PrivateAlps.net - Offshore Cloud Services | VPS/RDP/VPN - Dedicated Servers - Webhosting - TOR Services - Auto Deploy
ADULTSLAYER.STORE 💎 #1 PORN SHOP | 700+ Hot Products: Brazzers, Teamskeet, Pornhub, NaughtyAmerica, Many More! | 💸 Secure PayPal & Card Payments | Satisfaction Guaranteed! 🔥
Webmaster Security

Finding backend IP of a server hidden behind firewall (Cloudflare, Proxy Pipe, etc.)

Submitted by Rigzorra, , Thread ID: 35992

Thread Closed
09-06-2017, 07:43 PM
#1
Server Logging
This is probably the most common used method. You can set up a link on the site and get the server to visit/host it. Sometimes when you post an image on a site (a forum for example) the server will visit the link to preview it or host it on the forum on its own. We can use this to our advantage, getting the server to visit an IP logger will give us its IP address.

A good example for this would be image IP logging. You can create an image IP logger and embed the image onto the site. If it wants to host the image on its own server, itll have to visit the link to do so. Upon going to your link to retrieve the image, the servers backend should be logged.

Image IP loggers:
https://iplogger.org/
http://www.fuglekos.com/ip-grabber/index.html
https://grabify.link/


Email Resolving
You can use an email hosted with the site to find the backend servers IP by looking at it's headers. Youll just have to trigger the site to send an automated email to you.

A good way to do this would just be to simply make an account on the site. Most sites send you some sort of welcome/activation email upon registration. Doing a password reset also works.


Hosting History
If the site has been hosted on it's actual IP for a while prior to using a firewall, it's possible that bots have accessed it before and cached the information. Look up the site's hosting history and you might be able to find something.

Site report lookups:
http://toolbar.netcraft.com/site_report
http://viewdns.info/iphistory/
http://www.domainhistory.net/


Subdomain Resolving
The site could have subdomains whose records are under the real server's IP and not protected by the firewall. Try resolving the subdomains instead.

E.g. connecting to example.com will have an IP address belonging to Cloudflare, but mail.example.com is not protected by Cloudflare. Use that to your advantage.

http://www.domainhistory.net/


Feel free to suggest anymore methods or corrections. Enjoy.
1
Gummy

Users browsing this thread: 3 Guest(s)