12 KiB

List Instructions

Website is using Cloudflare

List name Description
/domains/cloudflare_?.txt Split files (base domain) Domains which used Cloudflare in the past, not anymore who is supporting, endorsing, loving, or defending Cloudflare
List name Description
cloudflare_CIDR_v4.txt IPv4 CIDR owned by Cloudflare
cloudflare_CIDR_v6.txt IPv6 CIDR owned by Cloudflare
cloudflare_range_v4.txt IPv4 range owned by Cloudflare
cloudflare_owned_ASN.txt AS network owned by Cloudflare
cloudflare_owned_NS.txt Name Server owned by Cloudflare
cloudflare_owned_domains.txt Domains owned by Cloudflare
cloudflare_owned_onions.txt Tor .onions owned by Cloudflare Cloudflare employer, employee, ex-employee

How to detect Cloudflare?

There are many ways to detect it:		21599	IN	NS		21599	IN	NS

Cloudflare Custom Name Server	21599	IN	NS	21599	IN	NS 899	IN	A --> (CF) 899	IN	A --> (CF)	299	IN	A

ASN AS13335 Cloudflare, Inc.
Organization Cloudflare, Inc.
IMPORTANT: Please add only "Base Domain"

    if "" is using Cloudflare
        add ""

    if "" is using Cloudflare
        add ""

    if "" is using Cloudflare
        add ""

... to /split/cloudflare_e.txt

But the website X no longer using Cloudflare!

Are you sure? Remove it from /split/ list and add to "".

Website is NOT using Cloudflare

List name Description
/ASN/?.txt ASN
/CIDR/?.txt CIDR
/NS/?.txt NS

Z1 Amazon
Z2 Akamai
//Z3 Cloudflare
Z4 Imperva
Z5 Google
Z6 Microsoft
Z7 INAP & SingleHop
Z8 Sucuri
Z9 Fastly

  • Above is how Siteground-hosted (INAP;Singlehop) sites often appear to Tor visitors when timeouts/tarpitting doesn't occur.

Some websites combine other companies (e.g. Amazon AWS, Google Cloud, DDoS-GUARD) with the Cloudflare business model.

Website is rejecting Tor visitor

List name Description
Block Tor access (FQDN)
/misc/ Does NOT block Tor access Domain and Comment

  • Some news websites are lying to Tor users. You can read their website if you are not using Tor nor VPN. If you visit their website over Tor, they just say "Sorry, article not found".

  • Imunify360 is not so intelligent because it is blocking real human.

  • Some famous mail subscription service and some ISP websites are displaying "Maintenance" page if you visit them over Tor.

How can you trust their sites if they are not treating everyone equally?

About "Anti-Tor FQDN list" (attd*.txt)
   ---> denied/bullied Tor visitor.

   ---> subdomain of is denied Tor user.
   * unique hostname will be masked as "?" for privacy reason
   ---> base domain denied/harassed/challenged human who're using Tor.

If your website is on this list, you better talk with your network administrator.

But my website X no longer blocking Tor users!

Are you sure? There are two ways to remove yourself. First option is just remove it from the list and create a pull request. Second option is wait 1 year. Our system will revisit your website as a Tor user.

If you're not blocking Tor users, you will be removed automatically.

  • If your website is using Cloudflare
    • There's a higher chance that we receive rejection webpage from Cloudflare. Do not use cloudflare.

How to add your data

A, B, or C will be enough. (or D if you really can't) Thank you for your contribution. You are doing a good job!

Type A: Use Online Editor

Type B: Push to git

  1. Log in to this website's Git.
  2. Click "Fork" button. (top-left corner)
  3. Edit text file. (you don't have to edit JSON file)
  4. Create a new pull request.

Type C: Just scan the FQDN

Your contribution will be pushed to git automatically.

  • Cloudflare
    • Easiest way: Use CfDomains report tool.
    • Or: Scan FQDN on "Query Database" webpage.
    • Or: Use "MITM test" API.
      • e.g. curl -x socks5h:// -k --http2 -X POST -F '' (API URL)is_mitm.php
  • Anti-TOR
    • Use "Is it blocking Tor?" API.
      • e.g. curl -x socks5h:// -k --http2 -X POST -F '' (API URL)is_antitor.php

Type D: Create an Issue

Create an Issue and let us know about the change you want to make. You can contribute anonymously.

How to setup git

This procedure will give you a cloudflare-tor fork with a privacy-respecting configuration to do pushes with SSH over Tor using git.example. Below procedure is designed for Linux. The first step covers Windows too, but these instructions probably need more adaptations for Windows and other platforms.

  • Linux: aptitude install git tor ssh
  • Windows: Download PortableGit from Github & run git-bash.exe
  1. Install Git, SSH(Not Windows), and Tor (if you haven't already)
  2. Create a git.example account (username "snowden" will be used for this example)
  3. Create an SSH key pair $ ssh-keygen -t rsa -N '' -C 'snowden at git' -f "$HOME"/.ssh/id_rsa_mrsnowden
  4. Edit $HOME/.ssh/config:
    host git.example
         hostname     git.example
         ForwardX11   no
         ProxyCommand connect -4 -S $(tor-resolve %h %p
    host mrsnowden
         IdentityFile /home/user/.ssh/id_rsa_mrsnowden
  1. copy "$HOME"/.ssh/ to clipboard
  2. git.example > settings > SSH/GPG Keys > add key (paste from clipboard)
  3. $ firefox https://git.example/deCloudflare/deCloudflare
  4. fork it (top right corner)
  5. go to the directory you want the project to be rooted in (hereafter we'll call it $project_root).
  6. anonymously download your fork: $ git clone git@mrsnowden:you/cloudflare-tor.git
  7. edit $project_root/cloudflare-tor/.git/config to include the account name and email address that will be on every commit, as well as the URL:
        email =
        name = snowden
[remote "origin"]
        url = git@mrsnowden:snowden/cloudflare-tor.git
     	fetch = +refs/heads/*:refs/remotes/origin/*
[remote "upstream"]
        url = git@mrsnowden:deCloudflare/deCloudflare.git
     	fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
	remote = origin
	merge = refs/heads/master
  1. make your first change
  2. (from $project_root) $ git add . -u -n
  3. check that the files listed are what you changed and intend to push upstream
  4. if yes: $ git add . -u
  5. $ git commit -m 'description of first change'
  6. $ git push origin master
  7. $ firefox https://git.example/deCloudflare/deCloudflare
  8. make a new pull request


Whenever git operates on the cloudflare-tor project, all connections to git are automatically over Tor with this configuration (because the url in .git/config references the virtual host mrsnowden in ~/.ssh/config).

About Cloudflare base domain list

Our mission is clear - stay away from Cloudflare.

If the is cloudflared, we add to the database. ( is the sub-domain of Only the owner of can create sub-domain)

Even if is not behind cloudflare we will raise a warning, because the base domain is cloudflare user.

The owner of can enable Cloudflare to at any time without user's notice. It can be done from webpage or hitting Cloudflare API. The owner is supporting Cloudflare and this is severe security risk.

Until the owner completely stop using Cloudflare service for, we do not remove from the database.

There is no exception.


$ getweb --headonly

cf-cache-status: HIT
expect-ct: max-age=604800, report-uri=""
alt-svc: h2="cflare******.onion:443"; ma=86400; persist=1
server: cloudflare
cf-ray: ***

If the owner moved away from cloudflare completely, you are welcome to add to the "" - after checking with online tool.

Only a few Cloudflare user leave Cloudflare. False positive is uncommon.