Uberin (OP)
Newbie
 Offline
Activity: 57
Merit: 0
|
 |
July 12, 2016, 06:31:30 PM
Last edit: July 12, 2016, 09:14:32 PM by Uberin |
|
If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof. If u are successful then u get 2 more jobs Regards |
|
|
|
|
socks435
Legendary
Offline
Activity: 2016
Merit: 1030
Privacy is always important
|
|
July 12, 2016, 06:44:24 PM |
|
Honestly its hard to get the real ip address of that site also its protected by cloudfare.. maybe someone can do this..
|
Solving blocks can't be solved without my rigs.
|
|
|
lolxxxx
Legendary
Offline
Activity: 2184
Merit: 1032
|
|
July 12, 2016, 06:45:22 PM |
|
Hey i am running the scan to ip address . The ip address is 104.27.146.157 Address is in my profile.  |
|
|
|
|
|
|
deisik
Legendary
 Online
Activity: 3444
Merit: 1280
English ⬄ Russian Translation Services
|
|
July 12, 2016, 06:54:54 PM |
|
Hey i am running the scan to ip address . The ip address is 104.27.146.157 Address is in my profile. I've tried to access the site directly by its IP address. I guess if it were their real IP, I wouldn't have failed since it is actually CloudFlare's IP Error 1003 Ray ID: 2c16b151e5744f08 • 2016-07-12 18:52:30 UTC
Direct IP access not allowed
What happened?
You've requested an IP address that is part of the CloudFlare network. A valid Host header must be supplied to reach the desired website. |
|
|
|
Uberin (OP)
Newbie
Offline
Activity: 57
Merit: 0
|
|
July 12, 2016, 06:56:32 PM |
|
Honestly its hard to get the real ip address of that site also its protected by cloudfare.. maybe someone can do this..
I m looking for that someone |
|
|
|
|
|
|
Uberin (OP)
Newbie
Offline
Activity: 57
Merit: 0
|
|
July 12, 2016, 07:01:37 PM |
|
I think u are getting closer |
|
|
|
|
deisik
Legendary
Online
Activity: 3444
Merit: 1280
English ⬄ Russian Translation Services
|
|
July 12, 2016, 07:35:19 PM |
|
DNS brute-force scan didn't yield any positive results  |
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
July 12, 2016, 08:01:09 PM |
|
There isn't a way of finding it out (I don't think)!
If I look at the network information from my "firefox>inspect element>network" I get 104.27.147.157:80.
104.27.147.157 - is owned by Cloudflare.
Interestingly, on a who.is search, the domain is also owned by Cloudflare (though it is an irregular domain as it is not like a .com or .co.uk one where you can easily get information from it)
From the information avaliable, is it possible that the server is placed atually on cloudflare's companie's servers.
If you were trying to do a (D)DoS attack then you could always try to use 104.27.147.157:80 address to do it.
Otherwise, if you (D)DoS the address 104.27.147.157 and cloudflare have no protection against it (apart from a high bandwith) then you can then try and access the site though the DNS servers may forward you to a page that states that there is a "failed handshaking", "failed connection" or "connection timed out" error.
|
|
|
|
|
|
icanscript
|
|
July 12, 2016, 08:01:32 PM |
|
DNS brute-force scan didn't yield any positive results They are just 2 ns servers that cloudflare use. I suggest looking into this scotcoin project and seeing what you can find out (if this other site is crypto related also) Maybe see what is on the same server, check their nameservers, check that IP see what is on same hosting also. You will find a lot but it may be a bit of a jigsaw. Il have a look in about an hour when im back. |
|
|
|
|
lolxxxx
Legendary
Offline
Activity: 2184
Merit: 1032
|
|
July 12, 2016, 08:05:32 PM |
|
DNS brute-force scan didn't yield any positive results They are just 2 ns servers that cloudflare use. I suggest looking into this scotcoin project and seeing what you can find out (if this other site is crypto related also) Maybe see what is on the same server, check their nameservers, check that IP see what is on same hosting also. You will find a lot but it may be a bit of a jigsaw. Il have a look in about an hour when im back. The scotcoin is also using cloudflare . This is the ip Address 104.24.111.116, trying hard but cannot find i am out. |
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
July 12, 2016, 08:17:06 PM |
|
DNS brute-force scan didn't yield any positive results They are just 2 ns servers that cloudflare use. I suggest looking into this scotcoin project and seeing what you can find out (if this other site is crypto related also) Maybe see what is on the same server, check their nameservers, check that IP see what is on same hosting also. You will find a lot but it may be a bit of a jigsaw. Il have a look in about an hour when im back. The scotcoin is also using cloudflare . This is the ip Address 104.24.111.116, trying hard but cannot find i am out. I found something from the scotcoin site that could be used on he other one. In the same panel that I used before there is a cloudflare.min.js file which is the first file sent which must contain the IP of the site for it to forward it? That means that if someone can crack that code then they can easily gain access to the actual site IP? (I'll see if this is on the original site in question too). EDIT: that file is not sent by cloudflare from the website in the OP? |
|
|
|
|
deisik
Legendary
Online
Activity: 3444
Merit: 1280
English ⬄ Russian Translation Services
|
|
July 12, 2016, 08:33:09 PM |
|
Here's some info regarding the registrar  |
|
|
|
|
Mauser
|
|
July 12, 2016, 08:49:21 PM |
|
Here's some info regarding the registrar Yeah These guys own tons of Website, all related to some form of scamming in netherlands. I would recommend to look for a different Website which is still active and might not be hosted by cloudfare or timeweb.ru (other hoster they are using). With a quick search I found 10 Websites all registered at the same PO box. |
|
|
|
|
deisik
Legendary
Online
Activity: 3444
Merit: 1280
English ⬄ Russian Translation Services
|
|
July 12, 2016, 09:00:37 PM |
|
The site IP address may be in this range 67.15.47.0 - 67.15.47.255 Currently alive hosts from that range:  |
|
|
|
|
icanscript
|
|
July 12, 2016, 09:11:30 PM |
|
The site IP address may be in this range 67.15.47.0 - 67.15.47.255 Currently alive hosts from that range: Where this you find this /24 subnet? I think the best bet would be to speak to the registrar about the domain being used unlawfully (if it is) they will soon remove the nameservers. |
|
|
|
|
lolxxxx
Legendary
Offline
Activity: 2184
Merit: 1032
|
|
July 12, 2016, 11:42:17 PM |
|
|
|
|
|
|
deisik
Legendary
Online
Activity: 3444
Merit: 1280
English ⬄ Russian Translation Services
|
|
July 13, 2016, 12:32:30 AM |
|
Just take a look. I have found some info too. name class type data time to live
www.bayanradio.nl IN HINFO
CPU: Please stop asking for ANY
OS: See draft-ietf-dnsop-refuse-any
3789s (01:03:09)
bayanradio.nl IN NS norm.ns.cloudflare.com 86400s (1.00:00:00)
bayanradio.nl IN NS nicole.ns.cloudflare.com 86400s (1.00:00:00)
bayanradio.nl IN HINFO
CPU: Please stop asking for ANY
OS: See draft-ietf-dnsop-refuse-any
3789s (01:03:09)
bayanradio.nl IN NS norm.ns.cloudflare.com 69130s (19:12:10)
bayanradio.nl IN NS nicole.ns.cloudflare.com 69130s (19:12:10)
157.146.27.104.in-addr.arpa IN HINFO
CPU: Please stop asking for ANY
OS: See draft-ietf-dnsop-refuse-any
3789s (01:03:09)
Traceroute
Tracing route to www.bayanradio.nl [104.27.146.157]...
hop rtt rtt rtt ip address fully qualified domain name
1 0 0 0 208.101.16.73 49.10.65d0.ip4.static.sl-reverse.com
2 0 0 0 66.228.118.153 ae11.dar01.sr01.dal01.networklayer.com
3 0 0 0 173.192.18.210 ae6.bbr01.eq01.dal03.networklayer.com
4 0 0 0 141.101.74.253
5 0 0 0 104.27.146.157
Trace complete Congrats, you have traced route to CloudFlare and found their name servers. The site itself is an Islamic State radio broadcast |
|
|
|
bhokor
Legendary
Offline
Activity: 966
Merit: 1000
|
|
July 13, 2016, 12:34:15 AM |
|
Port 2083 is open, it is the cpanel login screen, i am trying to get more info  |
|
|
|
|
|
