Bulletproof Hosting (BPH) providers have been a part of the threat actor landscape for over two decades. Interestingly, over the past year, the market has experienced a renaissance, marked by notable changes that include a surge in providers globally, the emergence of new tactics, and increased resilience against takedown efforts. This demonstrates just how deep and complex the space has become from a defender’s perspective.
In developing this new white paper, our goal is to illustrate the current state of the practice of Bulletproof Hosting and to highlight the potentially lesser-known technical dynamics we’ve been observing.
Our world-class threat analyst team has been diligently working to provide and scale our detection of BPH infrastructure, so that our clients can utilize those detections within their Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) tooling for accurate, dependable alerting on suspicious and malicious activity.
This white paper was created to raise awareness on internet hosting providers who’ve been labeled “Bulletproof” for their willingness to host services specifically designed to shield clients from technical and/or legal disruption. Our researchers employ a wide range of criteria to label the hosts we track as bulletproof, many of which are covered in the report and have not been discussed publicly elsewhere. Some, however, we cannot disclose for operational security reasons. We believe that sharing these criteria and methods publicly is crucial in informing defenders about where cybercriminals are hiding within their networks.
With the rise of artificial intelligence (AI) and large language models (LLMs), we anticipate that threat actor automation of infrastructure setup will continue to increase into 2026 and beyond. Extensive coverage of BPH providers enables defenders to remain vigilant against suspect infrastructure frequently used for obfuscation and weaponization, ensuring that actors using these networks as part of their automation fail before they can initiate attacks.
By circulating this information publicly without restriction, we aim to reach communities that have the means and motivation to shape a safer, more accountable threat landscape, with preemptive cyber defense for all kinds of defenders: threat hunters, policymakers, researchers, journalists, and government teams.
After reviewing the Bulletproof Hosting white paper, if you are interested in learning more about Silent Push preemptive cyber defense technology and how it can empower your organization’s security team, please get in touch with us or schedule a demonstration to discuss the platform with our experts.
Ready to dive deeper into the world of preemptive cyber defense? Take our technology for a test drive with the free Silent Push Community Edition today.
