
The Easy Way to Obtain a Website's IP Address That Hides Behind CloudFlare - some_furry
https://soatok.blog/2020/05/09/how-to-de-anonymize-scam-knock-off-sites-hiding-behind-cloudflare/
======
EE84M3i
TL;DR get the origin to send you an email and look at the email headers.

This won't work for lots of sites. I'd expect it probably also doesn't work
sites that use most mail API providers, but maybe some of them have SMTP
interfaces and preserve the headers.

------
gruez
You can't send a DMCA request to cloudflare directly?

~~~
some_furry
CloudFlare has, historically, been very resistant to taking stuff down.

See the waxing poetic in the post about why they took down a Nazi propaganda
site, for context: [https://blog.cloudflare.com/why-we-terminated-daily-
stormer](https://blog.cloudflare.com/why-we-terminated-daily-stormer)

------
junaru
Doesn't work if they use any transactional mail service.

~~~
some_furry
This is the easy way.

A more effective way is to ask CloudFlare for MX records, or to look at IP
address history for the domain name, but it's less easy (especially for
nontechnical people).

Signing up for an account and looking at email headers, then typing their IP
address into a WHOIS service to get the web hosting company to file abuse
reports with? You can do that without ever touching a command line interface.

~~~
robjan
If they use a third party mail provider like Gsuite or Fastmail that won't
work. If they really want to hide their IP they would do this or entirely
avoid MX records.

~~~
some_furry
Most open source PHP eCommerce platforms don't have out-of-the-box support for
the specific providers you're thinking of, and most scam operations like this
are low-effort.

