Categories
Furry Fandom Online Privacy

How to De-Anonymize Scam/Knock-off Sites Hiding Behind CloudFlare

Furry Twitter is currently abuzz about a new site selling knock-off fursuits and illegally using photos from the owners of the actual fursuits without permission.

The website in question.

Understandably, the photographers and fursuiters whose work was ripped off by this website are upset and would like to exercise their legal recourse (i.e. DMCA takedown emails) of the scam site, but there’s a wrinkle:

Their contact info isn’t in DNS and their website is hosted behind CloudFlare.

CloudFlare.
Private DNS registration.

You might think this is a show-stopper, but I’m going to show you how to get their server’s real IP address in one easy step.

Ordering the Server’s IP Address by Mail

Most knock-off site operators will choose open source eCommerce platforms like Magento, WooCommerce, and OpenCart, which usually have a mechanism for customers to register for an account and login.

Usually this mechanism sends you an email when you authenticate.

(If it doesn’t, logout and use the “reset password” feature, which will almost certainly send you an email.)

Once you have an email from the scam site, you’re going to need to view the email headers.

With Gmail, can click the three dots on the right of an email then click “Show original”.

Account registration email.
Full email headers after clicking “Show original”.

And there you have it. The IP address of the server behind CloudFlare delivered piping hot to your inbox in 30 minutes or less, or your money back.

That’s a fairer deal than any of these knock-off fursuit sites will give you.

Black magic and piss-poor opsec.

What Can We Do With The Server IP?

You can identify who hosts their website. (In this case, it’s a company called Net Minders.)

With this knowledge in mind, you can send an email to their web hosting provider, citing the Digital Millennium Copyright Act.

One or two emails might get ignored, but discarding hundreds of distinct complaint emails from different people is bad for business. This (along with similar abuse complaints to the domain registrar, which isn’t obscured by DNS Privacy) should be enough to shut down these illicit websites.

The more you know!

Epilogue

The technique is simple, effective, and portable. Use it whenever someone tries to prop up another website to peddle knock-off goods and tries to hide behind CloudFlare.

By Soatok

Security engineer with a fursona. Ask me about dholes or Diffie-Hellman!

2 replies on “How to De-Anonymize Scam/Knock-off Sites Hiding Behind CloudFlare”

Hey Soatok,

I was recently given the opportunity to write an article review of the upcoming movie “The Fandom”, which airs live this July 3rd on Amazon Prime and YouTube. I wanted to inquire about the possibility of having my article featured on your Blog. My article can be found at https://fuzzballstorytime.com/the-fandom-documentary-a-blast-from-the-past/. Thanks, and have a nice day!

Sincerely, Joshua Bergren
A.K.A “Moonraiser”

Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s