InsightVM scanning of host with multiple websites


Websites are often hosted on 3rd party providers, which host many websites on a single server. By running Apache/Nginx, that single physical server IP address ( can be associated with many different domains on the same port. E.g.,,, all being served by the same physical IP but at different ports per session.

If I configure an InsightVM site with “”, the discovery and scan use the IP instead of DNS – and thus pick up several active ports >1024. This causes it to report vulnerabilities for websites other than (e.g., WordPress versions, open directory listings, etc.).

Is there a way to restrict insightVM to request only the DNS instead of the IP – e.g., “” instead of “”?

How are folks dealing with scanning public assets that are mult-tenant?


Did you eve get a reply or fix to this?