CloudFlare-Watch, a project of Public Information Research, follows in the footsteps of other PIR projects. NameBase has been on the Internet since 1995. Google-Watch began in 2002 when no one else was criticizing Google. Scroogle started in 2005 and lasted until Google began throttling our servers in 2012.
At PIR we believe in privacy for passive users of the web (this is what Scroogle provided). But publishers on the web, as opposed to passive users who merely read pages, should be accountable. All CloudFlare customers are publishers, and many use CloudFlare because it encourages them to hide their original IP address. When they receive abuse complaints, CloudFlare resorts to diversions to pretend that they are acting responsibly assuming that they respond at all. A refusal to embrace web accountability leads to cybercrime. That's why we use the term "CrimeFlare" to describe this company.
There are sites on the web that specialize in collecting registration and nameserver data. Several are serious research sites, while the rest are sites claiming that various domain names are worth big bucks in potential ad revenue, based on their traffic. CloudFlare maintains over 100 nameservers, and customers must change the nameservers on their registration in order to use most services. Each customer's domain is assigned two nameservers. This makes it easier to verify which domains depend on CloudFlare, and helps us keep our domain lists relatively current.
Since customers can fiddle with their nameserver records on CloudFlare's control panel, there is a huge amount of churn happening behind any research about domains that use CloudFlare. If connectivity seems intermittent, for example, a customer might set his control panel to bypass CloudFlare temporarily. CloudFlare does not handle email, and some customers need a special MX record for email. Subdomains are another source of confusion, as these records must be listed a certain way to keep them hidden. If the customer isn't careful, a "direct-connect" IP address might be publicly visible, and persist until the customer takes steps to keep it hidden.
Some domains ( 802,896 ) that recently used CloudFlare
If the direct-connect lookup failed, the domain is not shown with an IP address and country, but is simply shown with two nameservers. For example, a domain that shows "rita jeff" after it means that it was assigned nameservers rita.ns.cloudflare.com and jeff.ns.cloudflare.com. The current direct-connect count is 603,769. Our data is cumulatively updated once per week. Here is a 5.93MB zip file of only the domains with IP addresses, without the country lookup, that you can download and unzip. By scanning this file for specific IP addresses or netblocks, experienced researchers sometimes discover clues about who is hiding behind CloudFlare.
IP addresses may be current, or they may have been current as long ago as August 2012. Enter a domain in the search box below to see the date stamps of our IP address lookups. If the direct-connect fetch done by the search below is unsuccessful or inconclusive, this means that further research is needed to discover whether an IP address is still valid.
A second 4.65MB zip file lists all domains in our database, sorted by paired nameservers. Researchers use this to find additional domains on a single CloudFlare account, thereby developing more clues. A specific pair of nameservers yields a maximum of a few hundred domains from this list, making it possible to scan manually.
000-514 515-acz ada-all alm-anz aoa-aua aub-baz bba-bil bim-boz bpa-caa cab-cdz cea-cho chp-cnz coa-cot cou-cyz cza-dem den-djz dka-dyl dym-emz ena-exa exb-fhz fia-for fos-fyz fza-gih gii-grz gsa-hau hav-hnz hoa-hun huo-imz ina-isa isb-jez jfa-kar kas-krz ksa-led lee-lnz loa-maf mag-mbz mca-mim min-moz mpa-nam nan-niz nja-okv okw-oyz oza-per pes-pnz poa-pro prp-raz rba-rhe rhf-rxz rya-see sef-shz sia-sob soc-ssz sta-suo sup-tdz tea-thd the-thz tia-tra trb-ukz ula-vic vid-waz wba-wik wil-wxz wya-yka ykb-zzz
If you find a listing that interests you, or if you know of a domain that uses CloudFlare but is not listed, enter that domain in the search box. Several lookups will be done to see if a direct-connect IP address can be found. If so, a final test will try to fetch a page from that address. If that works, it will show the title from that page.
Enter a domain:
It costs $22 USD a day to keep CloudFlare Watch online with updated domain listings. Since January 1, 2014 we have received $3699 in donations, while our budget requires $5764 for the same period. Donations are tax-deductible. ( This box is updated daily. )