Free Reverse IP Lookup Tool
Enter any IPv4 address (or a domain that resolves to one) to see every domain currently hosted on that IP, plus the PTR record. Multiple data sources are merged and deduplicated for maximum coverage.
What Reverse IP Typically Surfaces by Hosting Type
Indicative hit rates by hosting model. Shared hosting yields the richest results, dedicated and cloud return a handful, CDN edge IPs return effectively nothing because SNI hides the customer list.
Coverage at a glance
What reverse-IP can typically revealWhat a Reverse IP Lookup Returns
Each reverse-IP query merges multiple data sources plus a live PTR resolve. The result page always shows:
- The PTR record (reverse DNS hostname) for the IP
- Deduplicated list of every domain found
- Live filter to search inside the result set
- Direct links from each domain back to a fresh lookup or to the live site
- The hosting IP itself, with a link to the full IP lookup
What a Reverse IP Lookup Will Not Tell You
- Domains that are not publicly crawled (intranet hosts, password-protected sites)
- Domains that recently moved away (cache lag in the source datasets)
- Subdomains that share an IP without a public DNS A record
- Anything behind Cloudflare or another CDN where the origin IP is hidden
For CDN-fronted sites the IP you see is the CDN edge, which serves millions of unrelated domains. Reverse lookup on a Cloudflare or Fastly IP will not reveal the customer list.
How to Run a Reverse IP Lookup
Paste any IPv4 address into the box above. If you have a domain instead, you can paste it too: the tool resolves it to its A record first, then runs the reverse lookup on that IP. Good test targets are shared hosting IPs (try 199.59.243.200 or random small-host ranges). Dedicated servers, CDN edge nodes and recently allocated cloud IPs will typically return very few domains or none at all.
From a website you are investigating, take the IP from the IP lookup result or from dig +short example.com in a terminal. The crawlers behind this tool keep their indexes refreshed on rolling cycles, so newly assigned hosting IPs may take days to a week before all domains show up.
PTR Records and Why They Matter
Forward DNS maps a name to an IP (example.com → 93.184.216.34). Reverse DNS does the opposite via PTR records published in the special in-addr.arpa zone for IPv4 (and ip6.arpa for IPv6). The PTR is configured by the network operator that owns the IP block, not by the customer running a website on it.
For mail servers, a correctly configured PTR is mandatory. Major receivers (Gmail, Outlook, Yahoo) reject or heavily penalise email from IPs without a matching PTR. The PTR should resolve back to a hostname that itself has a forward record pointing to the same IP (forward-confirmed reverse DNS, FCrDNS). Residential ISPs encode geographic information in their PTRs, which is one of the inputs to IP geolocation: c-71-198-22-179.hsd1.ca.comcast.net tells you Comcast cable, California.
The lookup always shows the PTR in green when present. When the operator has not configured one (common for hosting IPs and recently allocated ranges), we display "No PTR record configured" in grey.
Shared Hosting, Dedicated, and CDN
The number of domains returned for an IP is mostly a function of the hosting model:
- Shared hosting (Namecheap, Bluehost, HostGator, GoDaddy starter plans). One IP, hundreds to thousands of small websites. These are the IPs that show the richest reverse lookup results.
- VPS / dedicated server. Usually one to a dozen domains belonging to a single owner. Useful for mapping an actor's infrastructure: find one site, reverse-lookup the IP, get their other projects.
- Cloud (AWS, GCP, Azure, Hetzner, DigitalOcean). Per-instance public IPs. Returns whatever the single tenant has pointed there.
- CDN edge (Cloudflare, Fastly, Akamai, Cloudfront). Millions of unrelated customer domains share each edge IP. Reverse lookup is uninformative; SNI inside the TLS handshake is what tells the edge which site to serve.
If your IP shows 800 random domains and you only own a handful, you are on a shared host. That can hurt your SEO and email deliverability if any of those neighbours behave badly. Moving to a VPS or a dedicated IP fixes both. The lookup is a quick way to check before committing to a hosting plan.
When a Reverse IP Lookup Is Actually Useful
Mapping attacker infrastructure. You see a phishing domain. Resolve its IP. Run a reverse lookup on the IP. Often the same actor has registered dozens of similar names on the same server. The reverse-IP view is the cheapest way to expand from one indicator of compromise to the full set.
SEO neighbourhood check. Before you sign up for a shared host, look up the IPs they advertise and see what kinds of domains are already there. If half of them are gambling, adult, or banned in your market, search engines may treat that IP block as low quality and the reputation rubs off on your new site.
Competitor research. A site you respect runs on a dedicated server. The reverse lookup shows their sister projects, beta domains, internal tools (when they leak into public DNS). It tells you the size of their portfolio without anyone tipping them off.
Migration verification. After moving DNS from one host to another, run a reverse-IP check on the new IP to confirm your domain is listed. If it is not, the public crawlers have not picked it up yet but propagation is otherwise fine. Use the DNS propagation checker to see live resolution worldwide.
Email deliverability triage. Your mail is bouncing. Check the PTR of your sending IP. If it does not resolve, or resolves to a generic provider hostname, that explains the rejection. Ask your host to set the PTR to a hostname that has a matching forward record.
Brand monitoring. Search common brand IPs for unauthorised use. Some hosting providers let customers reuse abandoned IPs that were previously bound to other domains. If a recently freed IP still carries your brand domains in the crawl indexes, you can clean it up before it becomes a phishing target.
Forensics. Old historical lookups are gold in incident response. Many sources cache for months even after a domain has moved. A reverse-IP check on an old C2 IP can surface dormant sister domains the attacker may rotate back into use.
More About Reverse DNS and How These Sources Work
Below are the questions and details people most often ask after running a reverse IP lookup. Skim what is interesting, skip the rest.
What does "reverse" actually mean
Forward DNS is the normal flow: ask for the IP of a name, get an IP. Reverse DNS goes the other way: ask for the name of an IP, get a hostname. The lookup happens in a special zone called in-addr.arpa for IPv4 (or ip6.arpa for IPv6), where IP addresses are written backwards and turned into a tree: 198.51.100.42 becomes 42.100.51.198.in-addr.arpa and a PTR record at that name returns the hostname. The owner of the IP block configures the PTR on their authoritative nameservers. Customers cannot set their own.
Why a reverse lookup is not always one-to-one
A single IP can host many web domains via virtual hosts. The web server reads the Host: header (or the SNI extension over TLS) and serves the matching site. Reverse DNS only returns one PTR per IP, the operator's chosen "canonical" hostname for that address. The hundreds of domains a shared host serves are not in PTR at all. They have to be discovered by crawling forward DNS and indexing which names resolve to that IP, which is exactly what reverse-IP services do.
Why coverage varies between tools
Different reverse-IP services index different chunks of the web on different schedules. Some prioritise large hosting providers, others focus on newly registered domains, others rely on certificate transparency logs. By merging multiple feeds and deduplicating the result, this tool aims to surface what any single one would miss.
Why CDN IPs are a dead end
Cloudflare, Fastly, Akamai, Cloudfront and similar CDNs sit in front of millions of customer sites with a small pool of anycasted IPs. A single edge IP serves tens of millions of domains. Reverse-IP lookup against a CDN IP returns either nothing (the CDN does not publish customer lists) or a giant random sample that tells you nothing useful. To find the origin IP behind a CDN-fronted site you need different techniques: historical DNS, email header analysis, certificate transparency searches, or origin misconfiguration scans.
Privacy and legal considerations
Reverse DNS data is public. Anyone with a recursive resolver can query it. The aggregated domain lists are scraped from forward DNS, which is also public by design. None of this constitutes a privacy violation. That said, using reverse-IP data to harass site operators, attempt unauthorised access, or send spam is illegal in most jurisdictions. The tool is for due diligence, threat intelligence and legitimate infrastructure research.
Why some domains in the list look weird or suspicious
Two common patterns: parked domains (registered but never used, often by domainers waiting to flip them) and recently expired domains the host has not cleaned up. Both end up in the reverse-IP index because they once had an A record pointing here. They do not necessarily reflect the current owner's activity. If you are using reverse IP for threat intelligence, cross-check each suspicious domain against current DNS to confirm it still resolves to the IP you are investigating.
Reverse IP for IPv6
The same principles apply but the address space is so vast that exhaustive crawling is impractical. PTR records still work and are configured by the network operator. Reverse-IP indexes focus on IPv4 because that is where shared hosting historically lives. IPv6 reverse lookup is mostly useful for verifying mail server PTRs and tracing operator infrastructure rather than enumerating co-hosted domains.
How this differs from a normal IP lookup
The IP lookup tells you about the IP itself: country, city, ISP, ASN, abuse contact, reputation, the single PTR. The reverse IP lookup focuses on which domains have forward records pointing at the IP. Together they give you the full "what is at this IP and who runs it" picture in two clicks.
Frequently Asked Questions
What is a reverse IP lookup?
A reverse IP lookup finds every domain currently hosted on a given IP address, plus the PTR (reverse DNS) record for the IP itself. It is the inverse of a normal DNS resolution.
Why does the same IP show different domain counts on different tools?
Each reverse-IP service indexes the web differently and updates on its own schedule. We merge several feeds and deduplicate so the result is as complete as the public web allows.
Why are no domains returned for some IPs?
Dedicated servers, CDN edge nodes and recently allocated IPs often have no indexed domains. Shared hosting IPs (Namecheap, Bluehost, HostGator) typically yield hundreds of results.
Can I look up a domain instead of an IP?
Yes. Enter any domain name and it will be resolved to its IPv4 address first, then the reverse lookup runs on that IP.
Is this tool free?
Yes. Unlimited lookups, no registration, no API key needed for the web interface. The free API at api.ipwhois.net is also available.
What is a PTR record?
PTR (Pointer) records map an IP back to a hostname. They live in the in-addr.arpa zone and are mainly used by mail servers to verify the sender. Residential ISPs encode geographic information in their PTRs.
Can I find domains behind a CDN like Cloudflare?
No. CDN edge IPs serve millions of unrelated customer domains via SNI, so reverse-IP lookup against a CDN IP returns nothing useful. Different techniques (historical DNS, certificate transparency, email headers) are needed to find the origin IP behind a CDN.