How to find out if a site is behind CloudFlare or not
How to utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network, said in articles:
- How to find out the real IP of a site in Cloudflare
- Database of hidden site's IP behind CloudFlare. Searching for sites belong to the same CloudFlare account
In this note, we will learn how to check whether a site is using CloudFlare or not?
Does a site use name servers of CloudFlare
One of the signs that the site stays behind CloudFlare is usage of the CloudFlare name servers, which look like *.ns.cloudflare.com
Name Servers of a site can be viewed with the dig command, running it as follows:
dig DOMAIN NS +short
Where the word DOMAIN should be replaced with a domain name, for example:
dig anti-malware.ru NS +short angela.ns.cloudflare.com. chip.ns.cloudflare.com.
Alternatively, you can use whois command with filtering out the excess information:
whois DOMAIN | grep -E '^nserver|^Name Server'
whois searchengines.guru | grep -E '^nserver|^Name Server' Name Server: ray.ns.cloudflare.com Name Server: dora.ns.cloudflare.com
Does a site use the CloudFlare IP?
The second, even more reliable way to find out whether a site is protected with CloudFlare is to check if the IP of the site of interest belongs to this organization.
IP of a site can be found as follows:
dig DOMAIN +short
dig searchengines.guru +short 22.214.171.124 126.96.36.199
One or more IP addresses can be displayed, use anyone for analysis.
Check the received IP with the whois command like that:
If a ‘Cloudflare, Inc.’ string is present in the information received, then the target site uses the CloudFlare IP and, therefore, is protected by this network.
Online service to check if a site is using CloudFlare
The described methods are automated in the online service, you just enter a domain name of a site and it will check its NS records and its IP for belonging to Cloudflare.
Instead of whois, the GeoLite2-ASN database is used, but it does not change the essence.
Output example of the service:
- How to find out the real IP of a site in Cloudflare (100%)
- How to find out all sites at an IP (64.9%)
- Online Kali Linux programs (FREE) (60.6%)
- Shared hosting security audit (59.1%)
- badKarma: Advanced Network Reconnaissance Assistant (59.1%)
- Automatic search the database of hacked access points (RANDOM - 50%)