Today im going to share with you how to find the real ip behind Cloudflare.
Please note that this wont work to 100% because most of the owners are very smart and change all kind of subdomains to redirect to Cloudflare.
So this is quite basic and easy to use i have used these tools all the time and havent spent time buying ebooks that says go to this resolver and enter site and you will get ip and baam!, Just No , It doesn't work that way.
1. Checking Dns Records & Ping
Lets go ahead and visit network-tools.com.
![[Image: tDxMXjL.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vtTiJ06kbfjclAx5ckN4YZEJymr6y7IMhN-8WQk8B4qYNYfdY70PKIVkPxKVFIBmpCQ0kzcDCxoUcYZWDJOxx87w=s0-d)
There you are going the enter the site adress in the box and press Go.
Here's a example:
Now the point here is trying to get a subdomain so in this case we have one here:
Now let's ping it and see if we get a diffrent ip adress then the one that was assigned to the site.
You can open up cmd and ping it there by using this command "ping yoursite.com" or just go to network-tools.com and press ping & enter the subdomain.
So now we got another IP
Now lets reverse the IP by going to http://www.ip-adress.com/reverse_ip/
And enter the Ip we got earlier.
Now we can see clearly that site.com is there and that means that we got the real Ip of the site.
2. Site History
This has always been useful you can check the ip that the site had earlier but it's not always succesful.
For me it works if the site is kinda old and has recently managed to change to Cloudflare.
Go to this link http://toolbar.netcraft.com/site_report?url=site.com and change site.com to your desired site.
3. Bypassing by WHM-SSL Trick
This method is a good one also but it works 45% in the most of the cases so it's worth a shoot.
Lets say we have site.com now open the site and just add "/cgi-sys/defaultwebpage.cgi" at the end.
![[Image: f4ic8Hp.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tRRXGutpuUw_mLeBimzu8ahiKNJpBtYRVZUrOLEIJmAaaA-iahJC4Wg9bTitNmnEC67UwAW8ep2iXAF3fB4BUi=s0-d)
Now we know that the method works so lets add /whm at the end of it.
![[Image: YqAzs9h.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uA-NkQ2QCLGptbcLXuSLWQqbEK_oyouk3-Y8iucGq2bWINOCcZ3mYiL2IvlDtTiUWuXIywYmi2Mgf4JWuCd0II=s0-d)
Note that the url changed now the url you got just ping it in cmd and see if you get a diffrent Ip adress if you do then congratz!, you got the site ip yippie!
Hope you Guys enjoyed because it was a hell of writing but im proud of how it came out and this is how tutorials should be written in the future
Please note that this wont work to 100% because most of the owners are very smart and change all kind of subdomains to redirect to Cloudflare.
So this is quite basic and easy to use i have used these tools all the time and havent spent time buying ebooks that says go to this resolver and enter site and you will get ip and baam!, Just No , It doesn't work that way.
1. Checking Dns Records & Ping
Lets go ahead and visit network-tools.com.
Image has been scaled down 55% (870x430). Click this bar to view original image (1919x948). Click image to open in new window.
There you are going the enter the site adress in the box and press Go.
Here's a example:
Code:
IP address: 193.70.231.61
Host name: site.com
Alias: site.com
193.70.231.61 is from Costa Rica(CR) in region South and Central America
TraceRoute from Network-Tools.com to 193.70.231.61 [site.com]
Hop (ms) (ms) (ms) IP Address Host name
1 0 0 63 206.123.64.46 -
2 0 1 0 173.219.246.92 173-219-246-92-link.sta.suddenlink.net
3 53 6 9 206.223.118.145 xe-0-0-3.edge01.dfw01.as13335.net
4 0 0 0 193.70.231.21 -
Trace complete
Retrieving DNS records for site.com...
DNS servers
dog.ns.cloudflare.com [173.245.59.110]
gail.ns.cloudflare.com [173.245.58.116]
Answer records
site.com A 193.70.231.61 30s
site.com A 190.93.253.61 30s
site.com MX
preference: 10
exchange: direct-connect.site.com 30s
site.com MX
preference: 20
exchange: ftp.site.com
30s
site.com 99 [47 bytes] 30s
site.com TXT v=spf1 a mx include:_spf.elasticemail.com ~all 300s
site.com NS dog.ns.cloudflare.com 86400s
site.com NS gail.ns.cloudflare.com 86400s
site.com SOA
server: dog.ns.cloudflare.com
email: dns@cloudflare.com
serial: 2014228352
refresh: 10000
retry: 2400
expire: 604800
minimum ttl: 3600Now the point here is trying to get a subdomain so in this case we have one here:
Code:
exchange: direct-connect.site.com 30sYou can open up cmd and ping it there by using this command "ping yoursite.com" or just go to network-tools.com and press ping & enter the subdomain.
Code:
Sending Ping-Signal to direct-connect.site.com [216.146.33.2] with 32 byte data:
Reply From 216.146.33.2: byte=32 time=105ms TTL=241
Reply From 216.146.33.2: byte=32 time=104ms TTL=241
Reply From 216.146.33.2: byte=32 time=106ms TTL=241
Reply From 216.146.33.2: byte=32 time=105ms TTL=241So now we got another IP
Code:
216.146.33.2Now lets reverse the IP by going to http://www.ip-adress.com/reverse_ip/
And enter the Ip we got earlier.
Code:
13 Hosts on this IPNow we can see clearly that site.com is there and that means that we got the real Ip of the site.
2. Site History
This has always been useful you can check the ip that the site had earlier but it's not always succesful.
For me it works if the site is kinda old and has recently managed to change to Cloudflare.
Go to this link http://toolbar.netcraft.com/site_report?url=site.com and change site.com to your desired site.
Code:
Netblock owner IP address OS Web server Last seen Refresh
CloudFlare CDN network 141.101.121.13 Linux cloudflare-nginx 24-Jan-2014
CloudFlare CDN network 176.53.060.45 Linux cloudflare-nginx 24-Jan-2014
CloudFlare CDN network 176.53.060.45 unknown cloudflare-nginx 24-Jan-2014
CloudFlare Latin America S.R.L San Jos 126.23.260.47 unknown cloudflare-nginx 4-Jan-2014
CloudFlare Latin America S.R.L San Jos 126.23.260.47 Linux cloudflare-nginx 4-Jan-2014
CloudFlare Latin America S.R.L San Jos 190.93.251.97 Linux cloudflare-nginx 2-Jan-2014
CloudFlare Latin America S.R.L San Jos 126.23.260.47 Linux cloudflare-nginx 29-Dec-2013
CloudFlare Latin America S.R.L San Jos 190.93.251.97 Linux cloudflare-nginx 23-Dec-2013
CloudFlare Latin America S.R.L San Jos 126.23.260.47 Linux cloudflare-nginx 18-Dec-2013
AltusHost Inc. 190.93.251.97 Linux 12-Dec-20133. Bypassing by WHM-SSL Trick
This method is a good one also but it works 45% in the most of the cases so it's worth a shoot.
Lets say we have site.com now open the site and just add "/cgi-sys/defaultwebpage.cgi" at the end.
Image has been scaled down 55% (870x429). Click this bar to view original image (1919x946). Click image to open in new window.
Now we know that the method works so lets add /whm at the end of it.
Image has been scaled down 55% (870x457). Click this bar to view original image (1919x1008). Click image to open in new window.
Note that the url changed now the url you got just ping it in cmd and see if you get a diffrent Ip adress if you do then congratz!, you got the site ip yippie!
Hope you Guys enjoyed because it was a hell of writing but im proud of how it came out and this is how tutorials should be written in the future
0 Comments:
Post a Comment