The rapid transition to digital platforms offers advantages, but it also creates new opportunities for cybercriminals, particularly those who use Bulletproof Hosting (BPH) to carry out their fraudulent activities.
Bulletproof hosting describes web hosting services characterized by minimal regulatory oversight. These hosts, known as ‘bulletproof’, can resist takedown attempts and ignore complaints, ensuring their operations remain uninterrupted.
This resilience appeals to individuals seeking to host sites with potentially illegal or dubious content, such as outlets for stolen or counterfeit goods or phishing schemes aimed at tricking users into disclosing personal information.
Simply, bulletproof hosting is the darker side of web hosting, frequently linked to actions that are illegal and unethical.
When comparing conventional hosting and bulletproof hosting, these are the main differences:
| Conventional Hosting | Bulletproof Hosting | |
|---|---|---|
| Regulations |
Adheres strictly to legal standards and internet regulations. |
Lax regulations, resistant to takedowns. |
| Content Policy |
Strict content policy, must abide with regulations. Only legal and ethical supported websites and content. |
No limitations on content. Allows all kinds of ethical and unethical content and websites. |
|
Anonymity |
Personal information needed for the service. |
Loose regulations on background information, allowing anonymity. |
|
Clientele |
Caters to legitimate businesses, bloggers, and individuals. |
Often used by threat actors. |
How Bulletproof Hosting Works
Bulletproof hosting is a notable feature of phishing hosting services. Many phishers operate on bulletproof hosting centers that prioritize protecting their customers’ anonymity and maintaining uptime, even if they engage in illegal activities like phishing.
These centers provide a safe haven for phishers and make it difficult for law enforcement agencies to shut down these operations.
To evade detection, phishers frequently resort to content duplication tactics. They duplicate content from legitimate websites onto their own servers, creating an illusion of authenticity with the aim of deceiving users. This practice makes it harder for individuals to differentiate between genuine websites and phishing sites.
Why Bulletproof Hosting is Used
Bulletproof hosting plays a crucial role in the infrastructure of the cybercrime ecosystem, providing a secure base from which attackers can conduct various illegal operations. These include:
- Operating servers for command and control (C2) of botnets
- Executing distributed denial-of-service (DDoS) attacks
- Running phishing websites
- Storing and distributing pirated or adult content
- Evading detection by law enforcement agencies
Bulletproof Hosting Types
There are three different BPH models that are utilized by threat actors and groups based on their budget and requirements. BPHs with abused and/or compromised assets and credentials are the cheapest, while BPHs with dedicated VPS/VDS/Data centers are the most reliable (with less downtime and enhanced anonymity and features).
Dedicated BPH
Cybercriminals frequently take advantage of dedicated bulletproof hosting services, which allow them to run phishing sites, spam campaigns, and malicious domains/duplicate websites for fees starting at just $15.
This affordability and the service’s resilience enable them to sustain these operations over long durations. These hosting options are particularly favored for brief, targeted campaigns where only short-term hosting is necessary. Additionally, they provide fundamental hosting services along with anonymity, and can cater to specific geolocation preferences.
BPH with abused servers and/or compromised assets
Bulletproof hosting providers sometimes exploit legitimate servers by renting them to threat actors or groups, often using these servers without the knowledge of the actual service providers.
This method is particularly effective for activities like operating reverse proxies, conducting scanning, sending spam, or performing brute force attacks. These machines are frequently set up by abusing cloud service providers or by utilizing compromised credentials.
Additionally, this type of hosting is used to support infrastructure for Hidden Virtual Network Computing (HVNC) and similar technologies.
BPH with dedicated servers or data centers
Bulletproof hosting providers often leverage insiders within legitimate hosting companies, gaining insight into operational procedures and compliance with legal frameworks.
They are adept at strategically selecting geolocations based on specific needs, which enables them to virtually migrate virtual machines or entire data centers with minimal downtime. This capability is particularly valuable for hosting backends and critical systems that form the backbone of extensive infrastructural setups.
Bulletproof Hosting Examples
Here are some specific examples of activities and content types typically associated with bulletproof hosting:
Malware Distribution: Bulletproof hosts are often used to store and distribute malware, including viruses, ransomware, and spyware. This allows cybercriminals to maintain repositories of harmful software that can be downloaded or automatically installed on victims’ devices without the risk of being quickly shut down by hosting providers.
Illegal Marketplaces: These platforms host websites for the sale of illegal goods such as drugs, firearms, and stolen data. The resilience of bulletproof hosting against legal actions makes it an ideal environment for these types of marketplaces to operate without significant disruption.
Phishing Operations: Bulletproof hosting services facilitate phishing by hosting fake websites that mimic legitimate ones. These sites deceive users into entering sensitive information like passwords, credit card numbers, and personal identification details, which are then exploited by criminals.
Fraudulent Schemes: Scammers use bulletproof hosts to run various schemes, including advance-fee fraud, investment scams, and counterfeit product sales. These hosts allow the scammers to operate with a reduced risk of being taken offline, thus prolonging their fraudulent activities.
Learn more about how to take down a scam website
Botnet Command and Control Servers: Cybercriminals use bulletproof hosting to operate command and control servers for botnets. These servers send instructions to networks of infected computers, coordinating attacks like Distributed Denial of Service (DDoS) attacks or spam campaigns.
Content Piracy: Sites hosting pirated content, such as movies, music, and software, often use bulletproof hosting to evade copyright enforcement efforts and legal consequences, thus enabling ongoing access to illegally copied material.
Combatting BPH
Bolster’s advanced AI-driven anti-phishing and domain monitoring technology safeguards your enterprise against emerging phishing dangers. Leveraging continuous scanning capabilities, it swiftly detects threats and unauthorized use of your brand assets, ensuring reliable protection for your business.
See Bolster in action when you request a demo.
