Cloudflare Outage Map
The map below depicts the most recent cities worldwide where Cloudflare users have reported problems and outages. If you are having an issue with Cloudflare, make sure to submit a report below
The heatmap above shows where the most recent user-submitted and social media reports are geographically clustered. The density of these reports is depicted by the color scale as shown below.
Cloudflare users affected:
Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.
Most Affected Locations
Outage reports and issues in the past 15 days originated from:
| Location | Reports |
|---|---|
| Paris, Île-de-France | 2 |
| New York City, NY | 1 |
| Manchester, England | 1 |
| Angers, Pays de la Loire | 1 |
| London, England | 1 |
| Noida, UP | 2 |
| Jewar, UP | 1 |
| Braga, Braga | 1 |
| Prievidza, Nitriansky | 1 |
| Farmers Branch, TX | 1 |
| Helsinki, Uusimaa | 1 |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Cloudflare Issues Reports
Latest outage, problems and issue reports in social media:
-
Salina Mendoza (@inababi) reportedThen I discovered svelte because I wanted to figure out how to deploy my own whitelabeled product for website creation. Went down the journey of exploring railway then finding Cloudflare where I can deploy myself. I wanted to do it myself. I always want to know the why and how.
-
Eduardo (@martiano) reported@AjaySohmshetty @Cloudflare @andrewk17 Is that real or similar/related to the AWS issue?
-
luna (@ImLunaHey) reported@mynameistito @Cloudflare that doesnt really help with client side only apps though.
-
Anicet (@AniC_dev) reportedlmao I just changed the logic for the snapshot restore on sandbox resume/fork, now most of our slow cases are 30x faster! so the bottleneck became the network ...and I've just benchmarked that if we ditch cloudflare and use Hetzner Object Storage it's 2x faster & 2.2x cheaper
-
TSAIBEE (@tsaibee15) reportedThank you for using CHUNILIB. Cloudflare is currently experiencing service issues, which may cause some features of the website to be temporarily unavailable. We apologize for the inconvenience. #chunilib
-
轩源 (@4xy) reported@Cloudflare our production D1 database has been down for over an hour due to this incident. Dashboard returns 500 and Workers return D1_ERROR: internal error. Any ETA? Thanks.
-
Æ-Xx-05 (@chaimbellinsky) reportedStopping the bad guys with Cloudflare: 1,286 malicious requests blocked or challenged in the last month #Cloudflare
-
Turner Novak 🍌🧢 (@TurnerNovak) reportedNew @ThePeelPod with @itstonyhb - the hidden layer of AI infrastructure - why evals today are "batshit insane" - building @inngest's own cloud to get 20x lower cost - growing 35x YoY after AWS and Cloudflare copied them, and - building a company without a personal brand Timestamps: 0:00 The hidden infra layer every AI agent runs on 1:46 Building complex chains of logic 3:31 Why agent SDK's don't go far enough 4:49 Healthcare was the original event-driven nightmare 6:32 Storing traces on your infrastructure enables self-improving loops 14:26 Why Inngest was already in the right place for AI 15:49 Score agents off product events, not LLM's 17:31 The OpenAI copy-paste signal 21:24 Swap in LLMs and cut costs 23:44 How customers pulled the product forward 25:41 Orchestration belongs outside the sandbox 29:48 Building a neocloud to cut costs 20x 32:09 Most neoclouds just resell AWS 32:54 AI infrastructure is all converging 34:49 Why Claude can't just build your backend 36:44 How to build a software factory 39:12 Agents are a lottery you get addicted to 42:44 Loops must always exist 45:38 If models keep getting better, why orchestrate? 48:28 When incumbents steal your features 52:30 You can't vibe code infrastructure 55:54 Why Tony has no personal brand 59:38 Dev tools GTM without Twitter 1:03:20 Lessons from the founder of DuckDuckGo 1:10:39 Truth as a company value 1:13:08 Taking too long adapting to AI 1:15:10 Startups are 100% R&D 1:17:19 Ali from Databricks 1:19:03 Writing his own code, Voice-to-text with local models 1:23:53 Evals are batshit insane
-
SecureChap (@SecureChap) reportedA Mac user pastes one Terminal command after a fake Cloudflare CAPTCHA. The script blocks Ctrl-C with a trap and runs a fake 10-second progress bar while it pulls down payloads. Then comes a password dialog. Cancel it, and two LaunchAgents start firing. They kill Finder, Dock, Spotlight, Terminal, Activity Monitor, browsers and NotificationCenter in 210-millisecond bursts. One loop runs up to roughly 83 hours. The second fires every 0.2 seconds for as long as 3,000,000 seconds. NotificationCenter stays dead for six hours to hide Gatekeeper alerts. A background process then queries Keychain for Chrome's Safe Storage AES key. That surfaces a genuine macOS password prompt. The user must answer it to regain usability. The same credential decrypts Login Data and Cookies offline. The stealer pulls from eight browsers, 31 wallet extensions and six blockchain networks, then ships it out through Telegram bots. The goyim implant stays behind as SystemUIServerl, one character off the real process. It uses GSocket relays to gsnc[.]eu:67. Everything else self-deletes and forges timestamps. Group-IB tracked it across 100-plus targets in 33 countries, over half in Europe, since May 2026. No CVE. No exploit. Uploaded to VirusTotal on 9 June 2026 with zero detections. The victim types the password only because the machine has become unusable, and the prompt they finally accept is real.
-
Maximilian Alexander (@signalgaining) reportedI have this 4090 RTX computer at home; to get to serve a website I need tailscale, cloudflare, then podman, then ngrok or ugh... I just want to cli deploy a website and toggle it with a URL to share with friends without a billion signin and manage tokens.
-
The_red_gamer (@The_red_gamer0) reported@ProtonVPN Cloudflare Warp does the job of hiding that without slowing internet down, and they only keep important logs for 24 hours before they get deleted unlike ISPs who keep them for years
-
DFIR Radar (@DFIR_Radar) reportedClickLock Stealer hits macOS with a ClickFix lure and an 83-hour kill loop that makes the machine unusable until the victim hands over their password, with zero detections on VirusTotal at first upload. - Initial access follows the ClickFix playbook: victim pastes a Terminal command from a compromised page (T1204.002). An orchestrator hides the cursor, plays a fake Cloudflare animation, and pulls four modules from two compromised WordPress sites while the victim watches. - The four modules cover the full stealer stack: a Keychain module queries macOS for Chrome's Safe Storage AES key to decrypt cookies and passwords offline; a credential module serves a fake AppleScript password dialog that validates input against the local directory service so only correct passwords exfiltrate; a crypto module iterates 30+ wallet extensions including MetaMask and Phantom via LevelDB; and GSocket provides a persistent reverse shell disguised as an iCloud process. - If the victim cancels the dialog, two LaunchAgents are installed for persistence (T1543.001), and a kill loop hammers Finder, Dock, browsers, Terminal, and Activity Monitor for up to 83 hours. A parallel loop kills NotificationCenter for six hours to suppress Gatekeeper alerts. Exfiltration runs over three Telegram bots with no traditional C2. - Modules forge timestamps and self-delete. Only the GSocket backdoor remains on disk. #DFIR_Radar
-
Soroush Dalili (@irsdl) reported@infosec_au Did you guys try to see if any models can figure out the full exploit? I wonder what the best way is for the future especially for Friday releases to give everyone a better chance to patch. Maybe vendors should patch them in a ***** way but probably not a good solution. I am thinking less obvious release notes and no social network chatter would definitely help until a week after the patch perhaps. I know reporters deserve publicity and you guys kept the exploit private, but even lower end ai models can figure the exploits out using notes and what's out there in social network. I am thankful though that you put detection techniques out there so companies like cloudflare can block the paths straight away.
-
C4 (@UncleCharles_) reported@PilotObi Unless the API service is integrated with its own firewall. From the initial diagram I would have assumed for example, Cloudflare firewall, then AWS gateway
-
Carlos Alberto (@carlosadcaraujo) reported@CherryJimbo @Cloudflare @CloudflareDev That would be good. The problem is each page gives a different reading for the same metric and sometimes wildly different.