How to Find Out Who is Hosting a Website Using WHOIS

How do I find out WHOIS hosting a website?

When researching a website, one piece of information you may want to uncover is who the web host or hosting provider is. The website’s hosting company can provide insight into the technology stack, security posture, and infrastructure supporting the site.

This guide will explore multiple techniques to determine a website’s hosting provider using the WHOIS domain lookup system. We’ll also cover how to gather additional intel beyond just the registrar name to paint a more complete picture of the hosting situation.

Why Identify a Website’s Hosting Provider?

Here are some key reasons why uncovering a website’s host can be useful:

• Gain insight into the underlying technology powering the site
• Assess security based on the host’s reputation andfeatures
• Identify relationships between sites hosted on common providers
• Research a host’s reliability based on uptime and performance
• Determine the geographic location of hosting infrastructure
• Identify shared hosting situations indicating lower resources
• Explore attack surface through associated IP blocks and ASNs
• Discover associated domains and accounts on the same server
• Investigate a host’s accessibility policies and compliance

This information helps when performing competitive research, security analysis, targeting sales outreach, tracking down malicious sites, or determining infrastructure ownership.

Check the ICANN WHOIS Record

The first step in identifying a website’s hosting provider is looking up the ICANN WHOIS records for that domain. Here’s how:

1. Go to a WHOIS lookup site like whois.is
2. Enter the domain name you want to research
3. Review the Registrar section of WHOIS output
4. The registrar often doubles as the web host as well
5. Confirm by looking for associated name server records pointing to the registrar

However, many sites use 3rd party hosting despite what the domain registrar is. The registrar field should be treated as just a starting clue, not definitive proof of hosting.

Reverse IP Address Lookup

A more reliable way to uncover the host is a reverse IP lookup on the site’s IP address:

1. Find the website’s IP address using ping or dig command
2. Use a reverse IP lookup tool like viewdns.info
3. Enter the IP address to search
4. The hosting provider will be listed under IP Location info
5. Match IP owner to confirm web host

Reverse IP lookup maps the website’s underlying IP address to the associated hosting provider. This reveals the true host even if different than the domain registrar.

Check Name Server Records

The technical name server (NS) records for a domain also provide clues about hosting:

1. Fetch NS records using dig ns domain.com
2. Research which provider owns each name server
3. Name servers operated by the web host point to the hosting company
4. Shared or 3rd party DNS won’t match the hosting provider

Name server lookups confirm if DNS is pointing towards or away from the primary hosting provider.

Review Web Server Headers

The web server headers exposed on the actual website can indicate hosting:

1. Visit the website and view page source
2. Find the server header, which may look like “Server: nginx”
3. Research to determine what company is associated with that server type
4. For example, Amazon EC2 often returns “Server: AmazonS3”

Web server headers reveal hosting if the company name appears or if the server technology points to a certain provider.

Check Shared Hosting Indicators

Sites on shared hosting plans often expose their provider in content or URLs:

• URLs like mysite.secureserver.net point to GoDaddy hosting
• References to wp-content/uploads/ reveal WordPress hosting
• Links to support.bluehost.com show Bluehost hosting

With shared hosting, providers reference themselves across site content.

Use Website Tracking Tools

Cybersecurity tools like BuiltWith and Wappalyzer identify hosts when scraping sites:

• Submit the website to BuiltWith to view the identified Technologies > Hosting section
• Browser extensions like Wappalyzer show the hosting provider

These tools use fingerprints and heuristics to detect hosting companies.

Tips for Confirming Web Hosting info

• Search for the host’s name servers across WHOIS records to tie domains together
• Check for matching registrant contacts and addresses
• Obtain SSL certificate and lookup issuer organization
• Trace DNS delegation paths through parent domains
• Identify ownership of website’s autonomous system number (ASN)
• Connect IP blocks to hosting brands
• Correlate web server software default pages (like Plesk)
• Catch hosting references in robots.txt files
• Identify provider-specific page templates

Combining the techniques above provides the best shot at definitively determining the hosting provider powering any website. Confirming web hosting provides valuable insight when profiling sites.

Unmasking Cloud Hosting Providers

Identifying hosting gets more complex with cloud hosting providers like Amazon AWS, Microsoft Azure, and Google Cloud. These platforms hide the underlying host. To unmask them requires additional steps:

• Check for cloud platform references in JS files, like Amazon AWS SDK
• Analyze raw HTTP headers for cloud host indicators
• Reverse DNS lookup for cloud domain patterns
• Fingerprint server behavior patterns and libraries
• Catch cloud platform URLs in sitemaps or feeds
• Identify associated platform admin panels like /aws-console/
• Catch cloud platform service references like Amazon S3 buckets

Cloud hosting represents the biggest challenge but combining forensic techniques can help reveal the platforms used even without direct access.

Limitations of Public Host Identification

Some key limitations to note when uncovering hosting providers from public info:

• Inaccurate or outdated WHOIS and DNS records
• Cloud infrastructure obscures underlying hosts
• CDNs mask origin infrastructure
• Shared resources reveal platform not actual site host
• Host spoofing possible by altering headers and DNS
• Websites behind firewalls or VPNs difficult to analyze
• No access to server-side only secrets like /etc/hosts

Publicly accessible data provides reasonable clues to hosting but 100% definitive confirmation may require inside access or cooperation.

Key Takeaways

• Identifying a website’s hosting provider gives insight into technology stack, geography, relationships, infrastructure, and policies.
• WHOIS, reverse IP, name servers, HTTP headers, default pages, and detector tools all help reveal hosting providers.
• For cloud sites, look for provider references in code and administrator consoles.
• Combine multiple signals to overcome outdated records, shared resources, CDNs, and spoofing attempts.
• While public information can uncover hosting providers, definitive confirmation may require internal access.

Knowing the techniques covered here allows you to shine light on the hosting environment and infrastructure supporting any website. This adds valuable context for security analysis, vendor outreach, tracking infrastructure usage, and research.

With the exponential growth of websites on the internet, the ability to determine which platforms host those sites is an essential skill. Hopefully this guide provides a robust process to unveil hosting providers powering sites across the web!

Read also:

• How To Check If A Domain Has Been Registered Before
• How To Check Domain Names Using CMD
• Domain Names Vs. Domain Registration: What’s The Difference?