7 ways to determine the host site
Periodically, many of the webmasters are faced with the task of identifying the hosting provider for whom this or that site lives. The motivation for this is the most varied, as a simple curiosity, and the desire to live next door on a good and stable hosting, or vice versa, not to plunge into such a neighborhood. In this post I will provide several methods that I know of, with their strengths and weaknesses. It is possible that it is incomplete, so additions are welcome in every way.
I will also make a reservation “ashore”: all the sites and hosters mentioned below are mentioned only as illustrative examples, and in no case as an advertisement or, God forbid, anti-advertising. The choice of these was also made almost by accident - where, at what time, what methods I worked with, then I give it.
I list the methods in descending order of accuracy and, unfortunately, in increasing order of probability of operation.
It is even strange that I forgot to mention from the very beginning. Thank you variable For the reminder. Very often, people use the NS servers of the hoster, and with the help of whois, we instantly recognize the hoster.
I can not say that the majority, but quite a few serious hosters of the web server error pages do by default with information about themselves, and many of their clients forget / are too lazy to override them. Therefore, first of all it is worth trying to cause such an error and see what happens. It happens that the CMS on the site with the help of mod_rewrite intercepts requests to non-existent files and returns its 404th error in response. You can try to get around this by causing error 403 by accessing the directory without an index file. It can be a folder with pictures / templates, a folder for downloaded files, an engine cache, a system folder of type includes, etc. Small hint - sometimes on the error page there is a webmaster email and often you can find the domain of the host site from it.
')
Website: sloger.net
Page with 404 error.
Result: Hostter Hostgator
Here the situation is in many ways similar to the previous one - large hosters usually put their stubs on the virtualhost by default, small ones often neglect this and the virtualhost by default usually becomes either the first site of their first client or the standard dashboard from the control panel (this is especially often the case with cpanel). By the way, in the first scenario there is a pleasant special case consisting in the fact that sometimes the site of the hoster itself becomes the first site of the first client and therefore the reception still gives the desired result.
The surest way to get on the virtualhost by default is to access the web server by IP.
Website: www.tapebackup.ru
IP: 90.156.153.106
Result: please contact technical support: (495) 772–97–20, support @ masterhost.ru . From this we conclude that the hoster is a masterhost.
Without going into details, I can say that for any IP address you can use the PTR records in the DNS zone to set the “default domain” (not quite an exact term, but not the essence). At the same time, the overwhelming majority of hosters assign default domains to their servers that contain the host's domain name, i.e., something like server-name.hoster-name.com.
The easiest way to find out is the default domain name - with the help of all native ping'a (alternatively, the host, dig and nslookup commands under Linux, analogs should be under Windows, but I don’t know anything about them).
Website: cisnet.ru
Ping:
Result: Hoster - majordomo.ru
This method is closely related to the previous one, since it also implies the use of a Reverse DNS Lookup, only this time we will look at the domains for the nodes on the way to the node that interests us. The meaning of this is simple - we can most likely guess the host or data center that hosts the site we are interested in in the domains of the last nodes in the trace. Obviously, this method will help us if the subject is sitting on a VPS or a dedicated server.
Website: phpbbguru.net
Traceroute:
So we got to Whois'a great and terrible. The Whois database stores not only data about domains, but also data about the owners of ranges and individual IP addresses. Accordingly, based on the information, we can try to establish a company that owns a hosting or data center.
Website: searchengines.ru
IP: 83.222.4.124
Whois output:
Conclusion: the site lives on its own server hosted by Masterhost.
The variant proposed by the Crashus habraiser .
Addition from alexkbs :
In almost any case, we will be able to satisfy our curiosity, the only question is how accurate. And the moral for hosters - do not be lazy to secure an additional channel for the influx of customers, but at the same time, do not go too far so as not to scare away current customers.
UDP Transferred to Hosting.
UPD2. Added two more services offered in the comments.
UPD3, May 30th. Suddenly I found this topic in the drafts. Returned to the place.
Ps. If you know more ways - write, and I will add to the list.
I will also make a reservation “ashore”: all the sites and hosters mentioned below are mentioned only as illustrative examples, and in no case as an advertisement or, God forbid, anti-advertising. The choice of these was also made almost by accident - where, at what time, what methods I worked with, then I give it.
I list the methods in descending order of accuracy and, unfortunately, in increasing order of probability of operation.
1. NS server
It is even strange that I forgot to mention from the very beginning. Thank you variable For the reminder. Very often, people use the NS servers of the hoster, and with the help of whois, we instantly recognize the hoster.
pros
- Very often triggered on shared hosting
Minuses
- Often, users of VPS and dedikov, as well as advanced users on shared hosting use their DNS servers or use their subdomains.
2. Error 403/404
I can not say that the majority, but quite a few serious hosters of the web server error pages do by default with information about themselves, and many of their clients forget / are too lazy to override them. Therefore, first of all it is worth trying to cause such an error and see what happens. It happens that the CMS on the site with the help of mod_rewrite intercepts requests to non-existent files and returns its 404th error in response. You can try to get around this by causing error 403 by accessing the directory without an index file. It can be a folder with pictures / templates, a folder for downloaded files, an engine cache, a system folder of type includes, etc. Small hint - sometimes on the error page there is a webmaster email and often you can find the domain of the host site from it.
')
Example
Website: sloger.net
Page with 404 error.
Result: Hostter Hostgator
pros
- High accuracy determination. As a rule, most resellers have the opportunity to set their own error page for their customers by default, in which case we can even find out a reseller.
Minuses
- Very often, small hosters forget / too lazy to install their own error pages
- More often, the CMS site intercepts requests to non-existent files and hides the standard hoster page.
3. Virtualhost by default.
Here the situation is in many ways similar to the previous one - large hosters usually put their stubs on the virtualhost by default, small ones often neglect this and the virtualhost by default usually becomes either the first site of their first client or the standard dashboard from the control panel (this is especially often the case with cpanel). By the way, in the first scenario there is a pleasant special case consisting in the fact that sometimes the site of the hoster itself becomes the first site of the first client and therefore the reception still gives the desired result.
The surest way to get on the virtualhost by default is to access the web server by IP.
Example
Website: www.tapebackup.ru
IP: 90.156.153.106
Result: please contact technical support: (495) 772–97–20, support @ masterhost.ru . From this we conclude that the hoster is a masterhost.
pros
- Enough high definition of the hoster. You can always determine the host-owner of the server, and if the reseller works on a dedicated IP, then the ingod and the reseller.
- It works on almost all major hosters.
Minuses
- For small hosters usually does not work.
- Especially often it does not work on servers with cPanel - a standard dummy panel is issued
4. Reverse DNS Lookup
Without going into details, I can say that for any IP address you can use the PTR records in the DNS zone to set the “default domain” (not quite an exact term, but not the essence). At the same time, the overwhelming majority of hosters assign default domains to their servers that contain the host's domain name, i.e., something like server-name.hoster-name.com.
The easiest way to find out is the default domain name - with the help of all native ping'a (alternatively, the host, dig and nslookup commands under Linux, analogs should be under Windows, but I don’t know anything about them).
Example
Website: cisnet.ru
Ping:
PING cisnet.ru (78.108.81.180) 56 (84) bytes of data.
64 bytes from timur. majordomo.ru (78.108.81.180): icmp_seq = 1 ttl = 55 time = 102 ms
Result: Hoster - majordomo.ru
pros
- It works in most cases. If the resulting domain does not point somehow to the host site, then most likely it is a private dedicated server or VPS.
- Very easy to apply. Even if there is no ping at hand (suddenly from the phone / PDA), then there are plenty of free services for making Reverse DNS Lookup queries.
Minuses
- Sometimes for the infrastructure used separate domains that do not have an obvious connection with the hoster.
5. Traceroute
This method is closely related to the previous one, since it also implies the use of a Reverse DNS Lookup, only this time we will look at the domains for the nodes on the way to the node that interests us. The meaning of this is simple - we can most likely guess the host or data center that hosts the site we are interested in in the domains of the last nodes in the trace. Obviously, this method will help us if the subject is sitting on a VPS or a dedicated server.
Example
Website: phpbbguru.net
Traceroute:
traceroute to phpbbguru.net (88.198.45.197), 30 hops max, 60 byte packets
/ * Missed a piece of uninteresting to us * /
6 87.226.228.149 (87.226.228.149) 126.004 ms 103.010 ms 103.147 ms
7 xe-2–2–0.frkt-ar2.intl.ip.rostelecom.ru (87.226.133.150) 115.394 ms 115.575 ms xe-1–0–0.frkt-ar2.intl.ip.rostelecom.ru (87.226 .133.110) 137.887 ms
8 decix-gw. hetzner.de (80.81.192.164) 120.920 ms 137.137 ms 137.343 ms
9 hos-bb1.juniper1.rz6. hetzner.de (213.239.240.238) 115.458 ms hos-bb1.juniper2.rz6.hetzner.de (213.239.240.239) 118.008 ms 118.280 ms
10 hos-tr4.ex3k41.rz6. hetzner.de (213.239.252.180) 118.562 ms hos-tr2.ex3k41.rz6.hetzner.de (213.239.229.180) 137.399 ms hos-tr3.ex3k41.rz6. hetzner.de (213.239.252.52) 115.269 ms
11 static.88–198–45–197.clients.your-server.de (88.198.45.197) 136.016 ms 137.170 ms 132.209 ms
pros
- Almost 100% chance of success in defining a datacenter and a little less - directly hoster
- It is easy to do under any OS or using a web service.
Minuses
- Since there are quite a few DNS queries to perform, this method becomes the longest in the list.
6. Whois
So we got to Whois'a great and terrible. The Whois database stores not only data about domains, but also data about the owners of ranges and individual IP addresses. Accordingly, based on the information, we can try to establish a company that owns a hosting or data center.
Example
Website: searchengines.ru
IP: 83.222.4.124
Whois output:
whois 83.222.4.124% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See www.ripe.net/db/support/db-terms-conditions.pdf
% Note: This output has been filtered.
% "Receive the" -B "flag.
% Information related to '83 .222.4.0 - 83.222.5.255 '
inetnum: 83.222.4.0 - 83.222.5.255
netname: MASTERHOST-COLOCATION
descr: Masterhost is a hosting and technical support organization.
country: RU
admin-c: MHST-RIPE
tech-c: MHST-RIPE
status: ASSIGNED PA
mnt-by: MASTERHOST-MNT
source: RIPE # Filtered
role: MASTERHOST NOC
address: .masterhost
address: Lyalin lane 3, bld 3
address: 105062 Moscow
address: Russia
phone: +7 495 7729720
fax-no: +7 495 7729723
remarks: - remarks: MASTERHOST is available 24 Ă— 7
remarks: - remarks: Points of contact for MASTERHOST Network Operations
remarks: - remarks: Routing and peering issues: noc@masterhost.ru
remarks: SPAM and Network security issues: abuse@masterhost.ru
remarks: Mail and News issues: postmaster@masterhost.ru
remarks: Customer support: support@masterhost.ru
remarks: General information: info@masterhost.ru
remarks: - admin-c: AAS-RIPE
tech-c: AAS-RIPE
tech-c: UNK-RIPE
nic-hdl: MHST-RIPE
abuse-mailbox: abuse@masterhost.ru
mnt-by: MASTERHOST-MNT
source: RIPE # Filtered
% Information related to '83 .222.0.0 / 19AS25532 '
route: 83.222.0.0/19
descr: .masterhost
origin: AS25532
mnt-by: MASTERHOST-MNT
source: RIPE # Filtered
Conclusion: the site lives on its own server hosted by Masterhost.
pros
- It works flawlessly. In any case, you can determine at least approximately, in which DC the site is located and in DC, if at all (sometimes, the sites on the home computer are spinning ;-))
Minuses
- Low accuracy of determination. Cases where you can determine more accurately than DC - on the fingers count.
- Often whois gives a lot of details and offhand it is not so easy to isolate the necessary from the entire array.
7. SMTP server signature
The variant proposed by the Crashus habraiser .
a small hack - telnet on port 25, in most cases, it hangs a mail service that immediately gives the hostname of the server.
On the example of your sites:
# telnet sloger.net 25
Trying 70.87.244.247 ...
Connected to sloger.net.
Escape character is '^]'.
220-gator217.hostgator.com ESMTP Exim 4.69 # 1 Sat, 17 Apr 2010 13:19:55 -0500
# telnet cisnet.ru 25
Trying 78.108.81.180 ...
Connected to cisnet.ru.
Escape character is '^]'.
220 timur.majordomo.ru ESMTP Exim 4.69 Sat, 17 Apr 2010 22:20:47 +0400
# telnet phpbbguru.net 25
Trying 88.198.45.197 ...
Connected to phpbbguru.net.
Escape character is '^]'.
220 sds.fastvps.ru ESMTP Exim 4.69 Sat, 17 Apr 2010 22:23:25 +0400
Addition from alexkbs :
Instead of telnet you can use netcat:
$ netcat cisnet.ru 25
220 timur.majordomo.ru ESMTP Exim 4.69 Sun, 18 Apr 2010 12:21:21 +0400
^ C
Additional services offered by community
- mind offered the service www.wipmania.com , which allows to determine a lot of useful information, including DC
- unreg advised netcraft toolbar
- kapatskiy rightly reminded about FlagFox
- r0ster prompted the service http://2ip.ru/guess-hosting/
- medgimet shared a link to HostSpider
Morality
In almost any case, we will be able to satisfy our curiosity, the only question is how accurate. And the moral for hosters - do not be lazy to secure an additional channel for the influx of customers, but at the same time, do not go too far so as not to scare away current customers.
UDP Transferred to Hosting.
UPD2. Added two more services offered in the comments.
UPD3, May 30th. Suddenly I found this topic in the drafts. Returned to the place.
Ps. If you know more ways - write, and I will add to the list.
Source: https://habr.com/ru/post/91278/
All Articles