.



Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.



Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:




  1. Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says 104.16.0.0/12 is of interest to you, as it includes all IPs from 104.16.0.0 to 104.31.255.255.
    AKA, 104.27.182.86 is owned by Cloudflare, not AWS.

  2. If you check your Elastic IP in AWS, you'll see that it is something other than 104.27.182.86. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.

Additional Notes



The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:



  1. Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address

  2. Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.

  3. Fortunately, 104.27.182.86 is not the IP address of your server :)





share|improve this answer


































    2
















    Looks like you just found out how a Load Balancer inside a CDN with SNI works



    You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:



    echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text


    ...or you can use your browser's certificate viewer:



    Certificate details






    share|improve this answer








    New contributor



    mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.





















    • The content of the certificate is unrelated to the DNS PTR records.

      – Patrick Mevzek
      6 hours ago











    • The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

      – eckes
      1 hour ago













    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "162"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );














    draft saved

    draft discarded
















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f216640%2fmore-than-three-domains-hosted-on-the-same-ip-address%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    12
















    This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.



    A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.



    AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.



    It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.



    In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.






    share|improve this answer










    New contributor



    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.
















    • 1





      thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

      – Arturo
      22 hours ago







    • 1





      There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

      – Conor Mancone
      21 hours ago






    • 3





      VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

      – domen
      18 hours ago















    12
















    This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.



    A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.



    AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.



    It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.



    In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.






    share|improve this answer










    New contributor



    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.
















    • 1





      thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

      – Arturo
      22 hours ago







    • 1





      There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

      – Conor Mancone
      21 hours ago






    • 3





      VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

      – domen
      18 hours ago













    12














    12










    12









    This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.



    A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.



    AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.



    It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.



    In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.






    share|improve this answer










    New contributor



    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.









    This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.



    A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.



    AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.



    It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.



    In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.







    share|improve this answer










    New contributor



    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.








    share|improve this answer



    share|improve this answer








    edited 10 hours ago









    Peter Mortensen

    7384 silver badges9 bronze badges




    7384 silver badges9 bronze badges






    New contributor



    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.








    answered 23 hours ago









    manassehkatzmanassehkatz

    2521 silver badge3 bronze badges




    2521 silver badge3 bronze badges




    New contributor



    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.




    New contributor




    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.












    • 1





      thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

      – Arturo
      22 hours ago







    • 1





      There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

      – Conor Mancone
      21 hours ago






    • 3





      VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

      – domen
      18 hours ago












    • 1





      thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

      – Arturo
      22 hours ago







    • 1





      There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

      – Conor Mancone
      21 hours ago






    • 3





      VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

      – domen
      18 hours ago







    1




    1





    thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

    – Arturo
    22 hours ago






    thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

    – Arturo
    22 hours ago





    1




    1





    There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

    – Conor Mancone
    21 hours ago





    There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

    – Conor Mancone
    21 hours ago




    3




    3





    VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

    – domen
    18 hours ago





    VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

    – domen
    18 hours ago













    24
















    This is not a sign of a problem for your server. There's an important detail here, which is:



    104.27.182.86 is not your server. That IP belongs to cloudflare.



    Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.



    Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:




    1. Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says 104.16.0.0/12 is of interest to you, as it includes all IPs from 104.16.0.0 to 104.31.255.255.
      AKA, 104.27.182.86 is owned by Cloudflare, not AWS.

    2. If you check your Elastic IP in AWS, you'll see that it is something other than 104.27.182.86. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.

    Additional Notes



    The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:



    1. Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address

    2. Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.

    3. Fortunately, 104.27.182.86 is not the IP address of your server :)





    share|improve this answer































      24
















      This is not a sign of a problem for your server. There's an important detail here, which is:



      104.27.182.86 is not your server. That IP belongs to cloudflare.



      Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.



      Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:




      1. Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says 104.16.0.0/12 is of interest to you, as it includes all IPs from 104.16.0.0 to 104.31.255.255.
        AKA, 104.27.182.86 is owned by Cloudflare, not AWS.

      2. If you check your Elastic IP in AWS, you'll see that it is something other than 104.27.182.86. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.

      Additional Notes



      The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:



      1. Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address

      2. Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.

      3. Fortunately, 104.27.182.86 is not the IP address of your server :)





      share|improve this answer





























        24














        24










        24









        This is not a sign of a problem for your server. There's an important detail here, which is:



        104.27.182.86 is not your server. That IP belongs to cloudflare.



        Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.



        Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:




        1. Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says 104.16.0.0/12 is of interest to you, as it includes all IPs from 104.16.0.0 to 104.31.255.255.
          AKA, 104.27.182.86 is owned by Cloudflare, not AWS.

        2. If you check your Elastic IP in AWS, you'll see that it is something other than 104.27.182.86. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.

        Additional Notes



        The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:



        1. Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address

        2. Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.

        3. Fortunately, 104.27.182.86 is not the IP address of your server :)





        share|improve this answer















        This is not a sign of a problem for your server. There's an important detail here, which is:



        104.27.182.86 is not your server. That IP belongs to cloudflare.



        Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.



        Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:




        1. Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says 104.16.0.0/12 is of interest to you, as it includes all IPs from 104.16.0.0 to 104.31.255.255.
          AKA, 104.27.182.86 is owned by Cloudflare, not AWS.

        2. If you check your Elastic IP in AWS, you'll see that it is something other than 104.27.182.86. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.

        Additional Notes



        The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:



        1. Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address

        2. Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.

        3. Fortunately, 104.27.182.86 is not the IP address of your server :)






        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 11 hours ago

























        answered 21 hours ago









        Conor ManconeConor Mancone

        14.9k6 gold badges44 silver badges63 bronze badges




        14.9k6 gold badges44 silver badges63 bronze badges
























            2
















            Looks like you just found out how a Load Balancer inside a CDN with SNI works



            You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:



            echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text


            ...or you can use your browser's certificate viewer:



            Certificate details






            share|improve this answer








            New contributor



            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.





















            • The content of the certificate is unrelated to the DNS PTR records.

              – Patrick Mevzek
              6 hours ago











            • The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

              – eckes
              1 hour ago















            2
















            Looks like you just found out how a Load Balancer inside a CDN with SNI works



            You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:



            echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text


            ...or you can use your browser's certificate viewer:



            Certificate details






            share|improve this answer








            New contributor



            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.





















            • The content of the certificate is unrelated to the DNS PTR records.

              – Patrick Mevzek
              6 hours ago











            • The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

              – eckes
              1 hour ago













            2














            2










            2









            Looks like you just found out how a Load Balancer inside a CDN with SNI works



            You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:



            echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text


            ...or you can use your browser's certificate viewer:



            Certificate details






            share|improve this answer








            New contributor



            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            Looks like you just found out how a Load Balancer inside a CDN with SNI works



            You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:



            echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text


            ...or you can use your browser's certificate viewer:



            Certificate details







            share|improve this answer








            New contributor



            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.








            share|improve this answer



            share|improve this answer






            New contributor



            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.








            answered 12 hours ago









            mjoaomjoao

            211 bronze badge




            211 bronze badge




            New contributor



            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.




            New contributor




            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.

















            • The content of the certificate is unrelated to the DNS PTR records.

              – Patrick Mevzek
              6 hours ago











            • The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

              – eckes
              1 hour ago

















            • The content of the certificate is unrelated to the DNS PTR records.

              – Patrick Mevzek
              6 hours ago











            • The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

              – eckes
              1 hour ago
















            The content of the certificate is unrelated to the DNS PTR records.

            – Patrick Mevzek
            6 hours ago





            The content of the certificate is unrelated to the DNS PTR records.

            – Patrick Mevzek
            6 hours ago













            The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

            – eckes
            1 hour ago





            The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

            – eckes
            1 hour ago


















            draft saved

            draft discarded















































            Thanks for contributing an answer to Information Security Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f216640%2fmore-than-three-domains-hosted-on-the-same-ip-address%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

            Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

            Ласкавець круглолистий Зміст Опис | Поширення | Галерея | Примітки | Посилання | Навігаційне меню58171138361-22960890446Bupleurum rotundifoliumEuro+Med PlantbasePlants of the World Online — Kew ScienceGermplasm Resources Information Network (GRIN)Ласкавецькн. VI : Літери Ком — Левиправивши або дописавши її