Bulletproof Hosting (BPH) providers have been a part of the threat actor landscape for decades. Interestingly, the market has experienced a renaissance in the past year, marked by notable changes that include a surge in providers globally, the emergence of new tactics, and increased resilience against takedown efforts. This demonstrates just how deep and complex the space has become from a defender’s perspective.
Silent Push Threat Analysts have developed a new white paper, “Shining a Light on the Global Bulletproof Hosting Ecosystem,” to illustrate the current state of the BPH practice and highlight the potentially lesser-known technical dynamics we’ve been observing.
The Allure of BPH
Threat actors are drawn to BPH providers for their permissive policies regarding hosted content and their hands-off approach to abuse complaints and takedown requests. These providers enable malicious infrastructure, such as phishing kits, Command-and-Control (C2) servers, and data exfiltration points, to remain online for longer periods with fewer disruptions.
Throughout the report, we discuss exactly what defenders need: real-time data and hunting tools to block malicious traffic emanating from BPHs. Our Indicators of Future Attack™ (IOFA™) feeds for BPHs are explicitly designed to expose threat actors as they migrate infrastructure, flagging new ASNs, IP ranges, and hosting providers long before they appear on other threat radars.
Engaging Preemptive Cyber Defense
The Silent Push platform features an ever-increasing catalogue of Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), and other integrations to support organizations’ need for preemptive cyber defense, equipping defenders with accurate and dependable alerting on suspicious and malicious activity.
Our goal is to raise awareness on internet hosting providers who’ve been labeled “Bulletproof” for their willingness to host services specifically designed to shield clients from technical and/or legal disruption. During the course of our research, we employed a wide range of criteria to label the hosts we track as bulletproof, many of which are covered in the report and have not been discussed publicly elsewhere. Some, however, we cannot disclose for operational security reasons. We believe that sharing these criteria and methods publicly is crucial in informing defenders about where cybercriminals are hiding within their networks.
BPH: Expanding, Not Going Away
With the rise of artificial intelligence (AI) and large language models (LLMs), we anticipate that threat actor automation of infrastructure setup will continue to increase into 2026 and beyond. Extensive coverage of BPH providers enables defenders to remain vigilant against suspect infrastructure frequently used for obfuscation and weaponization, ensuring that actors using these networks as part of their automation fail before they can initiate their attacks.
By circulating this information publicly without restriction, we want to reach communities that have the means and motivation to shape a safer, more accountable threat landscape, with preemptive cyber defense for all kinds of defenders: threat hunters, policymakers, researchers, journalists, and government teams.
After reviewing our Bulletproof Hosting white paper, if you are interested in learning more about Silent Push preemptive cyber defense technology and how it can empower your organization’s security team, please get in touch with us or book a demonstration to discuss the platform with our experts.
Ready to dive deeper into the world of preemptive cyber defense? Take our technology for a test drive with the free Silent Push Community Edition today.
