Bulletproof hosting cybercrime hunted down
Last Updated on 12 May 2025 at 12:05
Bulletproof hosting cybercrime is hunted down, and this is a good policy for law enforcement authorities.
For business and freelancers that are suffering from cybercriminals activities, bulletproof hosting is a problematic issue. A respectable business will never be in such a bad company. However, by tracking and hunting down cybercrime actors, analysing and understanding attack techniques, mechanisms and motivations, a business organisation can better understand the landscape, protect, and finally adjust their security policies accordingly.
With bulletproof hosting: “Copyright infringement notices are ignored, privacy is marketed as a feature of such services, and bulletproof offerings are the go-to for criminal groups seeking the infrastructure to host malware, establish command-and-control (C2) servers, and host illegal content, including malicious software and child pornography.”
What is bulletproof hosting ?
Bulletproof hosting (BPH) supplier provides hosting for malicious activities and stolen content by assuring anonymity to cybercrime authors and companies. This bulletproof hosting typically consists of services such as hiding ‘whois’ information, accepting forgery and false identity declaration.
Legitimate hosting providers are checking the real identity of their customers. Still, bulletproof hosting companies provide fake identities and host malware or other stolen materials such as articles, data, images, or pictures.
List of bulletproof hosting
Since end-2018 I discovered quite a huge list.
My current list is covering 1’570 such crime farms.
My list is covering even big, well-known names.
I use my list for web protection against content scrapers and cybercriminals. I manually check every single entry on this list.
A simplistic rule to identify the bulletproof hosting is based on their customer’s business model. Therefore, I apply the following rule: 2 (two) offending attacks and then the whole name/IP ranges are banished. I block them all, one hosting name and IP range at a time. In time, I learned how to improve my analysis of traffic data and immediately block the offenders.
Top bonus discovery: a very high number of North-American Canadian so-called “companies” are specialized in these bulletproof hosting “services”, but an encouraging, positive signal is that legal prosecutors in Switzerland are hunting them down too.
From my observation, there is quite easy to discover those cybercriminals by starting with webscrapers and copyright infringers. It is lengthy to obtain the ‘whois’ of a domain name hosted by those criminals. Indeed: cybercrime suppliers are loving cybercrime-focused customers.
“However, being willing to ignore the transgressions of clients does not mean that law enforcement will take the same stance.”
Read the whole article: https://www.zdnet.com/article/group-pleads-guilty-to-running-bulletproof-hosting-service-for-criminal-gangs-malware-payloads/
Going further:
“Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a haven for cybercriminals to attack their victims.”
https://www.zdnet.com/article/law-enforcement-take-down-three-bulletproof-vpn-providers/
More findings about the same subject:
Elena Debbaut is a strategic execution expert to boards and executive teams. She leads and advises on complex transformations when governance barriers, internal politics, or structural fragmentation prevent organizations from executing critical decisions.
Specialities:
• governance-constrained transformation
• operational restructuring
• strategic recovery & execution



