some domains using cloudflare as dns proxy will use this cname that reveal
they real ip address:

direct-connect.domain.com
direct.domain.com

let me give u a sample

# host exploit-db.com
exploit-db.com has address 199.27.134.111
exploit-db.com has address 199.27.135.111

it's clear using cloudflare

what the real ip address??

here goes the answer

===========
# host direct.exploit-db.com
direct.exploit-db.com has address 67.23.70.60
============

sometimes u can check : mail.domain.com

other method is using nmap dns brute force script
http://nmap.org/nsedoc/scripts/dns-brute.html


for a long aged domain web can also check hosting history at netcraft .
e.g:

http://toolbar.netcraft.com/site_report?url=http://www.anti-sec.com

considering the above pattern u may notice this


28-Feb-2010  ---------------->          77.78.103.253
and 1-Mar-2010 ----> 77.78.103.117


at 11 nov 173.245.61.112 -> cloudflare

then u may consider about 1-255 guessable ?? the probability

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.