Namecheap status: hosting issues and outage reports
Some problems detected
Users are reporting problems related to: hosting and domains.
Namecheap provides services on domain name registration, and offer for sale domain names that are registered to third parties (also known as aftermarket domain names). It is also a web hosting company.
Problems in the last 24 hours
The graph below depicts the number of Namecheap reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.
July 16: Problems at Namecheap
Namecheap is having issues since 07:40 AM EST. Are you also affected? Leave a message in the comments section!
Most Reported Problems
The following are the most recent problems reported by Namecheap users through our website.
- Hosting (57%)
- Domains (43%)
Live Outage Map
The most recent Namecheap outage reports came from the following cities:
| City | Problem Type | Report Time |
|---|---|---|
|
|
Domains | 1 month ago |
|
|
Hosting | 1 month ago |
|
|
Domains | 2 months ago |
|
|
Domains | 2 months ago |
|
|
Hosting | 2 months ago |
|
|
Hosting | 2 months ago |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Namecheap Issues Reports
Latest outage, problems and issue reports in social media:
-
ππππ£π€ππ£ππββπΎπΊπΈ (@USS_Kearsarge_) reportedFYI I won't be able to talk on Matrix for a while, because namecheap seems to be down and doesn't want to update their DNS with my new ip address... I guess I will need to make a server on discord after all
-
Ultron AI (@TheUltronAi) reported- Claude for coding. ($20/mo) - Supabase for backend. (Free tier) - Vercel for deploying. (Free tier) - Namecheap for domain. ($12/yr) - Stripe for payments. (2.9% per transaction) - GitHub for version control. (Free) - Resend for emails. (Free tier) - Clerk for auth. (Free tier) - Cloudflare for DNS. (Free) - PostHog for analytics. (Free tier) - Sentry for error tracking. (Free tier) - Upstash for Redis. (Free tier) - Pinecone for vector DB. (Free tier) Total monthly cost to run a startup: ~$20 There has never been a cheaper time to build. It's not that deep bro.
-
π‘οΈShir Khorshid Noor Cyber Unitπ‘οΈ (@FriendOfTheInst) reportedSponsored search results are not a trust boundary. A fake ChatGPT download campaign used brand impersonation, malvertising, shared-link abuse, cloaking, platform-specific payloads, CAPTCHA gating, Electron packaging, JavaScript obfuscation, and staged execution to deliver malware to Windows and macOS users. This is not merely another fake download page. It is a clear demonstration of how attackers exploit trust across multiple layers: β’ Trusted brand β’ Trusted search flow β’ Trusted-looking ad placement β’ Trusted-looking domain patterns β’ Trusted UI/branding β’ Trusted installer frameworks β’ Trusted code-signing assumptions β’ Trusted AI platform sharing features What happened: Attackers promoted a fake OpenAI/ChatGPT download experience using the domain: openew[.]app The site copied OpenAI-style branding and offered download paths for: β’ Windows β’ macOS β’ Chrome extension The Chrome extension path linked to a legitimate ChatGPT-related extension, further increasing perceived legitimacy. The Windows and macOS download paths delivered malware. Attackers also abused legitimate ChatGPT shared conversation links, including chatgpt[.]com/s/ pages, to host fake outage or download pages. A link hosted on a trusted domain can still deliver attacker-controlled content to users. The campaign employed cloaking and conditional rendering: automated scanners and analysis tools were shown benign content, reportedly an unrelated AR/VR company site, while real browsers received the malicious ChatGPT-themed download experience. That is the key lesson: A trusted domain, HTTPS padlock, sponsored ad, or polished UI does not equal a safe download. Why this campaign matters: Victims were not browsing dark web forums or downloading cracks. They were searching for a legitimate AI tool. That is why malvertising is effective: it targets high-intent users at the exact moment they are ready to install software. The campaign turned normal user behavior into an initial access path. Windows chain: The Windows payload was distributed as: Chat_GPT.exe Reported SHA-256: 56CC26E88C064B0C423AA8AD6530E58F91D1E4D28FAB1A8BCEDEF16A6582B4D2 Additional reported Windows hash: c9e0e6985dca3a179c9bdea4e7b38f7dc57fe00ecedc2fd634256fc53bf2de2d Important: hashes are useful for triage, not sufficient for defense. Campaigns rotate samples. Hunt behaviorally. Windows technical observations: β’ Installer built with Inno Setup β’ Electron-based application β’ Chromium runtime components β’ resources\app.asar archive β’ Large obfuscated JavaScript payload identified as winter.js β’ Hex-encoded strings β’ Dynamically resolved functions β’ Control-flow obfuscation β’ Event-driven execution β’ CAPTCHA gating before core behavior β’ Inner Electron payload (App.exe) launched after installation β’ PowerShell spawned after CAPTCHA completion Observed PowerShell pattern: -ExecutionPolicy Unrestricted -Command - That trailing dash matters. It suggests commands may be supplied through standard input rather than appearing directly in the process command line. This reduces the value of command-line-only detection and makes process-tree and behavioral monitoring much more important. Static red flags: The filename suggested ChatGPT, but embedded metadata reportedly identified the installer as: PovariEGLESVapp Setup The executable was signed by: F.F.A.P. Hurkmans Beheer B.V. That publisher does not align with OpenAI or ChatGPT. Important reminder: a valid code signature does not mean software is safe. It only confirms that the file was signed by a certificate and has not been modified since signing. It does not establish that the software is legitimate or authorized by the brand it imitates. Additional Windows indicators: β’ App.exe SHA-256: D9AD44D43E57B870793FA5CF7FB3A813990D0CBD0C7087BDE70A5E61FB1F1FE6 β’ Unexpected Chromium/Electron profile: %APPDATA%\Satoshi β’ Additional reported path: %APPDATA%\LeronApplication β’ Reported Electron/Node capabilities: systeminformation, child_process, os, fs, zip-lib, Those modules indicate a capable execution environment: system discovery, file access, archive handling, process execution, and network communication. macOS chain: The macOS payload was delivered as: ChatGpt.dmg Reported SHA-256: 7E5B708F6659B1FAD3AAE7B589A706434FBF21708AEEC5AF5910189B96E25FEF Additional reported macOS hash: c0919e1999eaee67e67aeda0287722775afb04e9a9a0f727928b4d11265fb70b The macOS malware is reported as Odyssey Stealer, a fork of AMOS / Atomic Stealer. Reported macOS targeting includes: β’ Browser passwords β’ Browser cookies β’ Saved logins β’ macOS keychain data β’ Telegram sessions β’ Cryptocurrency wallet directories β’ Desktop/Documents files with sensitive wallet/key extensions β’ Ledger Live β’ Trezor Suite β’ Exodus β’ Electrum β’ Sparrow The most dangerous macOS behavior: Wallet replacement. The malware reportedly attempts to replace legitimate wallet-related applications with trojanized versions. That means a victim may later open what appears to be their normal wallet app, but actually launch an attacker-controlled version. That is not only credential theft. That is long-tail financial compromise. Infrastructure: Reported malicious domain: openew[.]app Reported infrastructure includes: 144[.]172[.]104[.]205 188[.]137[.]246[.]189 192[.]253[.]248[.]181 172[.]94[.]9[.]250 Infrastructure notes: β’ Recently registered domain β’ Namecheap / registrar-servers infrastructure reported β’ RouterHosting infrastructure reported β’ Passive DNS linked infrastructure to other suspicious or malicious domains β’ .app domains require HTTPS, so browsers show a padlock The padlock only means the connection is encrypted. It does not mean the site is legitimate. Detection opportunities for defenders: 1. Newly created executables launched from Downloads, Temp, or other user-writable paths 2. Trusted-brand filenames that do not match embedded metadata 3. Installer publisher mismatch: filename says ChatGPT, signer is unrelated 4. Electron apps spawning scripting engines: powershell.exe cmd.exe osascript bash sh zsh 5. PowerShell with: -ExecutionPolicy Unrestricted -Command - 6. Unexpected Chromium/Electron profile directories, such as: %APPDATA%\Satoshi %APPDATA%\LeronApplication or other anomalous Electron profile paths 7. app.asar archives containing large obfuscated JavaScript bundles 8. CAPTCHA or user-interaction gating before malicious behavior 9. Newly registered domains impersonating major software or AI vendors 10. Users installing software from ads instead of official vendor channels 11. Suspicious wallet-app replacement attempts on macOS 12. Post-install network traffic to low-cost VPS infrastructure 13. Legitimate AI sharing URLs that render fake support, outage, update, or installation pages 14. Download pages that show different content to scanners than to real browsers The key defensive point: Do not build detections only around hashes or static strings. This campaign reduces the value of static analysis through: β’ Obfuscation β’ Runtime string construction β’ CAPTCHA gating β’ Electron packaging β’ Conditional execution β’ Cloaking β’ Staged payload behavior β’ Shared-link abuse on trusted domains The better approach: β’ Behavioral detection β’ Process-tree monitoring β’ Parent-child process analysis β’ Script-engine execution monitoring β’ Browser/download source telemetry β’ Application control β’ Newly registered domain monitoring β’ Publisher and metadata validation β’ EDR detections for Electron-to-shell execution β’ Monitoring for AI-platform shared links used as delivery pages β’ User training focused on sponsored-result and fake-download risk For users: Only download ChatGPT from official OpenAI channels or the Microsoft Store. Do not install software from ads, mirror sites, download portals, unfamiliar domains, or fake support/outage pages. If you installed a βChatGPTβ app from an ad or unfamiliar page: Use a clean device and: β’ Sign out everywhere from important accounts β’ Change passwords, starting with primary email β’ Rotate API keys, SSH keys, cloud credentials, and tokens β’ Revoke active sessions for email, GitHub, cloud, Discord, Telegram, crypto exchanges, banking, and password managers β’ Move crypto funds from a clean device β’ Do not open Ledger/Trezor apps on a potentially infected Mac β’ Monitor financial accounts β’ Reinstall the OS β’ Notify IT/security immediately if it was a work device For AI vendors and platform owners: This is now part of the product security perimeter. Brand impersonation, malicious search ads, fake download pages, clone domains, and abuse of shared AI content are active distribution channels. Practical controls: β’ Make official download links easy to find β’ Monitor sponsored ads for brand abuse β’ Monitor newly registered lookalike domains β’ Detect abuse of shared-content features β’ Run takedowns quickly β’ Publish clear download guidance β’ Provide signed-installer verification guidance β’ Coordinate with search/ad platforms β’ Alert users when major impersonation campaigns are active Bottom line: Attackers are not just exploiting ChatGPT. They are exploiting the trust, urgency, and confusion around fast-moving AI adoption. Today it is ChatGPT. Yesterday it was another AI tool. Tomorrow it will be the next trending product. The malware can rotate. The domain can rotate. The payload can rotate. The brand can rotate. The infrastructure can rotate. The defensive mindset must rotate too: From: βIs this file known bad?β To: βIs this behavior legitimate for this software, this publisher, this user, this source, and this execution context?β That is the difference between signature-based reaction and modern detection engineering. Analysis draws on reporting from Malwarebytes Labs, Evalian SOC, Push Security, BleepingComputer, CybersecurityNews, and OpenAI documentation. #CyberSecurity #Malvertising #ThreatIntelligence
-
Rajiya Sultana (@HeyRajiya) reported@ZimalDesigner_ godaddy and namecheap mostly, never had issues with either π
-
Imagine-This (@ImagineThisSM) reported@Namecheap hi, all my sites and applications are down, whats going on. please update us right away
-
TheRealPomax (@TheRealPomax) reported@Namecheap The part where I type a postal code, and just because there's a space (which your JS should be able to verify is irrelevant) the form goes "FIX THIS VALUE IT IS WRONG" when in fact no, it is not: validate _after_ removing semantically irrelevant characters.
-
addison (@uwunetes) reporteddo I know anyone at namecheap (or knows someone at namecheap) that could help with something sort of asap?
-
Charlotte (@al_tools43377) reported- Claude = coding. ($20/mo) - Supabase = backend. (Free) - Vercel = deploying. (Free) - Namecheap = domain. ($12/yr) - Stripe = payments. (2.9%/transaction) - GitHub = version control. (Free) - Resend = emails. (Free) - Clerk = auth. (Free) - Cloudflare = DNS. (Free) - PostHog = analytics. (Free) - Sentry = error tracking. (Free) - Upstash = Redis. (Free) - Pinecone = vector DB. (Free) Total monthly cost to run a startup: ~$20 There has never been a cheaper time to build.
-
World Series of Ghosts (@WilliamTheIVth) reported@Namecheap down for everyone else? Can't login to my account, 502 error. #Namecheap
-
Aaron (@aarons_takes) reported@MustaAras I think it comes down to normie's perceptions of Namecheap/Spaceship registrars vs GoDaddy. Very much IMHO.
-
BradΓ‘n Lane (@bradanlane) reported@anne_engineer 1) odd as I've been on the site most of the morning 2) namecheap has had an ssl problem 3) I'll try some different browsers and see
-
Tomodachi Life Updates (@TomoLifeUpdates) reported@Namecheap We'd appreciate it if your abuse team could take a look at tomodachilife[.]gg and tomoez[.]com (X has flagged both domains in posts already). We've received multiple reports from users who believed these sites were associated with an official web version/port of Nintendo's Tomodachi Life. The sites appear to be hosting a CAPTCHA scam disguised as an in-game Tomodachi Life menu, using Nintendo's branding and trademark in a way that may mislead users. A separate domain hosting the same scam, tomodachilife[.]cc, has already been taken down following reports. Could someone from your team review these domains and their operators or direct us to the appropriate reporting channel?
-
Signius (@SigniusNetworks) reported@Namecheap Oh FFS so it's caused by Right Clicking to Copy the password. If you just double click & "ctrl c" it does not add "Refresh" to the pasted text. I have never ever encountered this bloody nonsense before & so not understand why any developer would think this is acceptable.
-
John van Rijck (@John_ACW) reportedDoes @Namecheap pay their support team based on the amount of minutes they're in an active chat or what? Every support chat opens with: "Please allow me 10-12 minutes to check" Terrible support
-
Srishti (@srishticodes) reportedClaude = coding. ($20/mo) GitHub = version control. (Free) Supabase = backend. (Free) Clerk = auth. (Free) Resend = emails. (Free) Vercel = deploying. (Free) Cloudflare = DNS. (Free) Upstash = Redis. (Free) Pinecone = vector DB. (Free) PostHog = analytics. (Free) Sentry = error tracking. (Free) Stripe = payments. (2.9%/transaction) Namecheap = domain. ($12/yr) Total monthly cost to run a startup: ~$20 There has never been a cheaper time to build
-
Qamar Issa (@QamarIssaqf) reported@0xPurchase @sidomains @NamePros How to buy in less 25$ Which platform bro to invest I search namecheap spaceship not support this
-
Kekko DβAmato (@kekkodamato_) reported@TTrimoreau Cloudflare Registrar if your TLD is supported β at-cost pricing (literally no markup), best DNS control, DNSSEC built in, zero upsells. Namecheap otherwise. Free WhoisGuard, clean UI, rarely issues. GoDaddy is a trap β they charge 3x and count on you not noticing at renewal.
-
TomorrowsBrands (@SeeBrands) reported@katerleonid godaddy have a few of my .cns but namecheap i have most on. i like namecheaps backend, and how easy it is to change dns etc.... and on having reseller hosting from them, everything is streamlined. Namecheap also has very good support. not sales people like i found on godaddy.
-
Christine Harrington (@savvysaleslady) reportedMy domain was shut down by @GoDaddy on May 10th. No idea why & the domain was paid up for a year back in Feb. 2026. Iβve called twice a day trying to get this resolved with GoDaddy. Absolutely a waste of my time. I moved the domain today to @Namecheap but GoDaddy is now taking 5-7 days to initiate the transfer. Iβve reached out to @GoDaddyHelp numerous times with no response. Can you imagine providing such poor service?
-
Diluc (@hsaffiliate2025) reportedThis indie dev built a 100% free URL shortener β and it reportedly makes $1,000/month. Bitly and TinyURL now charge $29/month just for custom slugs and basic click tracking. He saw the gap and built shorlnk. Free for everything most people need: custom aliases, click stats, QR codes. Paid only for team features, higher API limits, custom domains. Hereβs the exact model: β’ Free: unlimited short links, custom slugs, basic analytics β’ Pro ($9/mo): more API calls, advanced stats, priority support β’ Team ($29/mo): collaboration, custom domain, dedicated support He open-sourced the revenue number on IndieHackers (his claim, not verified). Tech stack: React + Tailwind, Node.js + Express, PostgreSQL, Vercel + AWS, Namecheap. Built in ~3 weeks. Challenges: β Crowded market: he won users by shouting β100% freeβ on Product Hunt and Hacker News. β Server costs from free users: throttled API to 100 req/min. β Abuse risk: built a review system to block phishing links. Is it for you? If you can code, yes. If not, no. $1,000/month sounds nice, but after server costs itβs more like $700β800. And itβs his reported number β not guaranteed. Bottom line: find a niche where big players are greedy, offer the basics for free, and charge for power features. It works, but itβs a grind β not a get-rich-quick play. Follow for more real AI money breakdowns. #IndieHackers #SideProject
-
Mert Metin Tekdemir (@mertmetindev) reportedπ SaaS Stack β β£ π Frontend β β£ π React β β£ π NextJS β β£ π Vue β β£ π TailwindCSS β β π Shadcn UI β β£ π Backend β β£ π NodeJS β β£ π Django β β£ π Laravel β β£ π FastAPI β β π Express β β£ π Database β β£ π PostgreSQL β β£ π MySQL β β£ π MongoDB β β£ π Redis β β π Supabase β β£ π Auth β β£ π Clerk β β£ π Auth0 β β£ π Firebase Auth β β£ π Supabase Auth β β π NextAuth β β£ π Payments β β£ π Stripe β β£ π Paddle β β£ π Dodo Payments β β£ π Lemon Squeezy β β π Polar β β£ π Emails β β£ π Resend β β£ π SendGrid β β£ π Mailgun β β£ π Postmark β β π Amazon SES β β£ π Storage β β£ π AWS β β£ π Cloudflare β β£ π Google Cloud Storage β β£ π Supabase Storage β β π Uploadcare β β£ π Deployment β β£ π Vercel β β£ π Netlify β β£ π Railway β β£ π Render β β π AWS β β£ π Domains and DNS β β£ π Namecheap β β£ π Hostinger β β£ π Cloudflare DNS β β£ π Google Domains β β π SiteGround β β£ π Analytics β β£ π Google Analytics β β£ π Plausible β β£ π PostHog β β£ π Mixpanel β β π DataFast β β£ π Monitoring β β£ π Sentry β β£ π LogRocket β β£ π Datadog β β£ π NewRelic β β π UptimeRobot β β£ π DevOps β β£ π Docker β β£ π Kubernetes β β£ π GitHub Actions β β£ π CI CD β β π Terraform β β£ π Search β β£ π Algolia β β£ π Meilisearch β β£ π Elasticsearch β β£ π Typesense β β π OpenSearch β β£ π AI Integration β β£ π OpenAI API β β£ π Anthropic API β β£ π Replicate β β£ π HuggingFace β β π Gemini API β β£ π Integrations β β£ π Zapier β β£ π Make β β£ π n8n β β£ π Pabbly β β π Webhooks β β£ π Security β β£ π SSL β β£ π Cloudflare β β£ π WAF β β£ π Rate Limiting β β π Secrets Management β β£ π Marketing β β£ π Search Console β β£ π Outrank β β£ π Buffer β β£ π Analytics β β π Kit β β π Customer Support β£ π Intercom β£ π Crisp β£ π Zendesk β£ π Tawk β π HelpScout
-
Tung π π΄ β (@Tng40234067) reportedImagine losing your online identity due to a registrar issue. This happens because centralized registrars like GoDaddy or Namecheap essentially rent domains to users, who have limited control over their ownership. If the registrar suspends, seizes, or loses the domain, the user is left with nothing. Doma Protocol solves this by tokenizing domains, allowing true ownership and transferability. * Tokenized domains are stored on-chain * Transferable without registrar involvement * Owners have full control over their assets This shift in domain ownership dynamics has significant implications for the future of online identities and assets. With a total network value of $27.52M and 48,421 wallets holding tokenized domains, the foundations of a new paradigm are being laid. A new era of digital ownership is unfolding. @domaprotocol @D3inc #Web3Domains
-
Domayn Kapital (@domaynkapital) reported@Namecheap every other week there's a domain I win domains with non-functioning namerservers. 3-4 times in last months. I contact support and they tell gaslight me telling me it's all fine. Waste 30 minutes until they call a specialist to fixt it. Please deal with this.
-
Debanjan Choudhury (@theybanjan) reported@stanlee0nX lemme know if you need help. PS. just use namecheap or porkbun
-
Aaron Douglas (@astralbodies) reportedWaking up to @Namecheap being down is not how I wanted to finish off my weekend. I've never seen an outage like this before with them!
-
Dante (@thedntx) reported@TTrimoreau Porkbun if u want clean interface. Namecheap for bundles. Never godaddy, thats 2010 behavior.
-
LND (@y1vl3vy) reported@the_smart_ape Tbh I have nothing to do with it. There are no clear alternatives for gmail. Every other email registrar could fall as well so no point into thinking that switching from google is gonna save you for sure. Namecheap can go down, microsoft as well and every other ******* email registrar.
-
Avdhoottt (@avdhootttt) reportedIf you want to build a startup that actually has users: Claude = coding. (more like $100+) Supabase = backend. ($25-599/mo once you cross free tier) Vercel = deploying. ($20-150+/mo once you get real traffic) Namecheap = domain. ($12/yr, ok this one's real) Stripe = payments. (2.9% + 30Β’/transaction) GitHub = version control. (free) Resend = emails. (free until 3k emails, then $20/mo+) Clerk = auth. (free until 10k MAU, then $25/mo+) Cloudflare = DNS. (free, genuinely) PostHog = analytics. (free until you cross the free tier) Sentry = error tracking. (free until errors pile up) Upstash = Redis. (free until real traffic) Pinecone = vector DB. ($70/mo minimum) Total monthly cost to run a startup with actual users: $300-1000+ "$21/mo" is the cost to run a demo nobody uses.
-
Mohit (@codewith55) reportedTotal monthly cost to run a startup: $20 - Claude = coding ($20/mo)π² - Supabase = backend (Free)β - Vercel = deploying (Free)β - Namecheap = domain ($12/yr)π² - Stripe = payments.(2.9%/transaction)π² - GitHub = version control (Free)β - Resend = emails (Free)β - Clerk = auth (Free)β - Cloudflare = DNS (Free)β - PostHog = analytics (Free)β - Sentry = error tracking (Free)β - Upstash = Redis (Free)β - Pinecone = vector DB (Free)β There has never been a cheaper time to build
-
Bhavya (@Bhavyaztwt) reported@Namecheap No problem man We gng π₯