Cloudflare real ip of domain

[Oldky]

Hi all

How can i find real ip adress of domain which is "hide" by cloudflare?

Thanks

 

[Tango]

Most forums/cms will send email via phpmail. Register and check mail headers.

 

[Oldky]

Most forums/cms will send email via phpmail. Register and check mail headers.

I know, but this website is not sending emails, only stealing/copy my content and adding 2 ekstra words in title.

 

[QuikrMovies]

@Oldky Paste the domain name here, will try to get the info for you ....

 

[24x7serverman]

Its really hard to get the real IP if someone used cloudflare CDN for all its records and you cant guess any other records. Email form is one of the thing though but not all sites uses the forms to send emails from php function.

 

[masnico]

try use this tool
Uncovering bad guys hiding behind CloudFlare

 

[24x7serverman]

Not helpful

try use this tool
Uncovering bad guys hiding behind CloudFlare

Nope, it's just a script search for common DNS records, if all your records clouded then you cant really dig the things out.

In case if someone added txt recod with ip of hosts then you may get idea, thats the another thing you can try.

 

[Oldky]

try use this tool
Uncovering bad guys hiding behind CloudFlare

Nope, it's just a script search for common DNS records, if all your records clouded then you cant really dig the things out.

In case if someone added txt recod with ip of hosts then you may get idea, thats the another thing you can try.

txt recod - please explain

 

[24x7serverman]

Nope, it's just a script search for common DNS records, if all your records clouded then you cant really dig the things out.

In case if someone added txt recod with ip of hosts then you may get idea, thats the another thing you can try.

txt recod - please explain

Txt record can be use for various purposes. However people use spf record for emails mostly.

From Linux terminal you can find txt record as

dig TXT domain.com +short

I have done the same for one of my domain and i am able to see the host ip.


root@linux [~]# dig TXT xxxx.xxx +short
"v=spf1 +a +mx +ip4:xx.xx.xx.xx. ~all"


You can find the same with online tools.. Just google the same.

So this could be the other case you can consider.

Thanks

 

[Tango]

Is it someone cloning your site and adding content/advertisements to the code?

If that's the case you can find the IP with your error log.

Clear your error log
#> /var/log/httpd/error_log

Request a page on the clone site.
eg.
if your domain is http://mysite.com/index.php
request a page on the clone site
http://clonesite.com/index.php?cloned

Then check your error log for the requested page

#tail /var/log/httpd/error_log

Your should see a entry containing ?cloned
111.11.111.11 - - [10/Sep/2016:15:58:28 +0200] "GET /index.php?cloned HTTP/1.0" 404 10071 "-" "Mozilla/5.0 (compatible)"

Ban the IP in firewall.

 

[KevinHV]

Its really hard to find real IP hidden by cloudflare. You can give a try to telnet domainanme 25 to see if you get hostname .

 

[graham25s]

I have used CloudFlare and still use to this very day. CloudFlare is a great service and I set it up on every new domain I get.

 

[THEGREENMONST]

if the site have posting option , some times its possible to get the IP of the forum server . You need to post on the with a image link (the image is hosted in your server) , and then target web site grab the image , and then you can see n your server which IP is connected to grab the image .