Summary

  • Colombia Hosting can be connected across its contract, privacy policy and LACNIC resource registration to a named Colombian company and a stable Cali contact surface.
  • AS52335 was visibly originating one IPv4 /24 during the research snapshot, which is stronger network evidence than a hosting name alone, but it does not reveal where every customer service or backup runs.
  • The provider publishes a broad service catalogue, customer controls and an incident history. Its own pages, however, describe facility location and backup coverage in ways that require product-specific clarification.
  • Support is locally reachable and operationally visible, but the terms leave VPS software administration, monitoring and backups with the customer and do not provide a numerical uptime remedy in the reviewed public contract.

A name that resolves to a counterparty

A hosting buyer first needs to know who is on the other side of the order. Colombia Hosting clears more of that threshold than a storefront whose only public identity is a domain and a chat widget. Its terms and conditions name COLOMBIAHOSTING S.A.S. as the provider of web hosting, domains, virtual servers and dedicated servers. The document gives a street address at Calle 64 Norte No. 5B-146, office 40, in Cali, as well as a national telephone line.

The personal-data policy names the same company as data controller and gives the same Cali address for written requests. It also sets out a formal route for access, correction, deletion and complaints. The policy says these requests should normally be answered within 15 business days, with a possible five-day extension when the company explains the delay.

An external technical record reinforces that identity. LACNIC's RDAP entry for AS52335 identifies the registrant as Colombia Hosting, repeats the Cali office and company telephone number, and lists a contact using the colombiahosting.com.co domain. The autonomous-system registration event dates to July 2011. Registry longevity does not prove continuous service quality, but the convergence of contractual, privacy and number-resource records makes it reasonable to treat the public brand as connected to a specific Colombian operator.

That is the right starting point, not a complete procurement conclusion. The BTW directory entry supplies the company link used for this research, while the public contract supplies the counterparty that a customer should expect to see on an order and invoice. A larger buyer should still verify the company's tax identifier, current chamber-of-commerce certificate and authority of the contracting signatory. Those details matter when a refund, data request or service dispute moves beyond the support desk.

The service has an observable operating surface

Colombia Hosting does not present as a single-product reseller. Its public materials cover shared hosting, reseller hosting, Windows hosting, WordPress and ecommerce variants, corporate email, domains and virtual servers. The company's older corporate description says it owns its server hardware, monitors hosting systems around the clock and keeps spare components. It describes customer access through a control panel and support through telephone, chat, email and a request system.

The contract adds useful limits that marketing pages often omit. Shared hosting is constrained by process memory and CPU time, monthly transfer, concurrent web operations and database-use rules. Those limits show that the company has defined a resource-allocation model rather than selling an entirely abstract promise of unlimited service. They also tell a buyer when shared hosting is the wrong product: a busy application, large API, ERP or other sustained workload can collide with restrictions that are reasonable for a pooled platform but unsuitable for production software.

There is also a public service-status page with named components for cPanel, VPS, Plesk, Windows, email platforms, data centres, networks, domain registries, global DNS and support channels. During the July 15, 2026 snapshot, it marked all listed systems operational. More importantly, the page was not an empty green badge. It showed a July 8 cPanel licensing incident, beginning at 21:45 Colombia time, followed by identified, recovering and resolved updates; the final update appeared at 23:55. The timeline said websites and email were expected to remain available while some panel logins were unavailable.

That incident is modest evidence, but it is revealing. It shows a place where customers can distinguish a control-plane problem from failure of the hosted sites themselves, and it records the dependence on cPanel's licensing system. It also illustrates why the provider's operating surface is wider than the hardware it says it owns. A hosting service can keep its servers and network up while a licensed control panel becomes inaccessible. Incident accountability therefore includes diagnosis and communication across software suppliers as well as replacement of disks or network links.

The status page remains provider-operated. It cannot substitute for independent probes, a customer's own monitoring or a complete historical availability report. Still, a component-level status surface and timestamped incident trail provide better service proof than an unqualified availability slogan.

AS52335 is real network evidence, with clear limits

The most concrete infrastructure signal is AS52335. In the frozen July 15 routing view, RIPEstat's routing-status service observed the autonomous system originating 185.74.19.0/24. The route was visible to 325 of 326 monitored IPv4 peers. RIPEstat reported one announced IPv4 prefix, no announced IPv6 space and two observed network neighbours at the time.

This matters because an autonomous system that is currently visible in global routing is an operating resource, not merely a company description. It gives customers and incident responders a stable number to monitor, a prefix to test and a registry contact for network abuse or technical escalation. It also supports part of Colombia Hosting's claim that it has its own internet-number resources.

The evidence must be read at its actual scale. One /24 is 256 IPv4 addresses, and the snapshot does not reveal how many are in use, which products occupy them or whether other services sit in networks originated by partners. It does not prove a 10Gbps customer path, multi-site failover, capacity headroom or the physical ownership of a server. Nor does the absence of a visible IPv6 announcement by itself establish that customers lack IPv6 through another arrangement; it only describes what AS52335 was originating in the observed view.

Even the company's public website is not a clean test of its hosting network because the site uses a content-delivery and security layer in front of the origin. A buyer should therefore ask for the service IP and origin ASN assigned to the actual order, then test that path from relevant user locations. The useful conclusion is precise: Colombia Hosting controls a recognisable, live network identity. The route does not, by itself, turn every infrastructure and locality statement into a measured fact.

Two facility stories need one current answer

The largest public ambiguity concerns place. The older company page says Colombia Hosting's servers are housed in two data centres in the United States, in different locations. It also says shared-hosting backups are made daily to a server in another data centre and retained for up to seven days.

The newer data-centre page describes a different-looking operating model. It says the company has its own hardware in an exclusive data-centre space, an exclusive 10Gbps network and its own IP ranges. It also says a dedicated 10Gbps link reaches an alternative facility 30 kilometres away, where backups are made for several services. The page describes redundant power, generators, physical-access controls, global DNS and round-the-clock monitoring, but it does not name the city, country, facility operator or certification scope of either site.

These accounts may be compatible. The newer page could describe a later deployment, and a 30-kilometre separation could exist between two United States facilities. Colombia Hosting may also operate more than one generation of infrastructure. But readers should not have to infer the current geography from prose written at different times. For a buyer with latency, legal or disaster-recovery requirements, the unresolved questions are straightforward: which country and facility host the ordered service today, which products use the alternative site, and whether failover or backup traffic crosses a jurisdictional boundary.

The privacy policy makes a broad Colombia-only assumption unsafe. It says personal data may be kept in repositories in Colombia and on recognised third-party servers, and may be transmitted to employees, suppliers or contractors in Colombia or abroad for authorised purposes. It also says the company uses both its own and third-party servers for stored information. That is a legitimate disclosure of a layered service, but it is not a product-by-product data map.

The distinction matters because a hosting location is only one part of data locality. Customer registration details, billing records, support conversations, control-panel logs, website files, email, backups and monitoring data can follow different paths. A Colombian supplier, Colombian invoice and Spanish-language support do not establish that all those records remain in Colombia. Locality assurance begins with a written map of each data class, its primary location, backup location, subprocessors, transfer basis and deletion path.

Backup and support promises change by product

Colombia Hosting's public pages make several positive backup statements, but the contract narrows how a customer should rely on them. The older company page describes daily shared-hosting backups with up to seven days of copies. The newer data-centre page says the alternative facility receives backups of several services, wording that does not promise coverage for every product.

The terms are more cautious. They tell hosting customers to make manual backups and download them locally. They say the provider may attempt to restore a copy in exceptional circumstances but does not guarantee that a required or current copy exists, does not accept responsibility for data loss and does not promise successful restoration. For VPS, cloud and dedicated servers, the contract is sharper: backups are not included, customers should keep recent copies away from the server, and the customer is responsible for monitoring resource use and internal services.

This is not necessarily a contradiction in service delivery. A provider can run a platform-level backup system while making the customer responsible for recoverability. The commercial danger comes from treating the existence of a provider backup as if it were a contracted recovery objective. A production buyer needs the retention schedule, backup frequency, failure-domain separation, encryption and restore process in writing, followed by an actual restore test. Without that, the safer assumption is that the customer owns recovery.

Support has a similarly important boundary. The terms promise support for shared hosting and reseller accounts through tickets, chat, email and telephone during company office hours. For VPS, cloud and dedicated services, included support covers hardware and connectivity, not software administration. The customer remains responsible for the operating system, application security, updates, monitoring and capacity. That division can be a sensible product choice for an experienced platform team. It is a serious gap for a small business that interprets "specialised support" as full server management.

The reviewed public terms do not state a numerical uptime commitment, automatic service credits, a recovery-time objective or a resolution-time target. In fact, they disclaim a guarantee that service will be uninterrupted or error-free. The advertised 60-day satisfaction guarantee is narrower than an outage remedy: the contract limits it to the first 60 calendar days of the first year of a hosting plan, excluding domains and additional services. Buyers who need compensation or termination rights after a prolonged outage should negotiate those terms rather than infer them from the status page or monitoring claims.

Turn public evidence into an order-specific assurance pack

Colombia Hosting has enough visible substance to support serious diligence. The company name connects to a Colombian contract and privacy process. Its autonomous system and current route demonstrate a real network role. Its product rules, support channels and incident updates show an operating service rather than a dormant directory name.

The remaining work is specific, not speculative. Before moving a production workload, a buyer should obtain a document naming COLOMBIAHOSTING S.A.S. as counterparty and tying the purchased service to a facility country, origin ASN, address range and responsible infrastructure team. It should distinguish owned hardware from licensed software and external services, and name the route for escalation when a control panel, network provider or facility is the point of failure.

The same document should state the service level, maintenance rules, monitoring source, response and restoration targets, claim process and available remedy. A recovery schedule should identify which system creates backups, where copies reside, how long they remain, who holds encryption keys and how often restoration is tested. The data schedule should cover account, billing, support, hosted content, email, logs and backups separately rather than assigning one location to the entire relationship.

Finally, the support plan should match the buyer's labour model. A customer purchasing shared hosting may receive platform help that a self-administered VPS customer does not. If the buyer cannot patch an operating system, monitor disk space, investigate application failures and maintain off-server backups, it needs a managed-service commitment or a separate operator. Local telephone numbers and a visible support team are valuable; they do not erase the work allocated to the customer by the contract.

Colombia Hosting's public footprint therefore supports a stronger conclusion than either blind trust or blanket scepticism. There is a traceable company, an operating network and a service organisation with visible incident communication. The name becomes operating assurance only when those broad signals are converted into current, product-specific commitments about control, location, recovery and remedy.