alt alt

So as everyone already knows there was a huge leak of data for months for websites who use Cloudflare services. To make my changing of passwords a bit easier, and more focused / targeted I put together a little setup to check all of my Lastpass saved sites for Cloudflare name servers.

First I exported my Lastpass information to a .txt format from their website export feature.

Then I used a quick and dirty parsing -replace feature of powershell to clean it up:

$newdata = (gc last_pass_sites.txt) -replace '^.*?https?://(.*?)/.*', '$1'
$newdata >> new_sites.txt

This wasn't perfect and i had to manually clean up about 4 or 5 sites that did not contain the trailing "/" on their website. But wasn't enough to make me want to tweak the code above. This is a quick method to check all these sites so I just manually fixed about 5 entries.

Next I performed a Whois against each of the sites, and spit out which sites that matched the word "CLOUDFLARE" in the whois data. Here is the code below:

function check-cloudflare{
$web = New-WebServiceProxy ‘’
$sites = get-content C:\users\forgo\Desktop\newsites.txt
foreach ($site in $sites){
    $sitewhois = $web.GetWhoIs("$($site)")
    if ($sitewhois -match "CLOUDFLARE"){
        write-host "!!!!!! $($site) Uses Cloudflare !!!!!!"

The output looks like:

PS C:\users\forgo\Desktop> check-cloudflare
!!!!!! Uses Cloudflare !!!!!!
!!!!!! Uses Cloudflare !!!!!!
!!!!!! Uses Cloudflare !!!!!!
!!!!!! Uses Cloudflare !!!!!!
!!!!!! Uses Cloudflare !!!!!!

This allowed me to focus on these websites first that I know for a fact I have used, and have saved password for in Lastpass. Obviously this is not a fix all solution but definately helped me get these site passwords changed FIRST.