When viewing a web page, it can be useful to determine who controls the web content and the web server. Study the URL. Make a whois on the domain name. Perform a traceroute to the hostname.
Read the website and contact the point of contact (if any). You can use an IP geolocation service to obtain the location based on the IP. This may not always work for all IPs. You can also do this for all the jumps you make, which you can list by doing a traceroute (with tracert on Windows or traceroute in *NIX) and see where your request goes.
DNS records are many places where historical records are archived. These historical DNS records will contain the source IP of the website via CDN. These historical DNS records are likely to contain the source IP of the website via CDN. As I mentioned earlier, there is a possibility that some websites may have misconfigured DNS records from which we can gather useful information.
These websites mainly use cloud-based security services, proxies or DNS, which makes it a little difficult to find the Origin IP. As you can see above, there is an IP that I explored and realized is the source IP of the website. A CDN reverse proxy takes this concept a step further by caching responses from the origin server that are returning to the client. Many websites use the protections mentioned above to hide their source IP and prevent attackers from suffering DDoS attacks and other malicious actions that attackers can do.
Hi guys, I'm HolyBugX. I started writing this after this tweet, since I saw that a lot of interested people wanted me to do it, so I decided to share my knowledge with you. The original post is on ZDResearch, but I also shared it here. With these tools you can find Vhosts and, if your target is configured as Vhost, then you have the opportunity to find the source IP.
By using other subdomains compared to the root domain, they are more likely to succeed, since they could serve files that could create vulnerabilities in the disclosure of information and, therefore, filter the source IP. MX records are one of the most commonly used methods, in terms of how easy it can sometimes be to find the source IP. The answer is quite simple and brief; once you have the source IP of a website, you can bypass all the protections offered by a CDN. The problem with whitelisting IP addresses is that they must have the IP addresses of all their CDN edge servers that can access their source.
