: Is it possble to discover that an addon domain is owned by the same person as the main domain? I have a business site (example.com) hosted at NameCheap. The hosting plan allows up to 4 addon

@Sims2060225

This is from a free site I use a lot Pentest-Tools I felt it would help you more than just doing a WOT search or the whois/alexia/dns lookups. This should be able to answer your question bye running a quick test to see if it shows up as you or not.
-Hillary Marek


'Find Subdomains' allows you to discover subdomains of your target
domain and increase your attack surface.

Finding subdomains is useful in a penetration test because they point
to different applications and indicate different external network
ranges used by the target company. For instance, x.company.com points
to IP 1.1.1.1 and y.company.com points to IP 2.2.2.2. Now you know two
different ip ranges possibly owned by your target and you can extend
the attack surface.

Furthermore, subdomains sometimes host 'non-public' applications (e.g.
test, development, restricted) which are usually less secure than the
public applications so they can be the primary attack targets.

Parameters

Domain name: is the target domain (ex. oracle.com, yahoo.com, etc)
Include subdomain details: this option instructs the tool to do DNS
resolution for each subdomain discovered and whois queries in order to
determine the network owners of the ip addresses

To use this free tool and check what shows up when you search your name you can click the following link.


How it works

This tool uses multiple techniques to find subdomains such as: DNS zone transfer, DNS enumeration based on a specially chosen wordlist and public search engines queries.

I hope this was helpful. Remember that namecheap offers the added package of privacy protection and I am sure many other companies like hostgator and godaddy do as well. Good luck.

Vote Up Vote Down

@Megan663

There are likely several attributes that your sites share in common that could be used to link them.


IP Address -- they will be hosted on the same server. Sites like this one list the host names that point to a particular server. There may also be many sites not owned by you on the same server which may disguise it somewhat.
You use the same templates or technology. Sites like this one track which technologies your site uses. Such a tool could be used to correlate ownership of your sites.
Google Adsense code -- If you have advertising on both sites you may use the same publisher ID in the source code of each because ad networks such as Google Adsense prohibit multiple accounts per person
Google Analytics code -- Similarly if you use Analytics, you could use the same code on both sites. At least with Google analytics you have the option of tracking the sites under different accounts or codes.
Google site verification -- If you verify both sites with Google Webmaster Tools, you will have to use the same code for both sites. You could put the code into a specially named HTML file rather than use a meta tag or a DNS entry which would make it very hard for any user to discover.

Vote Up Vote Down

@Shanna517

It is possible that reverse DNS would reveal something, but that depends on how Namecheap manages their shared hosting accounts. This could be determined by evaluating two domains on one account.

However, if someone is going through the trouble to evaluate the records of two sites, then there is a good chance they are already on to you. Seeing that both domains are hosted and registered with the same company or just in the same way (both registered through Namecheap, both use privacy, both on Namecheap shared hosting), may be all the confirmation they are looking for.

Vote Up Vote Down