How to find out if a site is behind CloudFlare or not

How to utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network, said in articles:

In this note, we will learn how to check whether a site is using CloudFlare or not?

Does a site use name servers of CloudFlare

One of the signs that the site stays behind CloudFlare is usage of the CloudFlare name servers, which look like *

Name Servers of a site can be viewed with the dig command, running it as follows:

dig DOMAIN NS +short

Where the word DOMAIN should be replaced with a domain name, for example:

dig NS +short

Alternatively, you can use whois command with filtering out the excess information:

whois DOMAIN | grep -E '^nserver|^Name Server'


whois | grep -E '^nserver|^Name Server'
Name Server:
Name Server:

Does a site use the CloudFlare IP?

The second, even more reliable way to find out whether a site is protected with CloudFlare is to check if the IP of the site of interest belongs to this organization.

IP of a site can be found as follows:

dig DOMAIN +short


dig +short

One or more IP addresses can be displayed, use anyone for analysis.

Check the received IP with the whois command like that:

whois IP_address



If a ‘Cloudflare, Inc.’ string is present in the information received, then the target site uses the CloudFlare IP and, therefore, is protected by this network.

Online service to check if a site is using CloudFlare

The described methods are automated in the online service, you just enter a domain name of a site and it will check its NS records and its IP for belonging to Cloudflare.

Instead of whois, the GeoLite2-ASN database is used, but it does not change the essence.

Output example of the service:

Last Updated on

Recommended for you:

Leave a Reply

Your email address will not be published.