CD
Cloudflare Developers3mo ago
Sneaky

Cloudflare support case waiting since 27th of july 2025

Hey, So I have had a cf support case open regarding one of my multiple domains I have with cloudflare and have been waiting multiple days for a reply. I have actually had the ticket open since 27th of july and got a generic oh follow the docs response from a support rep when we are requesting to have one of our DNS Zones either reset or removed entirely as this can only be done via contacting support we are powerless and in the hands of cloudflare. Problem is we cannot do anything ourselves otherwise we would. the ticket is mainly about getting random cloudflare IP addresses when visiting one of our domains. it does not affect the other domains on the account. Even though our security policies and the way its all setup is similar as we understand the task at hand and have worked with cloudflares systems over the last multiple years. It's a unique error we have came across and we believe it to be cloudflare at fault for this issue. It seems to be a broken cloudflare configuration somewhere which is why we have opt'd to just fully remove the ZONE for the domain in question and to start from scratch. However we cannot do this ourselves since the domain is registered through cloudflare and would mean us DELETING the actual domain itself which would open it up to be registered by anyone. We do not want this. We only want the ZONE to be reset not delete the domain. However cloudflare's ai helper suggests that the only way to resolve this is by opening a ticket and having the support team at cloudflare resolve the problem by resetting the entire domain in question themselves. The whole point of this is because of security I am guessing, but again we cannot do this ourselves otherwise we would. This is now day 4 of waiting and not getting anywhere and is drastically slowing down progress with our development as we cannot proceed without this being resolved. We cannot do anything until cloudflare resolves this problem. How should I proceed? What should I do? any and all feedback on this would be great. Thank you for reading ❤️ Case Number: 01669798
3 Replies
Sneaky
SneakyOP3mo ago
The main issue is regarding this.. 
157.254.xxx.xxx - - [28/Jul/2025:11:12:47 +0100] "GET /login HTTP/2" 200 8562 "https://dash.sneakyhub.com/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0"

157.254.xxx.xxx - - [28/Jul/2025:11:12:50 +0100] "GET /storage/favicon.ico HTTP/2" 200 7184 "https://dash.sneakyhub.com/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0"

2a06:98c0:3600::103 - - [28/Jul/2025:11:12:51 +0100] "GET /login HTTP/2" 200 8563 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0"

2a06:98c0:3600::103 - - [28/Jul/2025:11:12:57 +0100] "GET /login HTTP/2" 200 8563 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0"

 

This log is from when I visit the website after clearing my cache. I got the Managed Challenge as usual and passed it. As you can see, it sends the correct visitor IP of 157.254.xxx.xxx. I then refresh my browser and the next request comes from 2a06:98c0:3600::103. I then refresh again and the next request comes from 2a06:98c0:3600::103. From here I can keep refreshing and it shows 2a06:98c0:3600::103. My PC and browser have ipv6 disabled.
157.254.xxx.xxx - - [28/Jul/2025:11:12:47 +0100] "GET /login HTTP/2" 200 8562 "https://dash.sneakyhub.com/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0"

157.254.xxx.xxx - - [28/Jul/2025:11:12:50 +0100] "GET /storage/favicon.ico HTTP/2" 200 7184 "https://dash.sneakyhub.com/login" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0"

2a06:98c0:3600::103 - - [28/Jul/2025:11:12:51 +0100] "GET /login HTTP/2" 200 8563 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0"

2a06:98c0:3600::103 - - [28/Jul/2025:11:12:57 +0100] "GET /login HTTP/2" 200 8563 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0"

 

This log is from when I visit the website after clearing my cache. I got the Managed Challenge as usual and passed it. As you can see, it sends the correct visitor IP of 157.254.xxx.xxx. I then refresh my browser and the next request comes from 2a06:98c0:3600::103. I then refresh again and the next request comes from 2a06:98c0:3600::103. From here I can keep refreshing and it shows 2a06:98c0:3600::103. My PC and browser have ipv6 disabled.
The entire problem is listed in detail in a cloudflare ticket/case. Been waiting multiple days for a response. I tried to delete the zone via an API request and it fails. 
curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID \
  -X DELETE \
  -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
  -H "X-Auth-Key: $CLOUDFLARE_API_KEY"
curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID \
  -X DELETE \
  -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
  -H "X-Auth-Key: $CLOUDFLARE_API_KEY"
The api errors out by saying 
{"success":false,"errors":[{"code":1315,"message":"Zones using Cloudflare Registrar can't be deleted"}],"messages":[],"result":null}
{"success":false,"errors":[{"code":1315,"message":"Zones using Cloudflare Registrar can't be deleted"}],"messages":[],"result":null}
I asked the ai and searched the web and it says I can't do this as the support team @ cloudflare needs to step in so the ai helper that cloudflare has told me to open a case. https://community.cloudflare.com/t/regarding-an-issue-with-cf-zone/822736 I have posted more information about this on the community website for cloudflare https://community.cloudflare.com/t/regarding-an-issue-with-cf-zone/822736/
username#0000
username#00003mo ago
157.254.0.0/16 is Vantiva USA, whoever that is. 2a06:98c0:3000::/36 is Cloudflare. Is it possible that you are seeing ipv4 requests coming to you direct, and ipv6 via cloudflare?
Sneaky
SneakyOP3mo ago
So the actual problem was because the account is so old and the domain is also fairly old.. we had cloudflare apps that were discontinued interacting with our websites. that got renamed and hidden from our scope. We had no access to it but we are able to block it from doing its thing via rules in cloudflare. This resolves the problem.

Did you find this page helpful?