Namecheap status: hosting issues and outage reports

Problems in the last 24 hours

The graph below depicts the number of Namecheap reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

Most Reported Problems

The following are the most recent problems reported by Namecheap users through our website.

• Hosting (57%)
• Domains (43%)

Live Outage Map

The most recent Namecheap outage reports came from the following cities:

City	Problem Type	Report Time
Tuxtla	Domains	2 days ago
Centerville	Hosting	2 days ago
Noida	Domains	15 days ago
Purmerend	Domains	23 days ago
Istanbul	Hosting	24 days ago
Charleston	Hosting	24 days ago

Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Namecheap Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Shahid (@shd96556) reported 39 seconds ago

  > Claude = coding. ($20/mo) > Supabase = backend. (Free) > Vercel = deploying. (Free) > Namecheap = domain. ($12/yr) > Stripe = payments. (2.9%/transaction) > GitHub = version control. (Free) > Resend = emails. (Free) > Clerk = auth. (Free) > Cloudflare = DNS. (Free) > PostHog = analytics. (Free) > Sentry = error tracking. (Free) > Upstash = Redis. (Free) > Pinecone = vector DB. (Free) Total monthly cost to run a startup: ~$20 There has never been a cheaper time to build.

• 
  Greg Lynch (@g_tone_) reported 47 seconds ago

  @Arfness @1grid_hosting Just been through the drama of moving client domains away from NameCheap (in protest of their pro-Zionist BS). I need to find a home for novelty TLDs that Xneelo doesn't support. Can you recommend anything?

• 
  Abhishek Baxi (@baxiabhishek) reported 1 minute ago

  @Namecheap Two of my domains have been suspended due to a whois issue, and my email hasn't been responded to all day. I've lost access to my business email, and it's quite harrowing. [NC-QTU-9582]

• 
  Adam Maysonet (@synozeer) reported 1 minute ago

  @TopShelfNames @spaceship If someone typed in the domain in their browser bar, they would have seen an Afternic lander. The person instead searched for the domain on Namecheap/Spaceship and bought it that way (aka. reg path), so they may never have even seen the lander.

• 
  Qirisiti Returns (@QirisitiReturns) reported 1 minute ago

  @Namecheap the automatic billing system accepted the stellar hosting and declined the domain and refunded 22 usd to my account, after talking to the support i was told i was supposed to choose reactivation not renewal the money reflected today I was earger to pay for the domain

• 
  Felix Guo (@felix_guo_daxia) reported 5 minutes ago

  @itsaaroshi Fr, straight honest answer: Cloudflare for DNS, management, and zero sketchy upsells.Porkbun & Cloudflare all the way.Porkbun for cheap, clean domain pricing + free privacy. Namecheap mid, Dynadot solid but UI clunky.Never touch GoDaddy (scammy upsells, overpriced). No cringe hidden fees, no forced add-ons, just simple domains.

• 
  🛡️Shir Khorshid Noor Cyber Unit🛡️ (@FriendOfTheInst) reported 6 minutes ago

  Sponsored search results are not a trust boundary. A fake ChatGPT download campaign used brand impersonation, malvertising, shared-link abuse, cloaking, platform-specific payloads, CAPTCHA gating, Electron packaging, JavaScript obfuscation, and staged execution to deliver malware to Windows and macOS users. This is not merely another fake download page. It is a clear demonstration of how attackers exploit trust across multiple layers: • Trusted brand • Trusted search flow • Trusted-looking ad placement • Trusted-looking domain patterns • Trusted UI/branding • Trusted installer frameworks • Trusted code-signing assumptions • Trusted AI platform sharing features What happened: Attackers promoted a fake OpenAI/ChatGPT download experience using the domain: openew[.]app The site copied OpenAI-style branding and offered download paths for: • Windows • macOS • Chrome extension The Chrome extension path linked to a legitimate ChatGPT-related extension, further increasing perceived legitimacy. The Windows and macOS download paths delivered malware. Attackers also abused legitimate ChatGPT shared conversation links, including chatgpt[.]com/s/ pages, to host fake outage or download pages. A link hosted on a trusted domain can still deliver attacker-controlled content to users. The campaign employed cloaking and conditional rendering: automated scanners and analysis tools were shown benign content, reportedly an unrelated AR/VR company site, while real browsers received the malicious ChatGPT-themed download experience. That is the key lesson: A trusted domain, HTTPS padlock, sponsored ad, or polished UI does not equal a safe download. Why this campaign matters: Victims were not browsing dark web forums or downloading cracks. They were searching for a legitimate AI tool. That is why malvertising is effective: it targets high-intent users at the exact moment they are ready to install software. The campaign turned normal user behavior into an initial access path. Windows chain: The Windows payload was distributed as: Chat_GPT.exe Reported SHA-256: 56CC26E88C064B0C423AA8AD6530E58F91D1E4D28FAB1A8BCEDEF16A6582B4D2 Additional reported Windows hash: c9e0e6985dca3a179c9bdea4e7b38f7dc57fe00ecedc2fd634256fc53bf2de2d Important: hashes are useful for triage, not sufficient for defense. Campaigns rotate samples. Hunt behaviorally. Windows technical observations: • Installer built with Inno Setup • Electron-based application • Chromium runtime components • resources\app.asar archive • Large obfuscated JavaScript payload identified as winter.js • Hex-encoded strings • Dynamically resolved functions • Control-flow obfuscation • Event-driven execution • CAPTCHA gating before core behavior • Inner Electron payload (App.exe) launched after installation • PowerShell spawned after CAPTCHA completion Observed PowerShell pattern: -ExecutionPolicy Unrestricted -Command - That trailing dash matters. It suggests commands may be supplied through standard input rather than appearing directly in the process command line. This reduces the value of command-line-only detection and makes process-tree and behavioral monitoring much more important. Static red flags: The filename suggested ChatGPT, but embedded metadata reportedly identified the installer as: PovariEGLESVapp Setup The executable was signed by: F.F.A.P. Hurkmans Beheer B.V. That publisher does not align with OpenAI or ChatGPT. Important reminder: a valid code signature does not mean software is safe. It only confirms that the file was signed by a certificate and has not been modified since signing. It does not establish that the software is legitimate or authorized by the brand it imitates. Additional Windows indicators: • App.exe SHA-256: D9AD44D43E57B870793FA5CF7FB3A813990D0CBD0C7087BDE70A5E61FB1F1FE6 • Unexpected Chromium/Electron profile: %APPDATA%\Satoshi • Additional reported path: %APPDATA%\LeronApplication • Reported Electron/Node capabilities: systeminformation, child_process, os, fs, zip-lib, Those modules indicate a capable execution environment: system discovery, file access, archive handling, process execution, and network communication. macOS chain: The macOS payload was delivered as: ChatGpt.dmg Reported SHA-256: 7E5B708F6659B1FAD3AAE7B589A706434FBF21708AEEC5AF5910189B96E25FEF Additional reported macOS hash: c0919e1999eaee67e67aeda0287722775afb04e9a9a0f727928b4d11265fb70b The macOS malware is reported as Odyssey Stealer, a fork of AMOS / Atomic Stealer. Reported macOS targeting includes: • Browser passwords • Browser cookies • Saved logins • macOS keychain data • Telegram sessions • Cryptocurrency wallet directories • Desktop/Documents files with sensitive wallet/key extensions • Ledger Live • Trezor Suite • Exodus • Electrum • Sparrow The most dangerous macOS behavior: Wallet replacement. The malware reportedly attempts to replace legitimate wallet-related applications with trojanized versions. That means a victim may later open what appears to be their normal wallet app, but actually launch an attacker-controlled version. That is not only credential theft. That is long-tail financial compromise. Infrastructure: Reported malicious domain: openew[.]app Reported infrastructure includes: 144[.]172[.]104[.]205 188[.]137[.]246[.]189 192[.]253[.]248[.]181 172[.]94[.]9[.]250 Infrastructure notes: • Recently registered domain • Namecheap / registrar-servers infrastructure reported • RouterHosting infrastructure reported • Passive DNS linked infrastructure to other suspicious or malicious domains • .app domains require HTTPS, so browsers show a padlock The padlock only means the connection is encrypted. It does not mean the site is legitimate. Detection opportunities for defenders: 1. Newly created executables launched from Downloads, Temp, or other user-writable paths 2. Trusted-brand filenames that do not match embedded metadata 3. Installer publisher mismatch: filename says ChatGPT, signer is unrelated 4. Electron apps spawning scripting engines: powershell.exe cmd.exe osascript bash sh zsh 5. PowerShell with: -ExecutionPolicy Unrestricted -Command - 6. Unexpected Chromium/Electron profile directories, such as: %APPDATA%\Satoshi %APPDATA%\LeronApplication or other anomalous Electron profile paths 7. app.asar archives containing large obfuscated JavaScript bundles 8. CAPTCHA or user-interaction gating before malicious behavior 9. Newly registered domains impersonating major software or AI vendors 10. Users installing software from ads instead of official vendor channels 11. Suspicious wallet-app replacement attempts on macOS 12. Post-install network traffic to low-cost VPS infrastructure 13. Legitimate AI sharing URLs that render fake support, outage, update, or installation pages 14. Download pages that show different content to scanners than to real browsers The key defensive point: Do not build detections only around hashes or static strings. This campaign reduces the value of static analysis through: • Obfuscation • Runtime string construction • CAPTCHA gating • Electron packaging • Conditional execution • Cloaking • Staged payload behavior • Shared-link abuse on trusted domains The better approach: • Behavioral detection • Process-tree monitoring • Parent-child process analysis • Script-engine execution monitoring • Browser/download source telemetry • Application control • Newly registered domain monitoring • Publisher and metadata validation • EDR detections for Electron-to-shell execution • Monitoring for AI-platform shared links used as delivery pages • User training focused on sponsored-result and fake-download risk For users: Only download ChatGPT from official OpenAI channels or the Microsoft Store. Do not install software from ads, mirror sites, download portals, unfamiliar domains, or fake support/outage pages. If you installed a “ChatGPT” app from an ad or unfamiliar page: Use a clean device and: • Sign out everywhere from important accounts • Change passwords, starting with primary email • Rotate API keys, SSH keys, cloud credentials, and tokens • Revoke active sessions for email, GitHub, cloud, Discord, Telegram, crypto exchanges, banking, and password managers • Move crypto funds from a clean device • Do not open Ledger/Trezor apps on a potentially infected Mac • Monitor financial accounts • Reinstall the OS • Notify IT/security immediately if it was a work device For AI vendors and platform owners: This is now part of the product security perimeter. Brand impersonation, malicious search ads, fake download pages, clone domains, and abuse of shared AI content are active distribution channels. Practical controls: • Make official download links easy to find • Monitor sponsored ads for brand abuse • Monitor newly registered lookalike domains • Detect abuse of shared-content features • Run takedowns quickly • Publish clear download guidance • Provide signed-installer verification guidance • Coordinate with search/ad platforms • Alert users when major impersonation campaigns are active Bottom line: Attackers are not just exploiting ChatGPT. They are exploiting the trust, urgency, and confusion around fast-moving AI adoption. Today it is ChatGPT. Yesterday it was another AI tool. Tomorrow it will be the next trending product. The malware can rotate. The domain can rotate. The payload can rotate. The brand can rotate. The infrastructure can rotate. The defensive mindset must rotate too: From: “Is this file known bad?” To: “Is this behavior legitimate for this software, this publisher, this user, this source, and this execution context?” That is the difference between signature-based reaction and modern detection engineering. Analysis draws on reporting from Malwarebytes Labs, Evalian SOC, Push Security, BleepingComputer, CybersecurityNews, and OpenAI documentation. #CyberSecurity #Malvertising #ThreatIntelligence

• 
  Mahdi Ezzeddine (@MahdiEzz_code) reported 7 minutes ago

  My domain has become too expensive I can't afford it (it wasn't that much when I bought it in 2023, it's getting expensive with each year) soo, I'm thinking of switching domains, and using cloudflare this time not namecheap but I'm gonna lose all my seo progress damn, idk what do you think guys?

• 
  WOLF ✨️ (@Bilal_abbasid) reported 10 minutes ago

  @Namecheap Reply to the ******* mails you pathetic customer support clowns

• 
  Mohit (@codewith55) reported 12 minutes ago

  Total monthly cost to run a startup: $20 - Claude = coding ($20/mo)💲 - Supabase = backend (Free)✅ - Vercel = deploying (Free)✅ - Namecheap = domain ($12/yr)💲 - Stripe = payments.(2.9%/transaction)💲 - GitHub = version control (Free)✅ - Resend = emails (Free)✅ - Clerk = auth (Free)✅ - Cloudflare = DNS (Free)✅ - PostHog = analytics (Free)✅ - Sentry = error tracking (Free)✅ - Upstash = Redis (Free)✅ - Pinecone = vector DB (Free)✅ There has never been a cheaper time to build

• 
  DomainHero (@mynamehack) reported 14 minutes ago

  @dynatodd @Namecheap @namecheapceo123 but don't know still they abuse to customer or investors community after VC takeover..

• 
  Ken 🧙 (@thekenndubisi) reported 15 minutes ago

  How to setup an online business doing $1k a day revenue in 30 days: Step 1: Register a business and get a biz bank account. If you’re in Canada, use Ownr. If you’re incorporating in the US, use LegalZoom or Bizee. Step 2: Setup a business email address with Namecheap, connect it to Gmail and sort out tax registration (GST/HST in Canada, EIN for the US) 3: Choose your niche, build your one person offer and price it for an easy yes. A rough example: “I help local gym owners get 10-20 new member leads using meta ads in 30 days or less for $500 a month” 4. Setup your ad account and launch your one-person ad. Rough example: “Attention Toronto gym owners, are your ads getting clicks but no members? Most gym ads fail because of xyz. I help gym owners get x qualified signups using this. Click to watch this 3 minute video showing how it works” 5. Send the traffic to a landing page with the VSL that has these 3 components: a headline mirroring the ad, a short video speaking about the problem, and a link to book a call. 6. Get on a call and ask these 4 questions: where’s your business right now? What have you tried so far? If we solved this like this, what would that look like for you? Here’s how we’ll solve this bottle neck….” and then present your offer. It’s not easy but it is simple; don’t over complicate it. Do this and get to $1k a day within 30 days. You want my help setting this up? Send a DM.

• 
  K S (@kj_kjato) reported 17 minutes ago

  @Namecheap Never once have you reached out to me properly to verify my claims you know how to find my contact information. I’ve already told you where it is not affiliated with that garbage. Please reach out and rectify the problem. I don’t want to call the police department again😡😡😡

• 
  nicolasexc (@nicolasexcc) reported 20 minutes ago

  I'm a Global Admin locked out of my M365 tenant due to MFA with no recovery methods. Error 500121. I own the domain (registered in Namecheap) and can verify via DNS. Need urgent help resetting MFA. @MicrosoftHelps

• 
  Garrett 🤠 (@garrett_makes) reported 23 minutes ago

  @levelsio When Cloudflare has had issues in the past did it impact domains? Always afraid to use them for the outages. I've had zero downtime from Namecheap and Hetzner in the last 2 years but Cloudflare has had multiple outages in that time.

• 
  𝕂𝕖𝕒𝕣𝕤𝕒𝕣𝕘𝕖⚓☔👾🇺🇸 (@USS_Kearsarge_) reported 24 minutes ago

  FYI I won't be able to talk on Matrix for a while, because namecheap seems to be down and doesn't want to update their DNS with my new ip address... I guess I will need to make a server on discord after all

• 
  Shant (@ShantDotMe) reported 25 minutes ago

  @Namecheap that security ticket is with bluehost, not you (thankfully). But 3.5hrs on chat to ID an IP is way too much. and that came after they reviewed the info I provided?? 🤯 I could easily rate this as the worse experience I had with your service!

• 
  Enjoyment Minister(SHINIGAMI🎮👩‍🚒) (@enjoymentmin) reported 28 minutes ago

  @dev_olayinka Im sure you had other cheaper options from the start. You know why you chose Namecheap. I will never use any other hosting server other than namecheap my bro.

• 
  Kappaemme (@Kappaemme1926) reported 33 minutes ago

  @pcshipp namecheap Their service is top notch, I had a problem and they solved it right away, they deserve my money @Namecheap

• 
  ∴ (@irucsbo) reported 37 minutes ago

  @Namecheap Why don't I got access to my funds for over 3 months? Why is @Namecheap support ignoring me?

• 
  John Kenn (@Sudoku1016705) reported 38 minutes ago

  @TTrimoreau Godaddy is better to buy domain, I never found pricing diff between namecheap and godaddy

• 
  John van Rijck (@John_ACW) reported 38 minutes ago

  Does @Namecheap pay their support team based on the amount of minutes they're in an active chat or what? Every support chat opens with: "Please allow me 10-12 minutes to check" Terrible support

• 
  مركز مهارات الإبداع للتدريب (@cstcksa) reported 40 minutes ago

  @Namecheap Warning to all website owners and businesses: Based on our experience, we strongly advise exercising caution before dealing with this hosting provider. We encountered significant difficulties related to account management, communication, and obtaining support regarding our hosting services. Our experience raised serious concerns about the company's practice of relying on third-party agents to manage hosting accounts, which may leave customers vulnerable to disputes, service interruptions, delays in account transfers, or unexpected financial demands. We encourage all customers to carefully review ownership rights, account access credentials, service agreements, and transfer procedures before purchasing hosting services through any intermediary or agent. We have documented our experience and reserve the right to pursue the matter through the appropriate regulatory and legal channels.

• 
  Spencer Heckathorn (@mrhobbeys) reported 45 minutes ago

  @BacLeodiv Everyone hates on Godaddy but I e been there 20 years and only had one major issue related to their migration in the early 2010s. Hundreds of domains and 40ish customers. No complaints. I also use the others. Namecheap is up and down on their support. Cloudflare I thought of as expensive. But honestly they all are now.

• 
  Panqueque AF (@panfuckingcakes) reported 45 minutes ago

  @JeremySCook @notdan @Namecheap Came here to say this. Never have to worry about domain suspension lol

• 
  Essam (@EssamOptNames) reported 48 minutes ago

  @Karakehayov Spaceship is the best, namecheap and Afternic are the worst.

• 
  Sean Coker (@okcoker) reported 51 minutes ago

  I later found out, you can no longer even register this TLD on the Namecheap website because they have sunsetted them according to customer "support" 3/

• 
  Tomodachi Life Updates (@TomoLifeUpdates) reported 57 minutes ago

  @Namecheap We'd appreciate it if your abuse team could take a look at tomodachilife[.]gg and tomoez[.]com (X has flagged both domains in posts already). We've received multiple reports from users who believed these sites were associated with an official web version/port of Nintendo's Tomodachi Life. The sites appear to be hosting a CAPTCHA scam disguised as an in-game Tomodachi Life menu, using Nintendo's branding and trademark in a way that may mislead users. A separate domain hosting the same scam, tomodachilife[.]cc, has already been taken down following reports. Could someone from your team review these domains and their operators or direct us to the appropriate reporting channel?

• 
  Bac Leo (@BacLeodiv) reported 59 minutes ago

  Which domain-based email service is best right now ? - Namecheap - GoDaddy - Google

• 
  🇬‌🇱‌🇦‌🇸‌🇰‌🇮‌🇩‌ (@GLAsk1d) reported 59 minutes ago

  @TheTrunkTales @Namecheap Not at my PC rn so I can't check, but those all resolved to a login portal? 😳