0.05btc bounty to find the real ip address

[Uberin]

If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards

[socks435]

Honestly its hard to get the real ip address of that site also its protected by cloudfare.. maybe someone can do this..

[lolxxxx]

Hey i am running the scan to ip address .

The ip address is 104.27.146.157
Address is in my profile.

[icanscript]

If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards

Its funny, they are on the same 2 nameservers that http://scotcoinproject.com/ is on. Another crypto project

http://www.whois.com/whois/scotcoinproject.com

which is hiding the ip of 185.24.99.98 - http://w3bin.com/ip_info/185.24.99.98 Uk Webhosting Ltd

wouldnt surprise me if they were on the same network under a different IP.

[deisik]

Hey i am running the scan to ip address .

The ip address is 104.27.146.157
Address is in my profile.

I've tried to access the site directly by its IP address. I guess if it were their real IP, I wouldn't have failed since it is actually CloudFlare's IP

Error 1003 Ray ID: 2c16b151e5744f08 • 2016-07-12 18:52:30 UTC
Direct IP access not allowed
What happened?

You've requested an IP address that is part of the CloudFlare network. A valid Host header must be supplied to reach the desired website.

[Uberin]

Honestly its hard to get the real ip address of that site also its protected by cloudfare.. maybe someone can do this..

I m looking for that someone

[Uberin]

Hey i am running the scan to ip address .

The ip address is 104.27.146.157
Address is in my profile.

https://i.imgsafe.org/53b384c2c3.png

It's cloudflare ip
Ping http://104.27.146.157

[Uberin]

If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards

Its funny, they are on the same 2 nameservers that http://scotcoinproject.com/ is on. Another crypto project

http://www.whois.com/whois/scotcoinproject.com

which is hiding the ip of 185.24.99.98 - http://w3bin.com/ip_info/185.24.99.98 Uk Webhosting Ltd

wouldnt surprise me if they were on the same network under a different IP.

I think u are getting closer

[deisik]

DNS brute-force scan didn't yield any positive results

[jackg]

There isn't a way of finding it out (I don't think)!
If I look at the network information from my "firefox>inspect element>network" I get 104.27.147.157:80.
104.27.147.157 - is owned by Cloudflare.
Interestingly, on a who.is search, the domain is also owned by Cloudflare (though it is an irregular domain as it is not like a .com or .co.uk one where you can easily get information from it)

From the information avaliable, is it possible that the server is placed atually on cloudflare's companie's servers.

If you were trying to do a (D)DoS attack then you could always try to use 104.27.147.157:80 address to do it.

Otherwise, if you (D)DoS the address 104.27.147.157 and cloudflare have no protection against it (apart from a high bandwith) then you can then try and access the site though the DNS servers may forward you to a page that states that there is a "failed handshaking", "failed connection" or "connection timed out" error.

[icanscript]

DNS brute-force scan didn't yield any positive results

They are just 2 ns servers that cloudflare use. I suggest looking into this scotcoin project and seeing what you can find out (if this other site is crypto related also)

Maybe see what is on the same server, check their nameservers, check that IP see what is on same hosting also. You will find a lot but it may be a bit of a jigsaw.

Il have a look in about an hour when im back.

[lolxxxx]

DNS brute-force scan didn't yield any positive results

They are just 2 ns servers that cloudflare use. I suggest looking into this scotcoin project and seeing what you can find out (if this other site is crypto related also)

Maybe see what is on the same server, check their nameservers, check that IP see what is on same hosting also. You will find a lot but it may be a bit of a jigsaw.

Il have a look in about an hour when im back.

The scotcoin is also using cloudflare .
This is the ip Address  104.24.111.116, trying hard but cannot find i am out.

[jackg]

DNS brute-force scan didn't yield any positive results

They are just 2 ns servers that cloudflare use. I suggest looking into this scotcoin project and seeing what you can find out (if this other site is crypto related also)

Maybe see what is on the same server, check their nameservers, check that IP see what is on same hosting also. You will find a lot but it may be a bit of a jigsaw.

Il have a look in about an hour when im back.

The scotcoin is also using cloudflare .
This is the ip Address  104.24.111.116, trying hard but cannot find i am out.

I found something from the scotcoin site that could be used on he other one.
In the same panel that I used before there is a cloudflare.min.js file which is the first file sent which must contain the IP of the site for it to forward it?
That means that if someone can crack that code then they can easily gain access to the actual site IP?
(I'll see if this is on the original site in question too).

EDIT: that file is not sent by cloudflare from the website in the OP?

[deisik]

Here's some info regarding the registrar

[Mauser]

Here's some info regarding the registrar

Yeah These guys own tons of Website, all related to some form of scamming in netherlands.

I would recommend to look for a different Website which is still active and might not be hosted by cloudfare or timeweb.ru (other hoster they are using).

With a quick search I found 10 Websites all registered at the same PO box.

[deisik]

The site IP address may be in this range 67.15.47.0 - 67.15.47.255

Currently alive hosts from that range:

[icanscript]

The site IP address may be in this range 67.15.47.0 - 67.15.47.255

Currently alive hosts from that range:

Where this you find this /24 subnet?

I think the best bet would be to speak to the registrar about the domain being used unlawfully (if it is) they will soon remove the nameservers.

[lolxxxx]

Just take a look. I have found some info too.

Code:

name	class	type	data	time to live
www.bayanradio.nl	IN	HINFO	
CPU:	Please stop asking for ANY
OS:	See draft-ietf-dnsop-refuse-any
3789s	(01:03:09)
bayanradio.nl	IN	NS	norm.ns.cloudflare.com	86400s	(1.00:00:00)
bayanradio.nl	IN	NS	nicole.ns.cloudflare.com	86400s	(1.00:00:00)
bayanradio.nl	IN	HINFO	
CPU:	Please stop asking for ANY
OS:	See draft-ietf-dnsop-refuse-any
3789s	(01:03:09)
bayanradio.nl	IN	NS	norm.ns.cloudflare.com	69130s	(19:12:10)
bayanradio.nl	IN	NS	nicole.ns.cloudflare.com	69130s	(19:12:10)
157.146.27.104.in-addr.arpa	IN	HINFO	
CPU:	Please stop asking for ANY
OS:	See draft-ietf-dnsop-refuse-any
3789s	(01:03:09)
Traceroute

Tracing route to www.bayanradio.nl [104.27.146.157]...

hop	rtt	rtt	rtt	 	ip address	fully qualified domain name
1	0	0	0	 	208.101.16.73	49.10.65d0.ip4.static.sl-reverse.com
2	0	0	0	 	66.228.118.153	ae11.dar01.sr01.dal01.networklayer.com
3	0	0	0	 	173.192.18.210	ae6.bbr01.eq01.dal03.networklayer.com
4	0	0	0	 	141.101.74.253	
5	0	0	0	 	104.27.146.157	
Trace complete

[deisik]

Just take a look. I have found some info too.

Code:

name	class	type	data	time to live
www.bayanradio.nl	IN	HINFO	
CPU:	Please stop asking for ANY
OS:	See draft-ietf-dnsop-refuse-any
3789s	(01:03:09)
bayanradio.nl	IN	NS	norm.ns.cloudflare.com	86400s	(1.00:00:00)
bayanradio.nl	IN	NS	nicole.ns.cloudflare.com	86400s	(1.00:00:00)
bayanradio.nl	IN	HINFO	
CPU:	Please stop asking for ANY
OS:	See draft-ietf-dnsop-refuse-any
3789s	(01:03:09)
bayanradio.nl	IN	NS	norm.ns.cloudflare.com	69130s	(19:12:10)
bayanradio.nl	IN	NS	nicole.ns.cloudflare.com	69130s	(19:12:10)
157.146.27.104.in-addr.arpa	IN	HINFO	
CPU:	Please stop asking for ANY
OS:	See draft-ietf-dnsop-refuse-any
3789s	(01:03:09)
Traceroute

Tracing route to www.bayanradio.nl [104.27.146.157]...

hop	rtt	rtt	rtt	 	ip address	fully qualified domain name
1	0	0	0	 	208.101.16.73	49.10.65d0.ip4.static.sl-reverse.com
2	0	0	0	 	66.228.118.153	ae11.dar01.sr01.dal01.networklayer.com
3	0	0	0	 	173.192.18.210	ae6.bbr01.eq01.dal03.networklayer.com
4	0	0	0	 	141.101.74.253	
5	0	0	0	 	104.27.146.157	
Trace complete

Congrats, you have traced route to CloudFlare and found their name servers. The site itself is an Islamic State radio broadcast

[bhokor]

Port 2083 is open, it is the cpanel login screen, i am trying to get more info

[lolxxxx]

Just take a look. I have found some info too.

Code:

name	class	type	data	time to live
www.bayanradio.nl	IN	HINFO	
CPU:	Please stop asking for ANY
OS:	See draft-ietf-dnsop-refuse-any
3789s	(01:03:09)
bayanradio.nl	IN	NS	norm.ns.cloudflare.com	86400s	(1.00:00:00)
bayanradio.nl	IN	NS	nicole.ns.cloudflare.com	86400s	(1.00:00:00)
bayanradio.nl	IN	HINFO	
CPU:	Please stop asking for ANY
OS:	See draft-ietf-dnsop-refuse-any
3789s	(01:03:09)
bayanradio.nl	IN	NS	norm.ns.cloudflare.com	69130s	(19:12:10)
bayanradio.nl	IN	NS	nicole.ns.cloudflare.com	69130s	(19:12:10)
157.146.27.104.in-addr.arpa	IN	HINFO	
CPU:	Please stop asking for ANY
OS:	See draft-ietf-dnsop-refuse-any
3789s	(01:03:09)
Traceroute

Tracing route to www.bayanradio.nl [104.27.146.157]...

hop	rtt	rtt	rtt	 	ip address	fully qualified domain name
1	0	0	0	 	208.101.16.73	49.10.65d0.ip4.static.sl-reverse.com
2	0	0	0	 	66.228.118.153	ae11.dar01.sr01.dal01.networklayer.com
3	0	0	0	 	173.192.18.210	ae6.bbr01.eq01.dal03.networklayer.com
4	0	0	0	 	141.101.74.253	
5	0	0	0	 	104.27.146.157	
Trace complete

Congrats, you have traced route to CloudFlare and found their name servers

Congrats why? I still don't know the real IP.

[deisik]

Congrats, you have traced route to CloudFlare and found their name servers

Congrats why? I still don't know the real IP.

That was sarcasm

[deisik]

The site IP address may be in this range 67.15.47.0 - 67.15.47.255

Currently alive hosts from that range:

Where this you find this /24 subnet?

From here:



But nothing alive there looks like the site we're searching for. I tested the machines on these networks for open 2083 port (I did that twice to make double-sure), and nothing came up so far. So the registrar info is likely fake (or the site is only registered by that entity while it is actually located somewhere else)...

If we only could find a subnet this node is on (/24 or even /16), we would trace it down

[pvaspecialist]

just find this after spending my whole days.I was thinking it will really easy to find out IP address.LOL

[sabotag3x]

If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards

I lost a good time trying ;DD
What's the point? Why you don't send a e-mail to cloudflare?

[deisik]

yandex.com is a public Russian e-mail service

[lolxxxx]

This is the full dox with the real ip address and other cool stuff http://goo.gl/KQ81JC

Please do not post the shortened link we don't know where does it redirect to .
Please post the complete link here without shortening .

[ashour]

It's not possible to get the real IP if the server is hosted/protected by cloud flare, even if it was possible, cloud flare would instantly close that zero day exploit. Your only hope is to get a lawyer and ask him to write a letter to cloud flare and order them to give you the real IP of the server but that would be highly unlikely to happen if you aren't a law enforcement or intelligence agency.

[deisik]

It's not possible to get the real IP if the server is hosted/protected by cloud flare, even if it was possible, cloud flare would instantly close that zero day exploit. Your only hope is to get a lawyer and ask him to write a letter to cloud flare and order them to give you the real IP of the server but that would be highly unlikely to happen if you aren't a law enforcement or intelligence agency.

What about a vulnerability in cPanel that would either allow access or just betray the real IP of the node?

[ashour]

It's not possible to get the real IP if the server is hosted/protected by cloud flare, even if it was possible, cloud flare would instantly close that zero day exploit. Your only hope is to get a lawyer and ask him to write a letter to cloud flare and order them to give you the real IP of the server but that would be highly unlikely to happen if you aren't a law enforcement or intelligence agency.

What about a vulnerability in cPanel that would either allow access or just betray the real IP of the node?

Good luck with that, if and that is a huge if, you found a vulnerability in cPanel then you would get WAY more than 0.05 btc from cPanel & WHM

[deisik]

It's not possible to get the real IP if the server is hosted/protected by cloud flare, even if it was possible, cloud flare would instantly close that zero day exploit. Your only hope is to get a lawyer and ask him to write a letter to cloud flare and order them to give you the real IP of the server but that would be highly unlikely to happen if you aren't a law enforcement or intelligence agency.

What about a vulnerability in cPanel that would either allow access or just betray the real IP of the node?

Good luck with that, if and that is a huge if, you found a vulnerability in cPanel then you would get WAY more than 0.05 btc from cPanel & WHM

I know this. My point was that the IP in question could still be traced down even if the server is protected by CloudFlare. The possibility of that primarily depends on the site admin, not on CloudFlare (CloudFlare cannot help much if, for example, the site has aliases which are bound to its real IP). And I don't know how you are going to trace an IP of a hosted server, though, or what it could look like, lol...

Maybe, something like 10.10.1.121?

[Uberin]

If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards

I lost a good time trying ;DD
What's the point? Why you don't send a e-mail to cloudflare?

And u think they will just give u?

[Uberin]

This is the full dox with the real ip address and other cool stuff http://goo.gl/KQ81JC

Please do not post the shortened link we don't know where does it redirect to .
Please post the complete link here without shortening .

What's this the pic is not hosted properly.Pls attach to other site.

[Naix662]

It's not possible to get the real IP if the server is hosted/protected by cloud flare, even if it was possible, cloud flare would instantly close that zero day exploit. Your only hope is to get a lawyer and ask him to write a letter to cloud flare and order them to give you the real IP of the server but that would be highly unlikely to happen if you aren't a law enforcement or intelligence agency.

It is possible.
But in this case, yea it might be not possible, or extremely hard, since it seems whoever configured CF, did it correctly.

[FruitsBasket]

This is what I found:
nicole norm 24rezepte.com
nicole norm 44recipes.com
nicole norm bayanradio.nl
nicole norm bloomingphotographies.com
nicole norm casaldeduas.com.br
nicole norm crisederisos.com.br
nicole norm filecanvas.com
nicole norm hapishopping.com
nicole norm iaps.co.in
nicole norm li4e.ru
nicole norm li4epro.com
nicole norm luxecrack.com
nicole norm mansfieldgaragedoors.co.uk
nicole norm metacafeg.xyz
nicole norm musicalflutes.net
nicole norm myforextrendyreview.com
nicole norm myfreeguestbook.net
nicole norm myrecipedairys.com
nicole norm otubooku.ru
nicole norm pb-narrowboats.co.uk
nicole norm pcsaudavel.com
nicole norm recette2luxe.com
nicole norm resortoluxury.com
nicole norm scotcoin.com
nicole norm scotcoin.net
nicole norm scotcoinproject.com
nicole norm scotcoinproject.uk
nicole norm song-titles.net
nicole norm thescotcoinproject.org
nicole norm umoz.info
nicole norm uttrakhandpestcontrol.in
nicole norm uwimages.org
nicole norm vaitertudo.com
nicole norm videodeposu.net
nicole norm videohibe.net
nicole norm videolata.net
nicole norm videosdemais.net
nicole norm videoslike.net
nicole norm voymp3.net
nicole norm xposurecreative.uk
nicole norm zivil-recht.org

These are all domains that are hidden behind the nicole domain from cloudflare. There must be some connection between those websites. I will update the post with some more information.

[Roboabhishek]

Hey i am running the scan to ip address .

The ip address is 104.27.146.157
Address is in my profile.

ahahhaha this IP address is provided by cloud fare its not the real IP of website

[Roboabhishek]

This Website seems to be of ISIS 70% chances

[deisik]

These are all domains that are hidden behind the nicole domain from cloudflare. There must be some connection between those websites. I will update the post with some more information.

There is no connection between them except they are all behind CF and share the same IP address

[lolxxxx]

Hey i am running the scan to ip address .

The ip address is 104.27.146.157
Address is in my profile.

ahahhaha this IP address is provided my cloud fare its not the real IP of website

Yes it is protected by cloudflare and that's cloudflare ip.

[deisik]

If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards

I lost a good time trying ;DD
What's the point? Why you don't send a e-mail to cloudflare?

And u think they will just give u?

By the way, what are the other 2 jobs you mentioned? Bring down that site and dox its real owner?

[FruitsBasket]

If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards

I lost a good time trying ;DD
What's the point? Why you don't send a e-mail to cloudflare?

And u think they will just give u?

By the way, what are the other 2 jobs you mentioned? Bring down that site and dox its real owner?

Yeah, probably those two yes.
I am sure of that 99%. It is really hard, since it will mean if someone finds the real IP, then he found a security flaw in cloudflare, which is a really small chance, that there is one.

I am going to look around for some other ways to figure it out, but probably u need a blackhat hacker to find out.

[Naix662]

Okay I give up.
Tried to make connections between many websites but couldn't.
If someone has pro account on domainstools.com, it will be useful to check the whois history for this domain and other related domains, specially for old nameservers.

emails which might be related:
kavishrawat86@gmail.com
raj••••••••••••@gmail.com

the first email seems to be in few db dumps.

http://eu.directi.com/about/offices
if someone has Skype credits, give them a call and try to SE them to give you info about the owner, that's only if the whois info isn't fake.

[mashcom]

1|8.37.235.192    
2|110.227.70.151   
3|110.227.70.151   
4|110.227.70.151   
5|51.255.211.234   
6|95.91.200.69      
7|95.91.200.6        
8|84.42.20.145    
9|84.42.20.145      
10|84.42.20.145     
11|103.252.227.50   
12|103.252.227.50   
13|163.172.135.172   

[Sarthak]

Is this an ISIS related website? Because, ISIS released some radio app called Al Bayan and this app has the name 'Bayan radio'. If that's the case, the guy giving the bounty might be the admin of the website and might be making us work for him for 0.05BTC to save his butt. And besides this, why would anyone need the ip address of an ISIS related website?

[pvaspecialist]

Is this an ISIS related website? Because, ISIS released some radio app called Al Bayan and this app has the name 'Bayan radio'. If that's the case, the guy giving the bounty might be the admin of the website and might be making us work for him for 0.05BTC to save his butt. And besides this, why would anyone need the ip address of an ISIS related website?

Agree 
I am 100% sure website related to ISIS.I was visited the website and there have a radio station related with ISIS.I am not sure why OP need real IP address or he trying to save his ass that no one can find him but sidn and google have details of the owner the website.

[deisik]

Is this an ISIS related website? Because, ISIS released some radio app called Al Bayan and this app has the name 'Bayan radio'. If that's the case, the guy giving the bounty might be the admin of the website and might be making us work for him for 0.05BTC to save his butt. And besides this, why would anyone need the ip address of an ISIS related website?

Agree 
I am 100% sure website related to ISIS.I was visited the website and there have a radio station related with ISIS.I am not sure why OP need real IP address or he trying to save his ass that no one can find him but sidn and google have details of the owner the website.

I don't really understand how he can save his ass by asking to find the real IP address of the site. If no one here is able to do that, this in no case guarantees that he saved his ass ("the absence of proof is not proof of absence"). On the other hand, if someone does find the address in the end, that might actually cost him dear and he may have his head chopped off...

Thereby, it is highly unlikely that the OP is risking his ass (or head) this way

[mashcom]

1|8.37.235.192    
2|110.227.70.151   
3|110.227.70.151   
4|110.227.70.151   
5|51.255.211.234   
6|95.91.200.69      
7|95.91.200.6        
8|84.42.20.145    
9|84.42.20.145      
10|84.42.20.145     
11|103.252.227.50   
12|103.252.227.50   
13|163.172.135.172   

68.180.229.98
31.223.145.220

[Sarthak]

I don't really understand how he can save his ass by asking to find the real IP address of the site. If no one here is able to do that, this in no case guarantees that he saved his ass ("the absence of proof is not proof of absence"). On the other hand, if someone does find the address in the end, that might actually cost him dear and he may have his head chopped off...

Thereby, it is highly unlikely that the OP is risking his ass (or head) this way

If noone finds the ip, it's settled and he's safe.
If someone finds the ip, he/she tells him how he/she found it. OP pays 0.05BTC and changes his hosting and never repeats the same mistake again. Thus, saving his butt next time.

Note: This is just a speculation. I am not 100% sure that this is the case but we can't ignore the possibility.

[deisik]

I don't really understand how he can save his ass by asking to find the real IP address of the site. If no one here is able to do that, this in no case guarantees that he saved his ass ("the absence of proof is not proof of absence"). On the other hand, if someone does find the address in the end, that might actually cost him dear and he may have his head chopped off...

Thereby, it is highly unlikely that the OP is risking his ass (or head) this way

If noone finds the ip, it's settled and he's safe.
If someone finds the ip, he/she tells him how he/she found it. OP pays 0.05BTC and changes his hosting and never repeats the same mistake again. Thus, saving his butt next time

Lol, I'm not going to tell him precisely how I found the address unless he pays more (provided I find it of course). And more may mean substantially more. Or I just don't tell him anything at all...

So, even if he changes hosting, this won't help him (and he may not have this next time)

[FruitsBasket]

Now I think about this, it is prety smart.
He pays 0,05BTC for an exploit to bypass cloudflare.

That exploit would be worth so many more then the OP pays for it.

[Joel_Jantsen]

Lol, I'm not going to tell him precisely how I found the address unless he pays more (provided I find it of course). And more may mean substantially more...

So, even if he changes hosting, this might not help him

So you're like a corrupt officer lol You don't want to break the laws but you don't mind breaking one by taking bribes.This sentence right here tells a lot about your character really.The way I look at this post is,OP is trying to make something fishy and he wants to be untraceable,he is in a way testing how hard coded the application/website is so incase people won't be able to find the details.Once you report him the IP address and tell him how'd you found it,he is gonna change the code.People should really stop wasting their time.

[deisik]

Lol, I'm not going to tell him precisely how I found the address unless he pays more (provided I find it of course). And more may mean substantially more...

So, even if he changes hosting, this might not help him

So you're like a corrupt officer lol You don't want to break the laws but you don't mind breaking one by taking bribes.This sentence right here tells a lot about your character really.The way I look at this post is,OP is trying to make something fishy and he wants to be untraceable,he is in a way testing how hard coded the application/website is so incase people won't be able to find the details.Once you report him the IP address and tell him how'd you found it,he is gonna change the code.People should really stop wasting their time.

When money talks, bullshit walks. That is how life goes, lol

On the other hand, if he really is an ISIS operator and gets his head off for letting regular people as well as undercover agents that have infested this forum know where the site is actually located (as if they don't know it already, lol), will it not serve the public good?

[Vikingr]

Now I think about this, it is prety smart.
He pays 0,05BTC for an exploit to bypass cloudflare.

That exploit would be worth so many more then the OP pays for it.

I tried my best but did not succeeded to find any info about that,I gave a good time but it is really hard to find I thnk you are right, if any person who will find it will worth more than what OP is paying for it.

[icanscript]

Is this an ISIS related website? Because, ISIS released some radio app called Al Bayan and this app has the name 'Bayan radio'. If that's the case, the guy giving the bounty might be the admin of the website and might be making us work for him for 0.05BTC to save his butt. And besides this, why would anyone need the ip address of an ISIS related website?

True, I think this post sums it up.

[Newcoins2020]

Now I think about this, it is prety smart.
He pays 0,05BTC for an exploit to bypass cloudflare.

That exploit would be worth so many more then the OP pays for it.

I tried my best but did not succeeded to find any info about that,I gave a good time but it is really hard to find I thnk you are right, if any person who will find it will worth more than what OP is paying for it.

I tried several trace routes but no to extent. Isn't it possible they actually host it with cloudflare? Every traceroute point out them?

[deisik]

Is this an ISIS related website? Because, ISIS released some radio app called Al Bayan and this app has the name 'Bayan radio'. If that's the case, the guy giving the bounty might be the admin of the website and might be making us work for him for 0.05BTC to save his butt. And besides this, why would anyone need the ip address of an ISIS related website?

True, I think this post sums it up.

This post is meaningless just because the site is protected by CloudFlare, the company which is located, for a moment, in San Francisco, the United States. I'm curious if everyone is so stupid to assume that CIA don't know the site real address or in which country it is located?

It may well happen that the CIA have set up this "Banan radio" themselves somewhere on the outskirts of Langley

[sabotag3x]

Is this an ISIS related website? Because, ISIS released some radio app called Al Bayan and this app has the name 'Bayan radio'. If that's the case, the guy giving the bounty might be the admin of the website and might be making us work for him for 0.05BTC to save his butt. And besides this, why would anyone need the ip address of an ISIS related website?

True, I think this post sums it up.

plot twist, OP = ISIS and he is testing the security of the website

[vm1990]

If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards

not sure its much use but streams coming off another domain name (page elements)
http://rf0ouoxm.xyz:8880

might be an exploit somewhere, ill have to ping a big range of ports when i have time
only 2 iv found are 80 and 443

[vm1990]

Is this an ISIS related website? Because, ISIS released some radio app called Al Bayan and this app has the name 'Bayan radio'. If that's the case, the guy giving the bounty might be the admin of the website and might be making us work for him for 0.05BTC to save his butt. And besides this, why would anyone need the ip address of an ISIS related website?

True, I think this post sums it up.

ddos attack and id say its not a server admin as hes not asked for proof or a guide if we fine the ip, tough stuff like this most exploiters/hackers wont give a guide just the ip like the op asked for

[Dolbycocoin]

If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards

before i do it, for what that's IP address ?

[x4]

This task seems si hard because of cloudfare. Well nice try to those who tried and failed and good luck to those who will try soon.

[Valzador]

If you could find an IP address behind cloudflare then no one would use cloudflare...

The purpose of Cloudflare is to mask the server's IP address and prevent DDoS attacks.

If you could find the server's IP Address then you would be able to DDoS directly to their server, making Cloudflare's service totally useless.

[icanscript]

Its not about cloudflare though..

human mistake. what if there is a cname left unattended used for mail or such. I would look for that.

[deisik]

Its not about cloudflare though..

human mistake. what if there is a cname left unattended used for mail or such. I would look for that.

I have already looked for that using a dns brute force script, nothing's been found. Indeed, it didn't test all possible combinations, so more power to those who try this method again

[drwtsn32]

120.28.9.254 or
120.28.10.217

Either of them is the gateway, the other one is the direct IP.

You're welcome.

Addy: 34P9kaq1FbyBwRd7jwYBF28MsU716dkZ16

[deisik]

120.28.9.254 or
120.28.10.217

Either of them is the gateway, the other one is the direct IP

And none of them has 2083 port open. It may be filtered (for anything but CloudFlare's IP) but what are your proofs then? Someone could actually set up a clone of that site and pass it as authentic...

I guess that shouldn't take much time or effort

[Uberin]

120.28.9.254 or
120.28.10.217

Either of them is the gateway, the other one is the direct IP.

You're welcome.

Addy: 34P9kaq1FbyBwRd7jwYBF28MsU716dkZ16

Mind attaching proof bcoz I don't see any of them getting resolved

[deisik]

120.28.9.254 or
120.28.10.217

Either of them is the gateway, the other one is the direct IP.

You're welcome.

Addy: 34P9kaq1FbyBwRd7jwYBF28MsU716dkZ16

Mind attaching proof bcoz I don't see any of them getting resolved

Is your offer still valid?

[Uberin]

120.28.9.254 or
120.28.10.217

Either of them is the gateway, the other one is the direct IP.

You're welcome.

Addy: 34P9kaq1FbyBwRd7jwYBF28MsU716dkZ16

Mind attaching proof bcoz I don't see any of them getting resolved

Is your offer still valid?

Yeah it is

[pvaspecialist]

Is your offer still valid?

hey deisik offer still valid.I was trying to find out but at the end I don't find any clue.either I have to contract google  or sidn to get real ip address.you are intelligent hope you will find real ip address.thanks

[deisik]

Is your offer still valid?

hey deisik offer still valid.I was trying to find out but at the end I don't find any clue.either I have to contract google  or sidn to get real ip address.you are intelligent hope you will find real ip address.thanks

It seems that I have found out the Internet segment where the site is hosted, so if a few other conditions are fulfilled, it is only a matter of time until I get the real IP address (though it can take weeks since I have only one Internet connection and can spare it only at night). In fact, there are only two conditions (beside the obvious condition that the site should be up). The first one is that it shouldn't be hosted at CloudFlare itself...

This condition appears to be met

[FruitsBasket]

Is your offer still valid?

hey deisik offer still valid.I was trying to find out but at the end I don't find any clue.either I have to contract google  or sidn to get real ip address.you are intelligent hope you will find real ip address.thanks

It seems that I have found out the Internet segment where the site is hosted, so if a few other conditions are fulfilled, it is only a matter of time until I get the real IP address (though it can take weeks since I have only one Internet connection and can spare it only at night). In fact, there are only two conditions (beside the obvious condition that the site should be up). The first one is that it shouldn't be hosted at CloudFlare itself...

This condition appears to be met

I hope you will find out then, and congratulations if you do so.
I tried, but it was too hard, I have done some thing familiar before, but I forgot how to do it 
It seems they are more secure than I thought.

[deisik]

The site domain name appears to have been removed from the CF name servers. Kinda seems like someone has already done the dirty job

Failed to resolve "bayanradio.nl"

[Roboabhishek]

Is this an ISIS related website? Because, ISIS released some radio app called Al Bayan and this app has the name 'Bayan radio'. If that's the case, the guy giving the bounty might be the admin of the website and might be making us work for him for 0.05BTC to save his butt. And besides this, why would anyone need the ip address of an ISIS related website?

quite true even I posted it above if its related to ISIS. Maybe that's why he wanted to attack the website

[Mauser]

The site domain name appears to have been removed from the CF name servers. Kinda seems like someone has already done the dirty job

Failed to resolve "bayanradio.nl"

It won't take Long for the same guys to open another Website. There tons of Websites registered to the same P/O box in UAE.

[deisik]

I have devised an algorithm for fast tracking such sites with high probability (within a day or two). It would require me to code a small utility. I guess the remuneration should be raised if this offer is still valid and the site ever comes back online. What is your stance on this?

You could PM me if you don't want to make this info public

[deisik]

The site domain name appears to have been removed from the CF name servers. Kinda seems like someone has already done the dirty job

Failed to resolve "bayanradio.nl"

It won't take Long for the same guys to open another Website. There tons of Websites registered to the same P/O box in UAE.

The fact that the site is registered somewhere doesn't mean it is hosted there (though it is often the case). That was the first thing that I checked (I mean the networks that belong to that registrar), and I found nothing there...

I should probably run a more thorough check again later (when the site comes back online)

[Patatas]

CloudFlaire :- Supporting all the scum of the world including Hackers/ISIS/Indian Mujjahudin/Altcoin Dumpers since ages now.While everybody is taking the efforts to find the real IP,make sure OP is not trying to hide something.Neither any amount is escrowed,why is everybody even bothering to reply here anymore ?

[deisik]

CloudFlaire :- Supporting all the scum of the world including Hackers/ISIS/Indian Mujjahudin/Altcoin Dumpers since ages now.

Yeah, to keep them all in one place and at hand. What could be better if you pursue aims that in no case can be made public? Remember Snowden?

While everybody is taking the efforts to find the real IP,make sure OP is not trying to hide something.Neither any amount is escrowed, why is everybody even bothering to reply here anymore ?

Maybe, because it is the right thing to bring that site down? What could the OP be trying to hide if he actually asks to find out? That is, to do something which is opposite to hiding?

And what, in your opinion, he could be trying to hide?

[birdmeko]

I could probably do this, but only if you up the bounty to like .2

[deisik]

I could probably do this, but only if you up the bounty to like .2

You at first do that, then ask for a raise, lol

[Bitcoin Explorer]

If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards

Its funny, they are on the same 2 nameservers that http://scotcoinproject.com/ is on. Another crypto project

http://www.whois.com/whois/scotcoinproject.com

which is hiding the ip of 185.24.99.98 - http://w3bin.com/ip_info/185.24.99.98 Uk Webhosting Ltd

wouldnt surprise me if they were on the same network under a different IP.

Lol nice find xD. The website says "Scotland's digital currency"

[raymond541]

I could probably do this, but only if you up the bounty to like .2

You at first do that, then ask for a raise, lol

LOL he might find the real IP address he had confidence.Now he trying to up bounty or probably he not interested with that amount to find real ip address. 

[deisik]

I could probably do this, but only if you up the bounty to like .2

You at first do that, then ask for a raise, lol

LOL he might find the real IP address he had confidence.Now he trying to up bounty or probably he not interested with that amount to find real ip address. 

Talk is cheap, show us the IP!

[drwtsn32]

I'm withdrawing my claim. I was wrong. Sorry.
The IP is hard to trace. I have no other guesses.
To all participants, good luck!

[deisik]

Has the site been seen again or is it gone for good (what probably was the OP's primary aim)?