Network Tool

Cloudflare IP Resolver & DNS Lookup

Find the real IP behind Cloudflare, check all DNS records, detect CDN providers, and analyse domain infrastructure — all in one tool.

Domain or IP address

Enter a bare domain — e.g. github.com, reddit.com, wordpress.com

Try:

About this tool

Cloudflare IP Resolver — Complete Guide

Real-time DNS lookup

Queries all DNS record types (A, AAAA, MX, NS, TXT, CNAME, SOA) live via Cloudflare DoH API.

Cloudflare detection

Detects Cloudflare by checking nameservers, IP ranges, and known CDN signatures.

Email security check

Checks SPF, DMARC, and DKIM records to evaluate email authentication security posture.

CDN provider detection

Identifies if a domain uses Cloudflare, AWS, Fastly, Akamai, or other CDN providers.

How Cloudflare hides the real server IP

User visits yoursite.com

DNS resolves to a Cloudflare IP address (e.g. 104.21.x.x) — NOT your real server.

Request hits Cloudflare edge

Cloudflare's network receives the request, applies WAF rules, DDoS protection, and caching.

Cloudflare forwards to origin

Cloudflare contacts your real server using the origin IP stored in their system.

Response returned

Cloudflare returns the response to the user. The real server IP never appears in public DNS.

Techniques for finding the real IP

🔍

Check subdomains

Common subdomains like mail., cpanel., ftp., direct., or webmail. sometimes bypass Cloudflare and expose the origin IP.

📧

MX records

Email servers are often hosted on the origin server or same network. MX record IPs can reveal the hosting provider or real IP range.

📜

Historical DNS

Services like SecurityTrails and ViewDNS store historical DNS records from before Cloudflare was added. Old A records reveal the origin.

🌐

TXT records

SPF records, domain verification records, and custom TXT entries sometimes contain references to the real hosting infrastructure.

🔐

SSL certificates

Certificates may contain Subject Alternative Names (SANs) revealing internal hostnames or other domains sharing the same origin server.

🗄️

Shodan / Censys

Search engines for internet-connected devices can find servers that respond to your domain's SSL certificate, revealing origin IPs.

Frequently Asked Questions

What is a Cloudflare IP resolver?

A Cloudflare IP resolver attempts to find the real origin server IP address of a website protected by Cloudflare CDN. It checks DNS records, subdomains, MX records, and other indicators that might reveal the underlying server.

Why do websites use Cloudflare?

Cloudflare provides DDoS protection, a Web Application Firewall (WAF), performance improvements through caching and CDN, SSL certificates, and anonymity for the origin server. It sits between visitors and the real web server.

Can I always find the real IP behind Cloudflare?

Not always. Properly configured Cloudflare setups with strict firewall rules that whitelist only Cloudflare IP ranges are very difficult to bypass. However, misconfigured setups, historical DNS records, or exposed subdomains can sometimes reveal the origin.

What are Cloudflare IP ranges?

Cloudflare owns specific IP ranges. If a domain's A record resolves to one of these, the site is behind Cloudflare. Common ranges include 104.16.0.0/13, 104.24.0.0/14, 172.64.0.0/13, 198.41.128.0/17, and others.

What is DNS over HTTPS (DoH)?

DNS over HTTPS sends DNS queries encrypted over HTTPS rather than plain UDP. This prevents ISPs from seeing which domains you look up. This tool uses Cloudflare's public DoH endpoint (1.1.1.1/dns-query) for privacy-preserving lookups.

What are SPF, DKIM and DMARC records?

These are email security records. SPF defines which servers can send email for your domain. DKIM adds a cryptographic signature to emails. DMARC tells receiving servers what to do with emails that fail SPF or DKIM checks. Missing these records makes your domain vulnerable to email spoofing.

Is this tool legal to use?

Yes. This tool only reads publicly available DNS records — the same data accessible via dig, nslookup, or any DNS resolver. No hacking, exploitation, or unauthorised access is involved. Always use this information responsibly and ethically.

Ethical use only. This tool reads publicly available DNS data. Use it for legitimate purposes such as security research, server configuration verification, or network troubleshooting. Always obtain proper authorisation before testing systems you do not own.

☁️

What Cloudflare hides

Cloudflare acts as a reverse proxy, replacing your server IP with Cloudflare anycast IPs in all DNS records.

🔍

Detection methods

Real IPs can sometimes be found via DNS history, SSL certificate data, old MX records, or subdomains not behind Cloudflare.

⚠️

Protect yourself

Ensure all subdomains are proxied. Never send email from your origin IP. Set firewall to only allow Cloudflare IPs.

Frequently Asked Questions

How does Cloudflare hide a server real IP?

Cloudflare acts as a reverse proxy. DNS records point to Cloudflare anycast IPs. Traffic hits Cloudflare edge servers which forward requests to the hidden origin server.

Is finding a real IP behind Cloudflare legal?

Using passive lookups like DNS history and SSL records is legal. Actively probing or attacking a server without permission is not. This tool uses only passive methods.

How can I better hide my server IP?

Use Cloudflare Email Routing instead of origin mail servers. Ensure all subdomains are orange-clouded. Configure your server firewall to only accept traffic from Cloudflare IP ranges. Rotate your origin IP after enabling Cloudflare.

Related Tools

📋

WHOIS Lookup

Domain registration and nameserver info

⚡

Port Scanner

Check open ports on discovered IP

🔒

SSL Checker

Check SSL certificate details

🚫

IP Blacklist Checker

Check if IP is on spam lists