How to find out which hosting company someone is hosting at?

Question

You can whois a domain to see who the domain is registered with.

Is there anyway you can find out which company a individual is hosting with? (i.e. Rackspace, Godaddy, etc.)

Answer 1

The best you could do is ping / nslookup it to get the IP; and lookup who the IP belongs to. Given superuser.com as an example:

PING superuser.com (64.34.119.12): 56 data bytes 64 bytes from 64.34.119.12: icmp_seq=0 ttl=52 time=50.067 ms

Then doing a WHOIS on the IP Address:

VCSJONESMBP:~ kjones$ whois "n 64.34.119.12"
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=64.34.119.12?showDetails=true&showARIN=false&ext=netref2
#

NetRange:       64.34.0.0 - 64.34.255.255
CIDR:           64.34.0.0/16
OriginAS:
NetName:        PEER1-BLK-08
NetHandle:      NET-64-34-0-0-1
Parent:         NET-64-0-0-0-0
NetType:        Direct Allocation
Comment:        For abuse issues please e-mail abuse@peer1.net. All
Comment:        other inquiries can be directed to support@peer1.net. Our 24 x 7 NOC is
Comment:        available at 866-484-2588
RegDate:        2004-07-15
Updated:        2006-11-06
Ref:            http://whois.arin.net/rest/net/NET-64-34-0-0-1

OrgName:        Peer 1 Network Inc.
OrgId:          PER1
Address:        75 Broad Street
Address:        2nd Floor
City:           New York
StateProv:      NY
PostalCode:     10004
Country:        US
RegDate:
Updated:        2010-07-22
Ref:            http://whois.arin.net/rest/org/PER1

OrgAbuseHandle: NSA-ARIN
OrgAbuseName:   Peer 1 Network AUP Enforcement
OrgAbusePhone:  +1-604-484-2588
OrgAbuseEmail:  abuse@peer1.net
OrgAbuseRef:    http://whois.arin.net/rest/poc/NSA-ARIN

OrgTechHandle: ZP55-ARIN
OrgTechName:   PEER 1 Network Inc
OrgTechPhone:  +1-604-683-7747
OrgTechEmail:  net-admin@peer1.net
OrgTechRef:    http://whois.arin.net/rest/poc/ZP55-ARIN

RNOCHandle: ZP55-ARIN
RNOCName:   PEER 1 Network Inc
RNOCPhone:  +1-604-683-7747
RNOCEmail:  net-admin@peer1.net
RNOCRef:    http://whois.arin.net/rest/poc/ZP55-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

And indeed, superuser.com is hosted on Peer1 networks (see the bolded text).

This approach however is flawed though. If they used a load balancing service like Elastic Load Balancing; you would probably get the IP address of the load balancer, not the actual host. The same can be said for a proxy server.

Answer 2

I find http://www.robtex.com useful for that kind of information. Enter the domain name, click Lucky, go to the Records tab and check the AS column to see who runs the servers involved.

Answer 3

http://www.whoishostingthis.com/ does a decent job of determining this, though the potential flaws @vcsjones brings up still apply.

Answer 4

In most cases you can do an IP lookup and this will tell you which range the IP address belongs to, often telling you which firm they're hosting with. For instance:

http://www.ip2location.com/demo?ipAddress=31.222.138.61

Shows that my company uses RackSpace.

Answer 5

You can infer much by just looking at the domain's DNS records:

C:\>nslookup www.example.org
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    www.example.org
Address:  123.45.67.89

C:\>nslookup -type=ptr 123.45.67.89
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
89.67.45.123.in-addr.arpa     name = member9876.members.hostingcompany.com      

First, use nslookup to find the site's IP address. Then, use the IP address to get any PTR records (reverse DNS.) Often, one (or the only) PTR record will show the hosting company's domain name (in the above example, we see that www.example.org is another name for member9876.members.hostingcompany.com.)