Namecheap Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Namecheap Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Shubh Jain (@shubh19) reported 20 seconds ago

  real monthly infra cost of a solo SaaS in 2026: - Supabase free: ₹0 - Railway starter: ₹800 - Resend free (3K emails): ₹0 - Cloudflare free: ₹0 - UptimeRobot free: ₹0 - Sentry free (5K errors): ₹0 - PostHog free (1M events): ₹0 - Vercel hobby: ₹0 - Namecheap domain: ₹900/year - Anthropic API (light usage): ₹500–2K total: under ₹2,000/month the "I can't afford to build" excuse died in 2024. what's the real reason?

• 
  Imagine-This (@ImagineThisSM) reported 29 seconds ago

  @Namecheap hi, all my sites and applications are down, whats going on. please update us right away

• 
  Andrew Warner (@AndrewWarner) reported 4 minutes ago

  Goodbye SquareSpace. Finally! I've hated having my wife's site on Squarespace. Some consultant set her up with it and I never had the patience to move it. On Sunday I told Claude Code to copy her site to a free @Cloudflare acount. Then I told Claude's Chrome plugin to figure out how to tell NameCheap where to point the domain. So satisfying.

• 
  rodrigo (@_whiletruedo) reported 5 minutes ago

  @Namecheap thx for the heads up! I'll reach out the support. but don't be alarmed bc you're my first choice to buy domain sice ever! and I'll continue to buy!

• 
  ... (@irucsbo) reported 6 minutes ago

  @NamecheapCEO I used Namebase (owned by @Namecheap) to manage my funds. Three months ago, you sold the platform without notifying your clients. Since Namecheap sold the platform, I have lost access to my funds, and this issue has now been ongoing for more than three months.

• 
  Akinsete Motunrayo (@Harkinsete) reported 10 minutes ago

  I built my entire personal brand with AI and a clear process. Here is exactly what I built and how I did it, because you can do this too. What I Built ✅ Brand Strategy (mission, vision, values) ✅ Visual identity: colors, fonts, logo, brand guidelines ✅ A full pitch deck (12 slides) ✅ A speaker kit PDF ✅ A complete multi-page personal brand website ✅ A free lead magnet (a guide people can actually use) How I Built the Website Step 1: I planned before I touched anything I wrote down my brand colors, my fonts, my page structure, and what I wanted each page to do. Most people skip this. Everything breaks when you skip this. Step 2: I gave Claude one detailed prompt with my brand colors, fonts, pages, and copy. It returned a complete, mobile-responsive, multi-page website as a single HTML file. One file. Ready to deploy. The prompt I used: - "Build me a complete personal brand website as a single HTML file. Pages: Home, About, Services, Portfolio, Contact. Primary color [your hex], accent color [your hex], background [your hex]. Display font [font name], body font [font name]. Home page needs: dark hero with my name, photo on the right, tagline, and a CTA button. Services section. Impact numbers. Mobile responsive. No frameworks." Copy this, edit your details, and fine-tune as you want. Step 3: I pushed to GitHub: Free. This took me less than five minutes. Now every update I make is version-controlled and safe. Step 4: I deployed to Vercel for free. Connected my GitHub repo to Vercel and the site was live in under few minutes. This requires no hosting fees and nothing to manage. Step 5: I bought my domain on Namecheap - Searched for my full name and found the .com. Bought it for less than $12 for the year. Added it to Vercel. Updated the DNS settings on Namecheap. Waited 20 minutes. My website was live at my own domain. - Total cost: less than $12. - Total time to go live: under 2 hours. I am also working on a mobile app. A Progressive Web App, which means anyone can visit the URL on their phone and add it to their home screen like a real app. I may be running a live training in July where I will walk you through this entire process step by step to build your live website with a custom domain. If you have a phone and a laptop, you can do this. I documented everything the steps, the exact AI prompts, the domain checklist, the deploy instructions in a free PDF guide. Comment BRAND IDENTITY below and I will send it straight to your inbox. 💾SAVE THIS POST. You will want to come back to it. 🔁 SHARE IT with someone who keeps saying they need a website. The only thing standing between you and a professional online presence is the decision to start. Love and Light, Motunrayo 🤍

• 
  Great Bin Elroi (@OgaGreat) reported 13 minutes ago

  International companies understands customer care ! @Namecheap can reply even at 12 midnight ! That is a company that is customer oriented .

• 
  O.G Obinna (@Obinna_Gates) reported 14 minutes ago

  @tomilola_ng @timithechef I’ve used hostinger way back in 19/20, Dreamhost VPS 22/23. I stuck with namecheap for their customer support. It’s the best & cheapest.

• 
  Jamie Madden (@dcwhatwhat) reported 15 minutes ago

  I am down to 1 page of domains on my namecheap account, from 3 pages. AMA

• 
  🛡️Shir Khorshid Noor Cyber Unit🛡️ (@FriendOfTheInst) reported 17 minutes ago

  Sponsored search results are not a trust boundary. A fake ChatGPT download campaign used brand impersonation, malvertising, shared-link abuse, cloaking, platform-specific payloads, CAPTCHA gating, Electron packaging, JavaScript obfuscation, and staged execution to deliver malware to Windows and macOS users. This is not merely another fake download page. It is a clear demonstration of how attackers exploit trust across multiple layers: • Trusted brand • Trusted search flow • Trusted-looking ad placement • Trusted-looking domain patterns • Trusted UI/branding • Trusted installer frameworks • Trusted code-signing assumptions • Trusted AI platform sharing features What happened: Attackers promoted a fake OpenAI/ChatGPT download experience using the domain: openew[.]app The site copied OpenAI-style branding and offered download paths for: • Windows • macOS • Chrome extension The Chrome extension path linked to a legitimate ChatGPT-related extension, further increasing perceived legitimacy. The Windows and macOS download paths delivered malware. Attackers also abused legitimate ChatGPT shared conversation links, including chatgpt[.]com/s/ pages, to host fake outage or download pages. A link hosted on a trusted domain can still deliver attacker-controlled content to users. The campaign employed cloaking and conditional rendering: automated scanners and analysis tools were shown benign content, reportedly an unrelated AR/VR company site, while real browsers received the malicious ChatGPT-themed download experience. That is the key lesson: A trusted domain, HTTPS padlock, sponsored ad, or polished UI does not equal a safe download. Why this campaign matters: Victims were not browsing dark web forums or downloading cracks. They were searching for a legitimate AI tool. That is why malvertising is effective: it targets high-intent users at the exact moment they are ready to install software. The campaign turned normal user behavior into an initial access path. Windows chain: The Windows payload was distributed as: Chat_GPT.exe Reported SHA-256: 56CC26E88C064B0C423AA8AD6530E58F91D1E4D28FAB1A8BCEDEF16A6582B4D2 Additional reported Windows hash: c9e0e6985dca3a179c9bdea4e7b38f7dc57fe00ecedc2fd634256fc53bf2de2d Important: hashes are useful for triage, not sufficient for defense. Campaigns rotate samples. Hunt behaviorally. Windows technical observations: • Installer built with Inno Setup • Electron-based application • Chromium runtime components • resources\app.asar archive • Large obfuscated JavaScript payload identified as winter.js • Hex-encoded strings • Dynamically resolved functions • Control-flow obfuscation • Event-driven execution • CAPTCHA gating before core behavior • Inner Electron payload (App.exe) launched after installation • PowerShell spawned after CAPTCHA completion Observed PowerShell pattern: -ExecutionPolicy Unrestricted -Command - That trailing dash matters. It suggests commands may be supplied through standard input rather than appearing directly in the process command line. This reduces the value of command-line-only detection and makes process-tree and behavioral monitoring much more important. Static red flags: The filename suggested ChatGPT, but embedded metadata reportedly identified the installer as: PovariEGLESVapp Setup The executable was signed by: F.F.A.P. Hurkmans Beheer B.V. That publisher does not align with OpenAI or ChatGPT. Important reminder: a valid code signature does not mean software is safe. It only confirms that the file was signed by a certificate and has not been modified since signing. It does not establish that the software is legitimate or authorized by the brand it imitates. Additional Windows indicators: • App.exe SHA-256: D9AD44D43E57B870793FA5CF7FB3A813990D0CBD0C7087BDE70A5E61FB1F1FE6 • Unexpected Chromium/Electron profile: %APPDATA%\Satoshi • Additional reported path: %APPDATA%\LeronApplication • Reported Electron/Node capabilities: systeminformation, child_process, os, fs, zip-lib, Those modules indicate a capable execution environment: system discovery, file access, archive handling, process execution, and network communication. macOS chain: The macOS payload was delivered as: ChatGpt.dmg Reported SHA-256: 7E5B708F6659B1FAD3AAE7B589A706434FBF21708AEEC5AF5910189B96E25FEF Additional reported macOS hash: c0919e1999eaee67e67aeda0287722775afb04e9a9a0f727928b4d11265fb70b The macOS malware is reported as Odyssey Stealer, a fork of AMOS / Atomic Stealer. Reported macOS targeting includes: • Browser passwords • Browser cookies • Saved logins • macOS keychain data • Telegram sessions • Cryptocurrency wallet directories • Desktop/Documents files with sensitive wallet/key extensions • Ledger Live • Trezor Suite • Exodus • Electrum • Sparrow The most dangerous macOS behavior: Wallet replacement. The malware reportedly attempts to replace legitimate wallet-related applications with trojanized versions. That means a victim may later open what appears to be their normal wallet app, but actually launch an attacker-controlled version. That is not only credential theft. That is long-tail financial compromise. Infrastructure: Reported malicious domain: openew[.]app Reported infrastructure includes: 144[.]172[.]104[.]205 188[.]137[.]246[.]189 192[.]253[.]248[.]181 172[.]94[.]9[.]250 Infrastructure notes: • Recently registered domain • Namecheap / registrar-servers infrastructure reported • RouterHosting infrastructure reported • Passive DNS linked infrastructure to other suspicious or malicious domains • .app domains require HTTPS, so browsers show a padlock The padlock only means the connection is encrypted. It does not mean the site is legitimate. Detection opportunities for defenders: 1. Newly created executables launched from Downloads, Temp, or other user-writable paths 2. Trusted-brand filenames that do not match embedded metadata 3. Installer publisher mismatch: filename says ChatGPT, signer is unrelated 4. Electron apps spawning scripting engines: powershell.exe cmd.exe osascript bash sh zsh 5. PowerShell with: -ExecutionPolicy Unrestricted -Command - 6. Unexpected Chromium/Electron profile directories, such as: %APPDATA%\Satoshi %APPDATA%\LeronApplication or other anomalous Electron profile paths 7. app.asar archives containing large obfuscated JavaScript bundles 8. CAPTCHA or user-interaction gating before malicious behavior 9. Newly registered domains impersonating major software or AI vendors 10. Users installing software from ads instead of official vendor channels 11. Suspicious wallet-app replacement attempts on macOS 12. Post-install network traffic to low-cost VPS infrastructure 13. Legitimate AI sharing URLs that render fake support, outage, update, or installation pages 14. Download pages that show different content to scanners than to real browsers The key defensive point: Do not build detections only around hashes or static strings. This campaign reduces the value of static analysis through: • Obfuscation • Runtime string construction • CAPTCHA gating • Electron packaging • Conditional execution • Cloaking • Staged payload behavior • Shared-link abuse on trusted domains The better approach: • Behavioral detection • Process-tree monitoring • Parent-child process analysis • Script-engine execution monitoring • Browser/download source telemetry • Application control • Newly registered domain monitoring • Publisher and metadata validation • EDR detections for Electron-to-shell execution • Monitoring for AI-platform shared links used as delivery pages • User training focused on sponsored-result and fake-download risk For users: Only download ChatGPT from official OpenAI channels or the Microsoft Store. Do not install software from ads, mirror sites, download portals, unfamiliar domains, or fake support/outage pages. If you installed a “ChatGPT” app from an ad or unfamiliar page: Use a clean device and: • Sign out everywhere from important accounts • Change passwords, starting with primary email • Rotate API keys, SSH keys, cloud credentials, and tokens • Revoke active sessions for email, GitHub, cloud, Discord, Telegram, crypto exchanges, banking, and password managers • Move crypto funds from a clean device • Do not open Ledger/Trezor apps on a potentially infected Mac • Monitor financial accounts • Reinstall the OS • Notify IT/security immediately if it was a work device For AI vendors and platform owners: This is now part of the product security perimeter. Brand impersonation, malicious search ads, fake download pages, clone domains, and abuse of shared AI content are active distribution channels. Practical controls: • Make official download links easy to find • Monitor sponsored ads for brand abuse • Monitor newly registered lookalike domains • Detect abuse of shared-content features • Run takedowns quickly • Publish clear download guidance • Provide signed-installer verification guidance • Coordinate with search/ad platforms • Alert users when major impersonation campaigns are active Bottom line: Attackers are not just exploiting ChatGPT. They are exploiting the trust, urgency, and confusion around fast-moving AI adoption. Today it is ChatGPT. Yesterday it was another AI tool. Tomorrow it will be the next trending product. The malware can rotate. The domain can rotate. The payload can rotate. The brand can rotate. The infrastructure can rotate. The defensive mindset must rotate too: From: “Is this file known bad?” To: “Is this behavior legitimate for this software, this publisher, this user, this source, and this execution context?” That is the difference between signature-based reaction and modern detection engineering. Analysis draws on reporting from Malwarebytes Labs, Evalian SOC, Push Security, BleepingComputer, CybersecurityNews, and OpenAI documentation. #CyberSecurity #Malvertising #ThreatIntelligence

• 
  Spencer Heckathorn (@mrhobbeys) reported 17 minutes ago

  @BacLeodiv Everyone hates on Godaddy but I e been there 20 years and only had one major issue related to their migration in the early 2010s. Hundreds of domains and 40ish customers. No complaints. I also use the others. Namecheap is up and down on their support. Cloudflare I thought of as expensive. But honestly they all are now.

• 
  Priyangu Patel (@patelpriyangu) reported 20 minutes ago

  @PratikSinhatwt Namecheap I use which is the best in pricing and support.

• 
  Sergio (@sergionoodle) reported 21 minutes ago

  @FrancescoCiull4 How is Namecheap nowadays? I dropped them a while back as prices went up and quality down.

• 
  RGK🌹 (@rgk_degen) reported 24 minutes ago

  1 prompt. Claude builds a $2,000/week website from scratch. Here’s the exact system, step by step. Most people build sites the wrong way. They hire a developer for $3,000–8,000. Wait 3–6 weeks. Get something generic. Then pay another $500/month to maintain it. The new way: 1 prompt. 45 minutes. Launch-ready. WHAT YOU’RE BUILDING A niche service landing page conversion-optimized, Stripe-integrated, SEO-structured that targets a local or vertical market with $200–500 average order value. Target: $2,000/week minimum by week 4. THE PROMPT ARCHITECTURE Your 1 prompt has 4 layers: → Layer 1 Business context “I’m building a [niche] service site targeting [city/audience]. Average order: $[X]. Primary CTA: book a call / buy now.” → Layer 2 Stack spec “Build in HTML/CSS/JS, Stripe Checkout embedded, Calendly widget for booking, Google Analytics 4 ready.” → Layer 3 Content skeleton “Homepage: hero with pain point + 3 benefits + social proof section + FAQ + CTA. No blog. No filler.” → Layer 4 Conversion rules “Above the fold: 1 headline, 1 subheadline, 1 button. No nav clutter. Mobile-first. Load under 2 seconds.” Paste all 4 layers into Claude as 1 message. Hit send. WHAT CLAUDE DELIVERS IN 45 MINUTES → Full HTML file, production-ready → Stripe Checkout flow embedded → Mobile layout done → Meta tags + OG data for social sharing → Contact form wired to Formspree (free tier) You copy the output. Drop into Netlify or Vercel. Live in 8 minutes. Domain: $12/year on Namecheap. Hosting: $0. Total launch cost: $12. REALISTIC REVENUE PROGRESSION Week 1 Site live. Run $50 in Meta ads to local audience. 3 conversions at $150 = $450. Week 2 Add Google Business Profile. 2 organic calls. 1 closes. $200. Week 3 Raise price 20%. Run retargeting on the 60 visitors who didn’t convert. $600. Week 4 Email the 3 week-1 buyers. Ask for referrals. 2 referrals at $250 = $500 + repeat. Total week: $2,100+. The site didn’t change. The traffic system compounded.

• 
  Longevity World Cup (@LongevityWorldC) reported 31 minutes ago

  Longevity World Cup is temporarily unavailable due to a @Namecheap hosting network incident affecting hosted websites and accounts. We’re monitoring the situation and will be back online once connectivity is restored.