How to Programmatically Identify Web Hosting Providers from IP Addresses Using WHOIS and DNS Lookups


2 views

When dealing with legacy systems or forgotten hosting arrangements, identifying the web hosting provider from an IP address becomes crucial for maintenance and migration tasks. Traditional methods like basic WHOIS lookups often return registry information rather than the actual hosting company.


# Python implementation using socket and whois libraries
import socket
import whois

def get_hosting_provider(ip_address):
    try:
        # Reverse DNS lookup
        hostname = socket.gethostbyaddr(ip_address)[0]
        print(f"Associated hostname: {hostname}")
        
        # WHOIS lookup on the IP
        w = whois.whois(ip_address)
        print(f"WHOIS information:\n{w}")
        
        # Extract relevant hosting information
        if 'org' in w:
            return w['org']
        elif 'netname' in w:
            return w['netname']
    except Exception as e:
        print(f"Error occurred: {str(e)}")
    return None

For more precise identification, combine multiple data sources:

  • ASN (Autonomous System Number) lookup
  • Reverse DNS pattern analysis
  • Historical IP allocation data

# Using ipinfo.io API for enhanced data
import requests

def get_hosting_details(ip):
    API_KEY = 'your_api_key_here'
    url = f"https://ipinfo.io/{ip}/json?token={API_KEY}"
    response = requests.get(url)
    data = response.json()
    
    if 'org' in data:
        return data['org'].split(' ')[1]  # Typically contains ASN and provider
    return None

Remember that IP addresses can be:

  • Shared among multiple hosting customers
  • Part of CDN networks (Cloudflare, Akamai)
  • Reallocated to different providers over time

For websites still active:


# Simple HTTP header inspection
import requests

def check_server_header(url):
    try:
        response = requests.head(url)
        if 'server' in response.headers:
            return response.headers['server']
    except:
        pass
    return None

html

When dealing with legacy infrastructure or inherited projects, developers often encounter situations where hosting information gets lost over time. The core problem involves mapping an IP address to its web hosting service provider - a task that requires multiple technical approaches since no single method guarantees 100% accuracy.

1. WHOIS Lookup with Python: While basic WHOIS might not always return hosting details, deeper queries can help:

import whois
import socket

def get_hosting_info(ip_or_domain):
    try:
        w = whois.whois(ip_or_domain)
        return {
            'registrar': w.registrar,
            'creation_date': w.creation_date,
            'name_servers': w.name_servers,
            'ips': [socket.gethostbyname(ns) for ns in w.name_servers if ns]
        }
    except Exception as e:
        return f"WHOIS lookup failed: {str(e)}"

print(get_hosting_info("example.com"))

Reverse DNS and ASN Lookup: Hosting providers often maintain specific naming conventions in reverse DNS:

import dns.resolver

def reverse_dns_lookup(ip_address):
    try:
        ptr_record = dns.reversename.from_address(ip_address)
        answers = dns.resolver.resolve(ptr_record, "PTR")
        return [str(r) for r in answers]
    except Exception as e:
        return f"Reverse DNS lookup failed: {str(e)}"

print(reverse_dns_lookup("8.8.8.8"))

Automated traceroute analysis can reveal hosting infrastructure patterns:

import subprocess

def analyze_traceroute(target):
    try:
        result = subprocess.run(
            ["traceroute", target],
            capture_output=True,
            text=True
        )
        hops = [line for line in result.stdout.split('\n') if line]
        return analyze_hops(hops)
    except Exception as e:
        return f"Traceroute failed: {str(e)}"

def analyze_hops(hops):
    hosting_patterns = ["aws", "cloud", "linode", "digitalocean"]
    for hop in hops:
        for pattern in hosting_patterns:
            if pattern in hop.lower():
                return f"Possible {pattern} infrastructure detected"
    return "No clear hosting pattern identified"

For production environments, consider these reliable APIs:

  • IPinfo.io - Provides detailed ASN and hosting company information
  • MaxMind GeoIP - Offers hosting company detection along with geolocation
  • Shodan - Specialized in internet-connected device intelligence
# Example using IPinfo API
import requests

def get_ip_details(ip, token):
    url = f"https://ipinfo.io/{ip}/json?token={token}"
    response = requests.get(url)
    return response.json()

# API response typically includes:
# {
#   "ip": "8.8.8.8",
#   "hostname": "dns.google",
#   "org": "AS15169 Google LLC",
#   "asn": {
#     "asn": "AS15169",
#     "name": "Google LLC",
#     "domain": "google.com",
#     "route": "8.8.8.0/24",
#     "type": "hosting"
#   }
# }

When attempting to identify a hosting provider:

  1. Start with WHOIS and reverse DNS lookups
  2. Perform traceroute analysis looking for hosting patterns
  3. Check SSL certificates for organizational information
  4. Cross-reference with multiple IP intelligence APIs
  5. Look for distinctive headers or server signatures

Be aware that:

  • Cloud providers often mask underlying infrastructure
  • CDNs may obscure the original hosting provider
  • Some hosting companies use generic ASNs
  • IP addresses can be reassigned over time