Website is using Cloudflare
List name | Description |
---|---|
/domains/*/cloudflare_?.txt | Split files (base domain) |
ex_cloudflare_users.md | Domains which used Cloudflare in the past, not anymore |
cloudflare_supporter.md | who is supporting, endorsing, loving, or defending Cloudflare |
List name | Description |
---|---|
cloudflare_CIDR_v4.txt | IPv4 CIDR owned by Cloudflare |
cloudflare_CIDR_v6.txt | IPv6 CIDR owned by Cloudflare |
cloudflare_range_v4.txt | IPv4 range owned by Cloudflare |
cloudflare_owned_ASN.txt | AS network owned by Cloudflare |
cloudflare_owned_NS.txt | Name Server owned by Cloudflare |
cloudflare_owned_domains.txt | Domains owned by Cloudflare |
cloudflare_owned_onions.txt | Tor .onions owned by Cloudflare |
cloudflare_members.md | Cloudflare employer, employee, ex-employee |
How to detect Cloudflare?
There are many ways to detect it:
emsisoft.com. 21599 IN NS bella.ns.cloudflare.com.
emsisoft.com. 21599 IN NS dom.ns.cloudflare.com.
Cloudflare Custom Name Server
bitcoinmagazine.com. 21599 IN NS btc.ns.bitcoinmagazine.com.
bitcoinmagazine.com. 21599 IN NS xbt.ns.bitcoinmagazine.com.
btc.ns.bitcoinmagazine.com. 899 IN A 162.159.8.190 --> 162.159.8.0/24 (CF)
xbt.ns.bitcoinmagazine.com. 899 IN A 162.159.9.117 --> 162.159.9.0/24 (CF)
dev.qubes-os.org. 299 IN A 104.18.228.122
ASN AS13335 Cloudflare, Inc.
Organization Cloudflare, Inc.
Route 104.18.224.0/20
IMPORTANT: Please add only "Base Domain"
if "community.example.com" is using Cloudflare
add "example.com"
if "www.example.co.uk" is using Cloudflare
add "example.co.uk"
if "example.net" is using Cloudflare
add "example.net"
... to cloudflare_e.txt
But the website X no longer using Cloudflare!
Are you sure? Remove it from /split/ list and add to "ex_cloudflare_users.md".
Website is NOT using Cloudflare
List name | Description |
---|---|
/ASN/?.txt | ASN |
/CIDR/?.txt | CIDR |
/NS/?.txt | NS |
CDN_Code
Z1 Amazon
Z2 Akamai
//Z3 Cloudflare
Z4 Imperva
Z5 Google
Z6 Microsoft
Z7 INAP & SingleHop
Z8 Sucuri
Z9 Fastly
Some websites combine other companies (e.g. Amazon AWS, Google Cloud, DDoS-GUARD) with the Cloudflare business model.
Website is rejecting Tor visitor
List name | Description |
---|---|
/domains/*/antitor_?.txt | Split files (FQDN) |
/misc/hostility.md | Does NOT block Tor access BUT Domain and Comment |
Imunify360 is not so intelligent because it is blocking real human.
Some famous mail subscription service and some ISP websites are displaying "Maintenance" page if you visit them over Tor.
How can you trust their sites if they are not treating everyone equally?
IMPORTANT: Please add full FQDN
if "community.example.com" is blocking Tor user
add "community.example.com"
if "www.example.co.uk" is blocking Tor user
add "www.example.co.uk"
if "example.net" is blocking Tor user
add "example.net"
... to antitor_e.txt
If your website is on this list, you better talk with your network administrator.
But my website X no longer blocking Tor users!
Are you sure? There are two ways to remove yourself. First option is just remove it from the list and create a pull request. Second option is wait 3 months. Our system will revisit your website as a Tor user.
If you're not blocking Tor users you will be removed automatically.
How to add your data
B or C will be enough. (or D if you really can't) Thank you for your contribution. You are doing a good job!
Type B: Push to git
text
file. (you don't have to edit JSON file)Type C: Just scan the FQDN
Your contribution will be pushed to git automatically.
curl -x socks5h://127.0.0.1:9050 -k --http2 -X POST -F 'f=www.emsisoft.com' (API URL)is_mitm.php
Type D: Create an Issue
Create an Issue (you can also contribute anonymously) and let us know about the change you want to make. You can add multiple URLs in one issue.
How to setup git
This procedure will give you a cloudflare-tor fork with a privacy-respecting configuration to do pushes with SSH over Tor using git.example
.
Below procedure is designed for Linux.
The first step covers Windows too, but these instructions probably
need more adaptations for Windows and other platforms.
aptitude install git tor ssh
PortableGit
from Github & run git-bash.exe
git.example
account (username "snowden" will be used for this example)$ ssh-keygen -t rsa -N '' -C 'snowden at git' -f "$HOME"/.ssh/id_rsa_mrsnowden
$HOME/.ssh/config
: host git.example
hostname git.example
ForwardX11 no
ProxyCommand connect -5 -S 127.0.0.1:9050 $(tor-resolve %h 127.0.0.1:9050) %p
host mrsnowden
IdentityFile /home/user/.ssh/id_rsa_mrsnowden
"$HOME"/.ssh/id_rsa_mrsnowden.pub
to clipboardfirefox https://git.example/deCloudflare/deCloudflare
$project_root
).git clone git@mrsnowden:you/cloudflare-tor.git
$project_root/cloudflare-tor/.git/config
to include the account name and email address that will be on every commit, as well as the URL:[user]
email = noreply@example.com
name = snowden
[remote "origin"]
url = git@mrsnowden:snowden/cloudflare-tor.git
fetch = +refs/heads/*:refs/remotes/origin/*
[remote "upstream"]
url = git@mrsnowden:deCloudflare/deCloudflare.git
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = origin
merge = refs/heads/master
$project_root
) $ git add . -u -n
$ git add . -u
git commit -m 'description of first change'
git push origin master
firefox https://git.example/deCloudflare/deCloudflare
Whenever git operates on the cloudflare-tor project, all connections
to git are automatically over Tor with this configuration
(because the url
in .git/config
references the virtual host
mrsnowden
in ~/.ssh/config
).
About Cloudflare base domain list
Our mission is clear - stay away from Cloudflare
.
If the subdomain.example.com
is cloudflared, we add example.com
to the database. (subdomain.example.com
is the sub-domain of example.com
. Only the owner
of example.com
can create sub-domain)
Even if whatever.example.com
is not behind cloudflare we will raise a warning, because the base domain example.com
is cloudflare user
.
The owner
of example.com
can enable Cloudflare to whatever.example.com
at any time without user's notice. It can be done from dash.cloudflare.com
webpage or hitting Cloudflare API
. The owner
is supporting Cloudflare
and this is severe security risk
.
Until the owner
completely stop using Cloudflare service for example.com
, we do not remove example.com
from the database.
There is no exception
.
"amazonpayments.com"
$ getweb --headonly https://pages.amazonpayments.com/robots.txt
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
alt-svc: h2="cflare******.onion:443"; ma=86400; persist=1
server: cloudflare
cf-ray: ***
If the owner
moved away from cloudflare
completely, you are welcome to add example.com
to the "ex_cloudflare_users.md" - after checking example.com
with online tool.
Only a few Cloudflare user leave Cloudflare. False positive is uncommon.