Pages:
Author

Topic: 0.05btc bounty to find the real ip address - page 4. (Read 3021 times)

legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services

yandex.com is a public Russian e-mail service
legendary
Activity: 2688
Merit: 2297
Crypto Swap Exchange
If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards

I lost a good time trying ;DD
What's the point? Why you don't send a e-mail to cloudflare?
sr. member
Activity: 294
Merit: 250
just find this after spending my whole days.I was thinking it will really easy to find out IP address.LOL




legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
The site IP address may be in this range 67.15.47.0 - 67.15.47.255

Currently alive hosts from that range:





Where this you find this /24 subnet?

From here:



But nothing alive there looks like the site we're searching for. I tested the machines on these networks for open 2083 port (I did that twice to make double-sure), and nothing came up so far. So the registrar info is likely fake (or the site is only registered by that entity while it is actually located somewhere else)...

If we only could find a subnet this node is on (/24 or even /16), we would trace it down
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
Congrats, you have traced route to CloudFlare and found their name servers

Congrats why? I still don't know the real IP.

That was sarcasm
legendary
Activity: 2198
Merit: 1032
legendary
Activity: 966
Merit: 1000
Port 2083 is open, it is the cpanel login screen, i am trying to get more info

legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
legendary
Activity: 2198
Merit: 1032
Just take a look. I have found some info too.






Code:
name class type data time to live
www.bayanradio.nl IN HINFO
CPU: Please stop asking for ANY
OS: See draft-ietf-dnsop-refuse-any
3789s (01:03:09)
bayanradio.nl IN NS norm.ns.cloudflare.com 86400s (1.00:00:00)
bayanradio.nl IN NS nicole.ns.cloudflare.com 86400s (1.00:00:00)
bayanradio.nl IN HINFO
CPU: Please stop asking for ANY
OS: See draft-ietf-dnsop-refuse-any
3789s (01:03:09)
bayanradio.nl IN NS norm.ns.cloudflare.com 69130s (19:12:10)
bayanradio.nl IN NS nicole.ns.cloudflare.com 69130s (19:12:10)
157.146.27.104.in-addr.arpa IN HINFO
CPU: Please stop asking for ANY
OS: See draft-ietf-dnsop-refuse-any
3789s (01:03:09)
Traceroute

Tracing route to www.bayanradio.nl [104.27.146.157]...

hop rtt rtt rtt ip address fully qualified domain name
1 0 0 0 208.101.16.73 49.10.65d0.ip4.static.sl-reverse.com
2 0 0 0 66.228.118.153 ae11.dar01.sr01.dal01.networklayer.com
3 0 0 0 173.192.18.210 ae6.bbr01.eq01.dal03.networklayer.com
4 0 0 0 141.101.74.253
5 0 0 0 104.27.146.157
Trace complete
hero member
Activity: 686
Merit: 502
The site IP address may be in this range 67.15.47.0 - 67.15.47.255

Currently alive hosts from that range:





Where this you find this /24 subnet?

I think the best bet would be to speak to the registrar about the domain being used unlawfully (if it is) they will soon remove the nameservers.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
The site IP address may be in this range 67.15.47.0 - 67.15.47.255

Currently alive hosts from that range:



hero member
Activity: 1974
Merit: 534
Here's some info regarding the registrar



Yeah These guys own tons of Website, all related to some form of scamming in netherlands.

I would recommend to look for a different Website which is still active and might not be hosted by cloudfare or timeweb.ru (other hoster they are using).

With a quick search I found 10 Websites all registered at the same PO box.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
Here's some info regarding the registrar

copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
DNS brute-force scan didn't yield any positive results



They are just 2 ns servers that cloudflare use. I suggest looking into this scotcoin project and seeing what you can find out (if this other site is crypto related also)

Maybe see what is on the same server, check their nameservers, check that IP see what is on same hosting also. You will find a lot but it may be a bit of a jigsaw.

Il have a look in about an hour when im back.

The scotcoin is also using cloudflare .
This is the ip Address  104.24.111.116, trying hard but cannot find i am out.

I found something from the scotcoin site that could be used on he other one.
In the same panel that I used before there is a cloudflare.min.js file which is the first file sent which must contain the IP of the site for it to forward it?
That means that if someone can crack that code then they can easily gain access to the actual site IP?
(I'll see if this is on the original site in question too).

EDIT: that file is not sent by cloudflare from the website in the OP?
legendary
Activity: 2198
Merit: 1032
DNS brute-force scan didn't yield any positive results



They are just 2 ns servers that cloudflare use. I suggest looking into this scotcoin project and seeing what you can find out (if this other site is crypto related also)

Maybe see what is on the same server, check their nameservers, check that IP see what is on same hosting also. You will find a lot but it may be a bit of a jigsaw.

Il have a look in about an hour when im back.

The scotcoin is also using cloudflare .
This is the ip Address  104.24.111.116, trying hard but cannot find i am out.
hero member
Activity: 686
Merit: 502
DNS brute-force scan didn't yield any positive results



They are just 2 ns servers that cloudflare use. I suggest looking into this scotcoin project and seeing what you can find out (if this other site is crypto related also)

Maybe see what is on the same server, check their nameservers, check that IP see what is on same hosting also. You will find a lot but it may be a bit of a jigsaw.

Il have a look in about an hour when im back.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
There isn't a way of finding it out (I don't think)!
If I look at the network information from my "firefox>inspect element>network" I get 104.27.147.157:80.
104.27.147.157 - is owned by Cloudflare.
Interestingly, on a who.is search, the domain is also owned by Cloudflare (though it is an irregular domain as it is not like a .com or .co.uk one where you can easily get information from it)

From the information avaliable, is it possible that the server is placed atually on cloudflare's companie's servers.

If you were trying to do a (D)DoS attack then you could always try to use 104.27.147.157:80 address to do it.

Otherwise, if you (D)DoS the address 104.27.147.157 and cloudflare have no protection against it (apart from a high bandwith) then you can then try and access the site though the DNS servers may forward you to a page that states that there is a "failed handshaking", "failed connection" or "connection timed out" error.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
DNS brute-force scan didn't yield any positive results

newbie
Activity: 57
Merit: 0
If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards

Its funny, they are on the same 2 nameservers that http://scotcoinproject.com/ is on. Another crypto project

http://www.whois.com/whois/scotcoinproject.com

which is hiding the ip of 185.24.99.98 - http://w3bin.com/ip_info/185.24.99.98 Uk Webhosting Ltd

wouldnt surprise me if they were on the same network under a different IP.

I think u are getting closer
newbie
Activity: 57
Merit: 0
Hey i am running the scan to ip address .

The ip address is 104.27.146.157
Address is in my profile.


It's cloudflare ip
Ping http://104.27.146.157

Pages:
Jump to: