All information published and transmitted over the Internet depends on clients and servers in order to work properly. Unfortunately, it’s the last component that often figures in abuse cases, costing the privacy and security of users.
While cybercrime affect most networks and types of servers, a couple of specific environments are the top sources of modern network threats: unmanaged massive shared hosting servers, and unmanaged VPS/Cloud/dedicated servers.
We say this assuming that a server managed by a responsible and serious web hosting or system administration company will have network security monitoring controls to prevent a wide range of abuses, or in the case of any isolated incident, will act rapidly to mitigate it.
The web hosting market, especially shared hosting companies, provides clients with an easy way to create email addresses, upload data over FTP/SSH, and install any CMS so an operational website can go live on the Internet within minutes.
The downside to these instant app installations is that most of these shared hosting customers never remember to update their CMS installations (WordPress, the most famous example), which creates a big open door for third party bad guys to hack these vulnerable installations and create chaos—by setting up malware/cryptojacking campaigns and remote attacks over TCP networks, as well as phishing and spam campaigns.
The same goes for Cloud VMs and bare metal servers that never get the appropriate security patches for their services and hosted apps.
Other abuse cases stem from the use of weak passwords when creating email addresses in servers that do not enforce a minimum password strength requirement. And never forget FTP hacking over networks infected with malware or viruses, or by simply brute forcing login credentials until they succeed.
There are so many ways to gain access to private areas on the Internet. Therefore, having a way to report abuse cases is essential for keeping the Internet safe from illegal campaigns
Let’s look at the top scenarios in which you would likely need to find the hosting provider of a website to report its malicious activities on the Internet.
Five scenarios that require a hosting checker tool
When you’re running your OSINT process there is one thing you simply can’t forget: to find out the web hosting provider of your target. This is useful for many reasons, and particularly if you’re on a blue team.
Here are five scenarios that call for finding the web hosting provider:
Phishing is one of the most prevalent types of cybercrime these days. As seen in our previous article Finding Phishing Domains, it can target any online company, focusing on those services that are often accessed by massive numbers of users, such as online banking, financial institutions, government portals and social networks.
Spam has been around since 1978, when the first spam email was sent. While decades have passed, and despite the countless new technologies developed to fight spam, we still find it in our inboxes every day..
By now we are so used to seeing unsolicited emails that we unconsciously perceive this as a normal activity. naturally, we delete it. However, whenever massive spam campaigns are sent, the opportunity presents itself to stop abusers by reporting their activity to RBL lists, as well as to security agencies, who can take a deeper look into the spam’s source and report it to the email hosting provider.
Pirated software, also known as Warez, is essentially an illegal copy of a commercial software, one that has most likely been reversed-engineered to deactivate security lock mechanisms during trial periods. It’s frequently called ‘cracked software’, as it involves cracking software engineering defenses that protected the original version of the program.
This activity allows crackers to illegally modify the software (often by injecting parts of the code with viruses, malware or backdoors), and distribute it across underground webpages.
Copyright protected materials
Software, music, videos and books are pirated every day before being distributed freely over the Internet. However, we musn’t forget there are several copyright laws and international agreements that specifically forbid this type of activity. Distributing and trading copyrighted materials can generate serious legal problems for the people involved.
Copyright monitoring agencies typically generate the abuse reports that go directly to the ISPs and web hosting providers hosting websites that share pirated content.
Unauthorized brand usage and trademark violations
Monitoring your brand name is crucial in the prevention of fraud. Not only in cases of fraud by phishing campaigns that may steal data from your online customer base, but also fraud that uses your brand name and trademark illegally, without your permission.
Having a domain hosting checker tool to rapidly identify who is hosting a website is therefore vital.
Illegal pornography and adult services
Every year, the FBI and other government agencies report and shut down many web pages that illegally collect and share pornography involving minors (as seen in the infamous case: Backpage Seized by the FBI).
In such cases, having a quick web hosting checker solution to help you identify who is hosting the website is critical. Among other things, it determines the first layer of contact for sending your abuse notices.
SecurityTrails Hosting Checker: the easy way to find out who is hosting any website
Since the launch of our SecurityTrails free toolkit we included a single option that we knew was going to be a key for infosec investigations. We are talking about the web hosting lookup feature.
This feature allows you to discover who is hosting any website in mere seconds. How do you do it? Easily! Follow these steps to find out who is hosting any site:
- Go to www.securitytrails.com
- Enter any domain name
- Discover the web hosting provider
You’ll find out not only the website hosting provider, but also the email provider, all the passive DNS information about the domain name, as well as the DNS records, associated IP addresses and much more.
Cloudflare is protecting the real web hosting provider behind the website: What can I do?
This is a pretty common question around the Internet, but don’t worry — there are a few tricks and tools that can be used to bypass Cloudflare proxy services.
First, let’s remember that Cloudflare offers an easy way to handle abuse reports. In the same space they clarify that they are not the web hosting provider, but a proxy-intermediate service. They usually forward all abuse reports to the original owners and/or the web hosting provider:
“Cloudflare is a pass through network that caches content for a limited time only. We do not provide hosting services for any website. Cloudflare will notify the site owner and, where appropriate, the web hosting provider for the site in question.”
So, if you’ve already filled an abuse form and still have no luck, check this blogpost that can help you identify the real web hosting provider behind a website: Finding the IP address of a website behind Cloudflare
Today we learned that finding the web hosting company behind a website is one of the first necessary steps for anyone who needs to report such illegal activities as incoming spam, remote attacks, phishing, warez and more.
If you represent any government or private agency dedicated to tracking down illegal activities on the Internet, then try our free API service to integrate our intelligence platform with your own apps.
And if that’s not enough, our SurfaceBrowser™ enterprise-grade product can take you to the next level—by giving you a full correlation between web hosting provider, IP address, domain names, DNS records and SSL certificates. Book a demo with our sales team today!