All Tools Icon

How to Find Out Who's Hosting Any Website

Knowing who hosts a website comes up more often than you'd think. Security research, competitive intelligence, tracking down an abuse contact, investigating infrastructure before an acquisition, debugging why a site behaves differently from different regions — all of these start with the same question.

The answer usually takes under two minutes if you know where to look.

Method 1: IP WHOIS Lookup

Every domain resolves to at least one IP address. That IP is assigned to an organization through one of the regional internet registries. An IP WHOIS lookup tells you who owns the block containing that IP — which is almost always the hosting provider.

# First get the IP dig A example.com +short# Then look up that IP whois 93.184.216.34

The OrgName field in the response is what you're after. For cloud-hosted sites you'll typically see the cloud provider (Amazon, Google, Microsoft) rather than the specific customer account.

Method 2: NS Record Analysis

Nameservers often give away the hosting ecosystem even when IP analysis doesn't. A site using ns1.digitalocean.com nameservers is almost certainly on DigitalOcean. Cloudflare nameservers (*.ns.cloudflare.com) indicate either Cloudflare as CDN or Cloudflare Pages as hosting.

dig NS example.com +short

Worth knowing: nameservers can be independent of the actual hosting. A site might run on AWS EC2 but manage DNS through Cloudflare. NS records give you one piece of the picture, not the whole thing.

Method 3: HTTP Response Headers

Server response headers leak infrastructure information far more often than they should:

curl -I https://example.com

What to look for: • Server: nginx/1.24.0 — web server and often the distribution • X-Powered-By: PHP/8.2 — runtime environment • Via: 1.1 vegur (Heroku) — Heroku's load balancer signature • X-Cache: Hit from cloudfront — AWS CloudFront CDN confirmed • CF-Ray: 7d8f... — present on every Cloudflare-proxied response • X-Vercel-Id: — Vercel platform

Method 4: ASN Lookup

Autonomous System Numbers are assigned to organizations controlling significant IP ranges. Identifying the ASN of a hosting IP gives you more context than IP WHOIS alone:

dig +short 34.216.184.93.origin.asn.cymru.com TXT

Returns the ASN and organization. AS16509 is Amazon, AS13335 is Cloudflare, AS54113 is Fastly.

When the Site Is Behind a CDN

Sites using Cloudflare, AWS CloudFront, or Fastly present the CDN's IP, not the origin server. Finding the actual origin behind a CDN requires more work:

• Check historical DNS records before the CDN was added — SecurityTrails offers a free tier for this • Look at SSL certificate SAN fields for direct IP references • Check mail server IPs (MX records) which are often not CDN-protected • Shodan searches for SSL certificates can surface servers serving the same cert from a direct IP

Find out who is hosting any website — hosting provider, IP, ASN in seconds

Try Website Hosting Checker Free →

FAQs

Sometimes. Historical DNS lookup is the most reliable approach — before Cloudflare was added, the domain pointed directly to the origin IP. SecurityTrails keeps historical DNS records. Also check if any subdomains (staging.example.com, mail.example.com) are not behind Cloudflare and might expose the origin IP range.
Yes. WHOIS, DNS records, and HTTP headers are all publicly available information by design. You're reading data that's intentionally published. Security researchers, journalists, and IT teams use these techniques routinely for legitimate purposes.
Check the ASN first: Cloudflare is AS13335, Fastly is AS54113, CloudFront is AS16509. Also check response headers — Cloudflare always adds CF-Ray, CloudFront adds X-Cache and X-Amz-Cf-Id, Fastly adds X-Served-By.
Scroll to Top
Checker Tools