yandex.com is a public Russian e-mail service
Topic: 0.05btc bounty to find the real ip address - page 4. (Read 2999 times)
yandex.com is a public Russian e-mail service
If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards
If u are successful then u get 2 more jobs
Regards
I lost a good time trying ;DD
What's the point? Why you don't send a e-mail to cloudflare?
just find this after spending my whole days.I was thinking it will really easy to find out IP address.LOL
The site IP address may be in this range 67.15.47.0 - 67.15.47.255
Currently alive hosts from that range:
Currently alive hosts from that range:
Where this you find this /24 subnet?
From here:
But nothing alive there looks like the site we're searching for. I tested the machines on these networks for open 2083 port (I did that twice to make double-sure), and nothing came up so far. So the registrar info is likely fake (or the site is only registered by that entity while it is actually located somewhere else)...
If we only could find a subnet this node is on (/24 or even /16), we would trace it down
Congrats, you have traced route to CloudFlare and found their name servers
Congrats why? I still don't know the real IP.
That was sarcasm
Port 2083 is open, it is the cpanel login screen, i am trying to get more info
Just take a look. I have found some info too.
Code:
name class type data time to live
www.bayanradio.nl IN HINFO
CPU: Please stop asking for ANY
OS: See draft-ietf-dnsop-refuse-any
3789s (01:03:09)
bayanradio.nl IN NS norm.ns.cloudflare.com 86400s (1.00:00:00)
bayanradio.nl IN NS nicole.ns.cloudflare.com 86400s (1.00:00:00)
bayanradio.nl IN HINFO
CPU: Please stop asking for ANY
OS: See draft-ietf-dnsop-refuse-any
3789s (01:03:09)
bayanradio.nl IN NS norm.ns.cloudflare.com 69130s (19:12:10)
bayanradio.nl IN NS nicole.ns.cloudflare.com 69130s (19:12:10)
157.146.27.104.in-addr.arpa IN HINFO
CPU: Please stop asking for ANY
OS: See draft-ietf-dnsop-refuse-any
3789s (01:03:09)
Traceroute
Tracing route to www.bayanradio.nl [104.27.146.157]...
hop rtt rtt rtt ip address fully qualified domain name
1 0 0 0 208.101.16.73 49.10.65d0.ip4.static.sl-reverse.com
2 0 0 0 66.228.118.153 ae11.dar01.sr01.dal01.networklayer.com
3 0 0 0 173.192.18.210 ae6.bbr01.eq01.dal03.networklayer.com
4 0 0 0 141.101.74.253
5 0 0 0 104.27.146.157
Trace complete
www.bayanradio.nl IN HINFO
CPU: Please stop asking for ANY
OS: See draft-ietf-dnsop-refuse-any
3789s (01:03:09)
bayanradio.nl IN NS norm.ns.cloudflare.com 86400s (1.00:00:00)
bayanradio.nl IN NS nicole.ns.cloudflare.com 86400s (1.00:00:00)
bayanradio.nl IN HINFO
CPU: Please stop asking for ANY
OS: See draft-ietf-dnsop-refuse-any
3789s (01:03:09)
bayanradio.nl IN NS norm.ns.cloudflare.com 69130s (19:12:10)
bayanradio.nl IN NS nicole.ns.cloudflare.com 69130s (19:12:10)
157.146.27.104.in-addr.arpa IN HINFO
CPU: Please stop asking for ANY
OS: See draft-ietf-dnsop-refuse-any
3789s (01:03:09)
Traceroute
Tracing route to www.bayanradio.nl [104.27.146.157]...
hop rtt rtt rtt ip address fully qualified domain name
1 0 0 0 208.101.16.73 49.10.65d0.ip4.static.sl-reverse.com
2 0 0 0 66.228.118.153 ae11.dar01.sr01.dal01.networklayer.com
3 0 0 0 173.192.18.210 ae6.bbr01.eq01.dal03.networklayer.com
4 0 0 0 141.101.74.253
5 0 0 0 104.27.146.157
Trace complete
The site IP address may be in this range 67.15.47.0 - 67.15.47.255
Currently alive hosts from that range:
Currently alive hosts from that range:
Where this you find this /24 subnet?
I think the best bet would be to speak to the registrar about the domain being used unlawfully (if it is) they will soon remove the nameservers.
The site IP address may be in this range 67.15.47.0 - 67.15.47.255
Currently alive hosts from that range:
Currently alive hosts from that range:
Here's some info regarding the registrar
Yeah These guys own tons of Website, all related to some form of scamming in netherlands.
I would recommend to look for a different Website which is still active and might not be hosted by cloudfare or timeweb.ru (other hoster they are using).
With a quick search I found 10 Websites all registered at the same PO box.
Here's some info regarding the registrar
DNS brute-force scan didn't yield any positive results
They are just 2 ns servers that cloudflare use. I suggest looking into this scotcoin project and seeing what you can find out (if this other site is crypto related also)
Maybe see what is on the same server, check their nameservers, check that IP see what is on same hosting also. You will find a lot but it may be a bit of a jigsaw.
Il have a look in about an hour when im back.
The scotcoin is also using cloudflare .
This is the ip Address 104.24.111.116, trying hard but cannot find i am out.
I found something from the scotcoin site that could be used on he other one.
In the same panel that I used before there is a cloudflare.min.js file which is the first file sent which must contain the IP of the site for it to forward it?
That means that if someone can crack that code then they can easily gain access to the actual site IP?
(I'll see if this is on the original site in question too).
EDIT: that file is not sent by cloudflare from the website in the OP?
DNS brute-force scan didn't yield any positive results
They are just 2 ns servers that cloudflare use. I suggest looking into this scotcoin project and seeing what you can find out (if this other site is crypto related also)
Maybe see what is on the same server, check their nameservers, check that IP see what is on same hosting also. You will find a lot but it may be a bit of a jigsaw.
Il have a look in about an hour when im back.
The scotcoin is also using cloudflare .
This is the ip Address 104.24.111.116, trying hard but cannot find i am out.
DNS brute-force scan didn't yield any positive results
They are just 2 ns servers that cloudflare use. I suggest looking into this scotcoin project and seeing what you can find out (if this other site is crypto related also)
Maybe see what is on the same server, check their nameservers, check that IP see what is on same hosting also. You will find a lot but it may be a bit of a jigsaw.
Il have a look in about an hour when im back.
There isn't a way of finding it out (I don't think)!
If I look at the network information from my "firefox>inspect element>network" I get 104.27.147.157:80.
104.27.147.157 - is owned by Cloudflare.
Interestingly, on a who.is search, the domain is also owned by Cloudflare (though it is an irregular domain as it is not like a .com or .co.uk one where you can easily get information from it)
From the information avaliable, is it possible that the server is placed atually on cloudflare's companie's servers.
If you were trying to do a (D)DoS attack then you could always try to use 104.27.147.157:80 address to do it.
Otherwise, if you (D)DoS the address 104.27.147.157 and cloudflare have no protection against it (apart from a high bandwith) then you can then try and access the site though the DNS servers may forward you to a page that states that there is a "failed handshaking", "failed connection" or "connection timed out" error.
If I look at the network information from my "firefox>inspect element>network" I get 104.27.147.157:80.
104.27.147.157 - is owned by Cloudflare.
Interestingly, on a who.is search, the domain is also owned by Cloudflare (though it is an irregular domain as it is not like a .com or .co.uk one where you can easily get information from it)
From the information avaliable, is it possible that the server is placed atually on cloudflare's companie's servers.
If you were trying to do a (D)DoS attack then you could always try to use 104.27.147.157:80 address to do it.
Otherwise, if you (D)DoS the address 104.27.147.157 and cloudflare have no protection against it (apart from a high bandwith) then you can then try and access the site though the DNS servers may forward you to a page that states that there is a "failed handshaking", "failed connection" or "connection timed out" error.
DNS brute-force scan didn't yield any positive results
If u are able to find the real ip ie server's ip address behind the website http://bayanradio.nl/ and not the cloud fare one then u get the bounty.Finding should be attached with proof.
If u are successful then u get 2 more jobs
Regards
If u are successful then u get 2 more jobs
Regards
Its funny, they are on the same 2 nameservers that http://scotcoinproject.com/ is on. Another crypto project
http://www.whois.com/whois/scotcoinproject.com
which is hiding the ip of 185.24.99.98 - http://w3bin.com/ip_info/185.24.99.98 Uk Webhosting Ltd
wouldnt surprise me if they were on the same network under a different IP.
I think u are getting closer
Hey i am running the scan to ip address .
The ip address is 104.27.146.157
Address is in my profile.
It's cloudflare ipThe ip address is 104.27.146.157
Address is in my profile.
Ping http://104.27.146.157
Jump to: