How to check the real ip host server behind cloud flare?

Hi, Criminal IP forum!
anyone here can help me with how to check the real ip host server hidden behind cloud flare?
I’ve read Criminal IP blog generally talking hidden IP addresses of deepfake pornography website owner who victimized over 190 Kpop idols.
https://blog.criminalip.io/2022/08/04/deepfake-porn-site/
They said they can find real IP hidden behind cloudflare using nslookup. But they ended in a vague sense. Does anybody can tell specificaly how to check Real IP that is hidden by vpn, proxy, or cloud flare and etc.
I really want and need more details on this… thanks!

you can’t find the IP behind cloudflare unless they mess up somehow.
they only found cloudflare’s IPs using nslookup, not the site owner

then anyways to detect it??

historical DNS. they may have scanned the website before it turned cloudflare on

maybe criminal ip research team scan the whole internet all the time, and if they find that same website on another IP address, then that’s the origin IP address behind cloudflare.

It make sense

Agree with 2 above users. maybe criminal ip research team watch DNS for that website all the time and if the site owners ever turn cloudflare protecion off for testing or temporarily or whatever, then they record that obviosuly if anyone could just bypass cloudflare all the time, it wouldn’t be of much use. So all cases are the site owner messing up. If you run your site behind cloudflare perfectly, then nobody can see your real IP

Thanks for your explanation. I feel that still, I should gonna study a lot more :slight_smile:

Well. maybe they take any website with a bad reputaton and poll them hourly. and of course its possible the attacker has other DNS records besides the website, for example maybe they host their website through cloudflare, but they run their own email that doesn’t go through cloudflare. That would also expose them.