More than three domains hosted on the same IP addressHow can I search for registered domains, but not unregistered domains?Pentesting against own web service hosted on 3rd party platformIs unused before domains' whois info being scraped automatically on registration?

Get a MPS file using NEOS/GAMS web interface

What can we do about our 9-month-old putting fingers down his throat?

Leaving the USA

What does "先が気になる" mean?

Should I use "with" or "as" in place of X in "The derivative can be approximated X a finite-difference scheme"?

What exactly is Apple Cider

Does the word voltage exist in academic engineering?

Do Sobolev spaces contain nowhere differentiable functions?

How to best explain that you are taking pictures in a space for practice reasons?

Round away from zero

How do English-speaking kids loudly request something?

How can I hint that my character isn't real?

Is every sentence we write or utter either true or false?

What makes an ending "happy"?

What quests do you need to stop at before you make an enemy of a faction for each faction?

Short story: Interstellar inspector senses "off" nature of planet hiding aggressive culture

Constant integers and constant evaluation

Why do the Brexit opposition parties not want a new election?

How do I write a vertically-stacked definition of a sequence?

Why did Boris Johnson call for new elections?

I multiply the source, you (probably) multiply the output!

Fantasy Military Arms and Armor: the Dwarven Grand Armory

How do I play this harmonic? (Guitar)

Why has Marx's "Das Kapital" been translated to "Capital" in English and not "The Capital"



More than three domains hosted on the same IP address


How can I search for registered domains, but not unregistered domains?Pentesting against own web service hosted on 3rd party platformIs unused before domains' whois info being scraped automatically on registration?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








10















Not on purpose I did a reverse IP address look up on my site, and it shows that there are three other websites hosted on my server, and now I'm worried.



My web is arturofm.com, and here is the lookup:



https://reverseip.domaintools.com/search/?q=arturofm.com



It says:




Reverse IP Lookup Results — more than 3 domains hosted on IP address 104.27.182.86




What does that mean? That I've been hacked? Or that Amazon AWS uses the same IP address to serve multiple domains?










share|improve this question


























  • PTR records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.

    – Patrick Mevzek
    6 hours ago

















10















Not on purpose I did a reverse IP address look up on my site, and it shows that there are three other websites hosted on my server, and now I'm worried.



My web is arturofm.com, and here is the lookup:



https://reverseip.domaintools.com/search/?q=arturofm.com



It says:




Reverse IP Lookup Results — more than 3 domains hosted on IP address 104.27.182.86




What does that mean? That I've been hacked? Or that Amazon AWS uses the same IP address to serve multiple domains?










share|improve this question


























  • PTR records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.

    – Patrick Mevzek
    6 hours ago













10












10








10








Not on purpose I did a reverse IP address look up on my site, and it shows that there are three other websites hosted on my server, and now I'm worried.



My web is arturofm.com, and here is the lookup:



https://reverseip.domaintools.com/search/?q=arturofm.com



It says:




Reverse IP Lookup Results — more than 3 domains hosted on IP address 104.27.182.86




What does that mean? That I've been hacked? Or that Amazon AWS uses the same IP address to serve multiple domains?










share|improve this question
















Not on purpose I did a reverse IP address look up on my site, and it shows that there are three other websites hosted on my server, and now I'm worried.



My web is arturofm.com, and here is the lookup:



https://reverseip.domaintools.com/search/?q=arturofm.com



It says:




Reverse IP Lookup Results — more than 3 domains hosted on IP address 104.27.182.86




What does that mean? That I've been hacked? Or that Amazon AWS uses the same IP address to serve multiple domains?







aws whois






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 49 mins ago









Peter Mortensen

7384 silver badges9 bronze badges




7384 silver badges9 bronze badges










asked yesterday









ArturoArturo

1557 bronze badges




1557 bronze badges















  • PTR records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.

    – Patrick Mevzek
    6 hours ago

















  • PTR records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.

    – Patrick Mevzek
    6 hours ago
















PTR records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.

– Patrick Mevzek
6 hours ago





PTR records in the DNS have little use (except for emails), so their value can be mostly disregarded. A website will perfectly function even if there is no matching PTR records (from its IP back to its name). In a world with multiple CDNs and cloudhosting it is just impossible to imagine PTR records be in sync. Also many applications may not support multiple PTR records for a given IP address.

– Patrick Mevzek
6 hours ago










3 Answers
3






active

oldest

votes


















12
















This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.



A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.



AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.



It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.



In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.






share|improve this answer










New contributor



manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1





    thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

    – Arturo
    23 hours ago







  • 1





    There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

    – Conor Mancone
    21 hours ago






  • 3





    VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

    – domen
    18 hours ago


















24
















This is not a sign of a problem for your server. There's an important detail here, which is:



104.27.182.86 is not your server. That IP belongs to cloudflare.



Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.



Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:




  1. Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says 104.16.0.0/12 is of interest to you, as it includes all IPs from 104.16.0.0 to 104.31.255.255.
    AKA, 104.27.182.86 is owned by Cloudflare, not AWS.

  2. If you check your Elastic IP in AWS, you'll see that it is something other than 104.27.182.86. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.

Additional Notes



The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:



  1. Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address

  2. Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.

  3. Fortunately, 104.27.182.86 is not the IP address of your server :)





share|improve this answer


































    2
















    Looks like you just found out how a Load Balancer inside a CDN with SNI works



    You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:



    echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text


    ...or you can use your browser's certificate viewer:



    Certificate details






    share|improve this answer








    New contributor



    mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.





















    • The content of the certificate is unrelated to the DNS PTR records.

      – Patrick Mevzek
      6 hours ago











    • The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

      – eckes
      1 hour ago













    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "162"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    noCode: true, onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );














    draft saved

    draft discarded
















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f216640%2fmore-than-three-domains-hosted-on-the-same-ip-address%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    3 Answers
    3






    active

    oldest

    votes








    3 Answers
    3






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    12
















    This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.



    A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.



    AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.



    It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.



    In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.






    share|improve this answer










    New contributor



    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.
















    • 1





      thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

      – Arturo
      23 hours ago







    • 1





      There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

      – Conor Mancone
      21 hours ago






    • 3





      VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

      – domen
      18 hours ago















    12
















    This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.



    A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.



    AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.



    It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.



    In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.






    share|improve this answer










    New contributor



    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.
















    • 1





      thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

      – Arturo
      23 hours ago







    • 1





      There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

      – Conor Mancone
      21 hours ago






    • 3





      VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

      – domen
      18 hours ago













    12














    12










    12









    This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.



    A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.



    AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.



    It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.



    In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.






    share|improve this answer










    New contributor



    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.









    This is perfectly normal. There is a big shortage of IPv4 addresses. In fact, we should have run out of them a long time ago. But since so much infrastructure is based on IPv4, it keeps getting "extended" in many ways. One of them, which has actually been around for a very long time, is to host multiple domains on a single server with a single IP address.



    A typical inexpensive shared hosting account will share a server, and an IP address, with dozens, even hundreds of other small hosting accounts. A VPS (virtual private server) or similar account might be one of a handful on a server, though each VPS may in turn host many domains.



    AWS is a little different in that you pay for fairly clearly defined amounts of hardware (CPU cores, RAM, etc.), but except for the largest instances you are still using only a fraction of an actual machine.



    It is often possible to get a truly unique IPv4 address. With AWS, this is Elastic IP. Other hosting companies may have other names for it. For example, my favorite host used to offer separate IP addresses for a small fee to use with SSL certificates. There is no problem these days getting SSL certificates with a shared IPv4 address, so I use the shared IPv4 address and don't worry about it.



    In the case of AWS, the big advantage of an Elastic IP is not, IMHO, that you have the IP address to yourself. Rather, it is that the IP address is constant even when you restart an instance or if you move your domain to a different (e.g., larger) instance. That can save some hassle with DNS changes.







    share|improve this answer










    New contributor



    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.








    share|improve this answer



    share|improve this answer








    edited 10 hours ago









    Peter Mortensen

    7384 silver badges9 bronze badges




    7384 silver badges9 bronze badges






    New contributor



    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.








    answered yesterday









    manassehkatzmanassehkatz

    2521 silver badge3 bronze badges




    2521 silver badge3 bronze badges




    New contributor



    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.




    New contributor




    manassehkatz is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.












    • 1





      thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

      – Arturo
      23 hours ago







    • 1





      There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

      – Conor Mancone
      21 hours ago






    • 3





      VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

      – domen
      18 hours ago












    • 1





      thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

      – Arturo
      23 hours ago







    • 1





      There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

      – Conor Mancone
      21 hours ago






    • 3





      VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

      – domen
      18 hours ago







    1




    1





    thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

    – Arturo
    23 hours ago






    thank you guys I was worried for a second. I knew about the IPv4 but didn't think my server had one, I thought it was only the storage. Btw, I do have an elastic IP 🤔

    – Arturo
    23 hours ago





    1




    1





    There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

    – Conor Mancone
    21 hours ago





    There is some info here that is wrong. In particular, while it is true that you can have more than one VPS running on one physical machine, each VPS will have its own IP address. Similarly, Elastic IP's have nothing to do with getting the IP to yourself. Any IP address assigned to you by AWS will only be used by yourself. An Elastic IP is simply an IP address that is fixed to your account, and won't be reassigned to someone else if your service shuts down/restarts.

    – Conor Mancone
    21 hours ago




    3




    3





    VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

    – domen
    18 hours ago





    VPS does not necessarily have its own IP. Some cheap hosting providers will only forward a few ports. HTTP isn't the only use case, there are commonly used for gaming, VPN.

    – domen
    18 hours ago













    24
















    This is not a sign of a problem for your server. There's an important detail here, which is:



    104.27.182.86 is not your server. That IP belongs to cloudflare.



    Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.



    Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:




    1. Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says 104.16.0.0/12 is of interest to you, as it includes all IPs from 104.16.0.0 to 104.31.255.255.
      AKA, 104.27.182.86 is owned by Cloudflare, not AWS.

    2. If you check your Elastic IP in AWS, you'll see that it is something other than 104.27.182.86. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.

    Additional Notes



    The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:



    1. Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address

    2. Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.

    3. Fortunately, 104.27.182.86 is not the IP address of your server :)





    share|improve this answer































      24
















      This is not a sign of a problem for your server. There's an important detail here, which is:



      104.27.182.86 is not your server. That IP belongs to cloudflare.



      Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.



      Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:




      1. Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says 104.16.0.0/12 is of interest to you, as it includes all IPs from 104.16.0.0 to 104.31.255.255.
        AKA, 104.27.182.86 is owned by Cloudflare, not AWS.

      2. If you check your Elastic IP in AWS, you'll see that it is something other than 104.27.182.86. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.

      Additional Notes



      The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:



      1. Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address

      2. Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.

      3. Fortunately, 104.27.182.86 is not the IP address of your server :)





      share|improve this answer





























        24














        24










        24









        This is not a sign of a problem for your server. There's an important detail here, which is:



        104.27.182.86 is not your server. That IP belongs to cloudflare.



        Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.



        Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:




        1. Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says 104.16.0.0/12 is of interest to you, as it includes all IPs from 104.16.0.0 to 104.31.255.255.
          AKA, 104.27.182.86 is owned by Cloudflare, not AWS.

        2. If you check your Elastic IP in AWS, you'll see that it is something other than 104.27.182.86. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.

        Additional Notes



        The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:



        1. Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address

        2. Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.

        3. Fortunately, 104.27.182.86 is not the IP address of your server :)





        share|improve this answer















        This is not a sign of a problem for your server. There's an important detail here, which is:



        104.27.182.86 is not your server. That IP belongs to cloudflare.



        Cloudflare provides a large number of services to websites and sits in between the public internet and a server. Someone who uses Cloudflare doesn't point their DNS to their own server - they point their DNS to Cloudflare, and then point Cloudflare to their server. As a result, millions of websites point to Cloudflare's IP addresses. Because they service more websites than they have IP addresses, they often direct multiple websites to the same IP address.



        Apparently you use Cloudflare, and so the DNS for your domain points to them, not to your own IP address. When your Cloudflare account was setup, you (or whoever set it up) would have pointed Cloudflare to the actual IP address of your server. You can confirm this in two ways:




        1. Here is the list of IP addresses owned by Cloudflare. If you are unfamiliar with CIDR notation, the line which says 104.16.0.0/12 is of interest to you, as it includes all IPs from 104.16.0.0 to 104.31.255.255.
          AKA, 104.27.182.86 is owned by Cloudflare, not AWS.

        2. If you check your Elastic IP in AWS, you'll see that it is something other than 104.27.182.86. Only Cloudflare knows the actual IP of your server - this is one of the advantages it provides, and one of the reasons why people use it. Cloudflare sits in the middle so that the person requesting to view your website never communicates directly with your server. In this way, Cloudflare is able to protect your server from a wide variety of attacks.

        Additional Notes



        The above details should make it clear that this is not evidence that you have been compromised. However, here are some more related details for future reference:



        1. Shared hosting sites will have multiple domains served from one IP address. However, to the best of my knowledge, AWS does not offer such services. If you sign up for a VPS directly from AWS, you should expect to be the only one hosting any services on the given IP address

        2. Therefore, if you discovered that the DNS for other domains was pointing to the IP address of your VPS on AWS, and confirmed that the sites in question are actually being hosted on that IP address, then yes this would be a sign that your site had been hacked.

        3. Fortunately, 104.27.182.86 is not the IP address of your server :)






        share|improve this answer














        share|improve this answer



        share|improve this answer








        edited 11 hours ago

























        answered 21 hours ago









        Conor ManconeConor Mancone

        14.9k6 gold badges44 silver badges63 bronze badges




        14.9k6 gold badges44 silver badges63 bronze badges
























            2
















            Looks like you just found out how a Load Balancer inside a CDN with SNI works



            You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:



            echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text


            ...or you can use your browser's certificate viewer:



            Certificate details






            share|improve this answer








            New contributor



            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.





















            • The content of the certificate is unrelated to the DNS PTR records.

              – Patrick Mevzek
              6 hours ago











            • The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

              – eckes
              1 hour ago















            2
















            Looks like you just found out how a Load Balancer inside a CDN with SNI works



            You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:



            echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text


            ...or you can use your browser's certificate viewer:



            Certificate details






            share|improve this answer








            New contributor



            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.





















            • The content of the certificate is unrelated to the DNS PTR records.

              – Patrick Mevzek
              6 hours ago











            • The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

              – eckes
              1 hour ago













            2














            2










            2









            Looks like you just found out how a Load Balancer inside a CDN with SNI works



            You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:



            echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text


            ...or you can use your browser's certificate viewer:



            Certificate details






            share|improve this answer








            New contributor



            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.









            Looks like you just found out how a Load Balancer inside a CDN with SNI works



            You can also check others hosts (SANs) behind this particular CDN with OpenSSL, like so:



            echo | openssl s_client -showcerts -servername arturofm.com -connect arturofm.com:443 2>/dev/null | openssl x509 -inform pem -noout -text


            ...or you can use your browser's certificate viewer:



            Certificate details







            share|improve this answer








            New contributor



            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.








            share|improve this answer



            share|improve this answer






            New contributor



            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.








            answered 12 hours ago









            mjoaomjoao

            211 bronze badge




            211 bronze badge




            New contributor



            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.




            New contributor




            mjoao is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.

















            • The content of the certificate is unrelated to the DNS PTR records.

              – Patrick Mevzek
              6 hours ago











            • The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

              – eckes
              1 hour ago

















            • The content of the certificate is unrelated to the DNS PTR records.

              – Patrick Mevzek
              6 hours ago











            • The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

              – eckes
              1 hour ago
















            The content of the certificate is unrelated to the DNS PTR records.

            – Patrick Mevzek
            6 hours ago





            The content of the certificate is unrelated to the DNS PTR records.

            – Patrick Mevzek
            6 hours ago













            The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

            – eckes
            1 hour ago





            The certificate from Cloudflare shows very good how many domains they host on this ip (unlike the ptr record)

            – eckes
            1 hour ago


















            draft saved

            draft discarded















































            Thanks for contributing an answer to Information Security Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f216640%2fmore-than-three-domains-hosted-on-the-same-ip-address%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            19. јануар Садржај Догађаји Рођења Смрти Празници и дани сећања Види још Референце Мени за навигацијуу

            Israel Cuprins Etimologie | Istorie | Geografie | Politică | Demografie | Educație | Economie | Cultură | Note explicative | Note bibliografice | Bibliografie | Legături externe | Meniu de navigaresite web oficialfacebooktweeterGoogle+Instagramcanal YouTubeInstagramtextmodificaremodificarewww.technion.ac.ilnew.huji.ac.ilwww.weizmann.ac.ilwww1.biu.ac.ilenglish.tau.ac.ilwww.haifa.ac.ilin.bgu.ac.ilwww.openu.ac.ilwww.ariel.ac.ilCIA FactbookHarta Israelului"Negotiating Jerusalem," Palestine–Israel JournalThe Schizoid Nature of Modern Hebrew: A Slavic Language in Search of a Semitic Past„Arabic in Israel: an official language and a cultural bridge”„Latest Population Statistics for Israel”„Israel Population”„Tables”„Report for Selected Countries and Subjects”Human Development Report 2016: Human Development for Everyone„Distribution of family income - Gini index”The World FactbookJerusalem Law„Israel”„Israel”„Zionist Leaders: David Ben-Gurion 1886–1973”„The status of Jerusalem”„Analysis: Kadima's big plans”„Israel's Hard-Learned Lessons”„The Legacy of Undefined Borders, Tel Aviv Notes No. 40, 5 iunie 2002”„Israel Journal: A Land Without Borders”„Population”„Israel closes decade with population of 7.5 million”Time Series-DataBank„Selected Statistics on Jerusalem Day 2007 (Hebrew)”Golan belongs to Syria, Druze protestGlobal Survey 2006: Middle East Progress Amid Global Gains in FreedomWHO: Life expectancy in Israel among highest in the worldInternational Monetary Fund, World Economic Outlook Database, April 2011: Nominal GDP list of countries. Data for the year 2010.„Israel's accession to the OECD”Popular Opinion„On the Move”Hosea 12:5„Walking the Bible Timeline”„Palestine: History”„Return to Zion”An invention called 'the Jewish people' – Haaretz – Israel NewsoriginalJewish and Non-Jewish Population of Palestine-Israel (1517–2004)ImmigrationJewishvirtuallibrary.orgChapter One: The Heralders of Zionism„The birth of modern Israel: A scrap of paper that changed history”„League of Nations: The Mandate for Palestine, 24 iulie 1922”The Population of Palestine Prior to 1948originalBackground Paper No. 47 (ST/DPI/SER.A/47)History: Foreign DominationTwo Hundred and Seventh Plenary Meeting„Israel (Labor Zionism)”Population, by Religion and Population GroupThe Suez CrisisAdolf EichmannJustice Ministry Reply to Amnesty International Report„The Interregnum”Israel Ministry of Foreign Affairs – The Palestinian National Covenant- July 1968Research on terrorism: trends, achievements & failuresThe Routledge Atlas of the Arab–Israeli conflict: The Complete History of the Struggle and the Efforts to Resolve It"George Habash, Palestinian Terrorism Tactician, Dies at 82."„1973: Arab states attack Israeli forces”Agranat Commission„Has Israel Annexed East Jerusalem?”original„After 4 Years, Intifada Still Smolders”From the End of the Cold War to 2001originalThe Oslo Accords, 1993Israel-PLO Recognition – Exchange of Letters between PM Rabin and Chairman Arafat – Sept 9- 1993Foundation for Middle East PeaceSources of Population Growth: Total Israeli Population and Settler Population, 1991–2003original„Israel marks Rabin assassination”The Wye River Memorandumoriginal„West Bank barrier route disputed, Israeli missile kills 2”"Permanent Ceasefire to Be Based on Creation Of Buffer Zone Free of Armed Personnel Other than UN, Lebanese Forces"„Hezbollah kills 8 soldiers, kidnaps two in offensive on northern border”„Olmert confirms peace talks with Syria”„Battleground Gaza: Israeli ground forces invade the strip”„IDF begins Gaza troop withdrawal, hours after ending 3-week offensive”„THE LAND: Geography and Climate”„Area of districts, sub-districts, natural regions and lakes”„Israel - Geography”„Makhteshim Country”Israel and the Palestinian Territories„Makhtesh Ramon”„The Living Dead Sea”„Temperatures reach record high in Pakistan”„Climate Extremes In Israel”Israel in figures„Deuteronom”„JNF: 240 million trees planted since 1901”„Vegetation of Israel and Neighboring Countries”Environmental Law in Israel„Executive branch”„Israel's election process explained”„The Electoral System in Israel”„Constitution for Israel”„All 120 incoming Knesset members”„Statul ISRAEL”„The Judiciary: The Court System”„Israel's high court unique in region”„Israel and the International Criminal Court: A Legal Battlefield”„Localities and population, by population group, district, sub-district and natural region”„Israel: Districts, Major Cities, Urban Localities & Metropolitan Areas”„Israel-Egypt Relations: Background & Overview of Peace Treaty”„Solana to Haaretz: New Rules of War Needed for Age of Terror”„Israel's Announcement Regarding Settlements”„United Nations Security Council Resolution 497”„Security Council resolution 478 (1980) on the status of Jerusalem”„Arabs will ask U.N. to seek razing of Israeli wall”„Olmert: Willing to trade land for peace”„Mapping Peace between Syria and Israel”„Egypt: Israel must accept the land-for-peace formula”„Israel: Age structure from 2005 to 2015”„Global, regional, and national disability-adjusted life years (DALYs) for 306 diseases and injuries and healthy life expectancy (HALE) for 188 countries, 1990–2013: quantifying the epidemiological transition”10.1016/S0140-6736(15)61340-X„World Health Statistics 2014”„Life expectancy for Israeli men world's 4th highest”„Family Structure and Well-Being Across Israel's Diverse Population”„Fertility among Jewish and Muslim Women in Israel, by Level of Religiosity, 1979-2009”„Israel leaders in birth rate, but poverty major challenge”„Ethnic Groups”„Israel's population: Over 8.5 million”„Israel - Ethnic groups”„Jews, by country of origin and age”„Minority Communities in Israel: Background & Overview”„Israel”„Language in Israel”„Selected Data from the 2011 Social Survey on Mastery of the Hebrew Language and Usage of Languages”„Religions”„5 facts about Israeli Druze, a unique religious and ethnic group”„Israël”Israel Country Study Guide„Haredi city in Negev – blessing or curse?”„New town Harish harbors hopes of being more than another Pleasantville”„List of localities, in alphabetical order”„Muncitorii români, doriți în Israel”„Prietenia româno-israeliană la nevoie se cunoaște”„The Higher Education System in Israel”„Middle East”„Academic Ranking of World Universities 2016”„Israel”„Israel”„Jewish Nobel Prize Winners”„All Nobel Prizes in Literature”„All Nobel Peace Prizes”„All Prizes in Economic Sciences”„All Nobel Prizes in Chemistry”„List of Fields Medallists”„Sakharov Prize”„Țara care și-a sfidat "destinul" și se bate umăr la umăr cu Silicon Valley”„Apple's R&D center in Israel grew to about 800 employees”„Tim Cook: Apple's Herzliya R&D center second-largest in world”„Lecții de economie de la Israel”„Land use”Israel Investment and Business GuideA Country Study: IsraelCentral Bureau of StatisticsFlorin Diaconu, „Kadima: Flexibilitate și pragmatism, dar nici un compromis în chestiuni vitale", în Revista Institutului Diplomatic Român, anul I, numărul I, semestrul I, 2006, pp. 71-72Florin Diaconu, „Likud: Dreapta israeliană constant opusă retrocedării teritoriilor cureite prin luptă în 1967", în Revista Institutului Diplomatic Român, anul I, numărul I, semestrul I, 2006, pp. 73-74MassadaIsraelul a crescut in 50 de ani cât alte state intr-un mileniuIsrael Government PortalIsraelIsraelIsraelmmmmmXX451232cb118646298(data)4027808-634110000 0004 0372 0767n7900328503691455-bb46-37e3-91d2-cb064a35ffcc1003570400564274ge1294033523775214929302638955X146498911146498911

            Кастелфранко ди Сопра Становништво Референце Спољашње везе Мени за навигацију43°37′18″ СГШ; 11°33′32″ ИГД / 43.62156° СГШ; 11.55885° ИГД / 43.62156; 11.5588543°37′18″ СГШ; 11°33′32″ ИГД / 43.62156° СГШ; 11.55885° ИГД / 43.62156; 11.558853179688„The GeoNames geographical database”„Istituto Nazionale di Statistica”проширитиууWorldCat156923403n850174324558639-1cb14643287r(подаци)