=========================================================
Use shodan.io to discover origin IP addresses
https://shodan.io and search for Ssl.cert.subject.CN:โ[location]โ 200
- Ensure that the identified IP address actually bypasses the WAF (Cloudfront etc.), otherwise consider it to be a non-issue
https://blog.detectify.com/2019/07/31/bypassing-cloudflare-waf-with-the-origin-server-ip-address/
=========================================================
CloudFlare Bypass
<svg only=2 onload=confirm(2)>
- https://www.arridae.com/blogs/Bypassing-Cloudflare-WAF.php
- https://github.com/zidansec/CloudPeler
=========================================================
Using Censys
- https://search.censys.io/
=========================================================