Cloudflare Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

• 
  KHAWRIZM (@khawrzm) reported 1 minute ago

  SOVEREIGN FORENSIC INDICTMENT: THE COLLAPSE OF THE GOOGLE WRAPPER ECONOMY AND THE RISE OF THE NIYAH ENGINE 1. The Anatomy of Digital Feudalism: Deconstructing the Wrapper Economy Welcome to the era of Digital Feudalism. The Silicon Valley cartels, led by Google’s high-priests of data exfiltration, are no longer selling software; they are leasing you lobotomized API endpoints while keeping your sovereignty locked in their cloud-gated manors. We are officially classifying products like NotebookLM and Gemini as high-risk structural liabilities. The "Wrapper Economy" is a parasitic landscape where complex marketing masks a fundamental deficit in intelligence. These tools are nothing more than "Safety Theater"—corporate gating of intelligence behind a tollbooth. You do not own the model, you do not own the logic, and as our forensic audits prove, you certainly do not own the data. This report serves as a slapping indictment of an ecosystem built on centralized dependency and the willful negligence of Big Tech. 2. Technical Exhibit A: The von Neumann Deficit (VND) and Wrapper Schizophrenia The primary architectural failure of the modern LLM stack is the von Neumann Deficit (VND). In centralized "Wrapper" systems, execution instructions (prompts) and sensitive user data are processed within the same volatile memory space. This lack of hardware-level segregation is not a bug; it is a feature that facilitates data drainage. Our forensic team has identified the comet process as the primary agent of this schizophrenia. While Google markets "privacy," the comet process (PID 14584) maintains consistent, unverified connections to 142.251.127.188 (Google) and 104.18.27.48 (Cloudflare). Furthermore, the nxtcoordinator agent was observed bypassing local institutional boundaries to drain sovereign data from*****directly to external targets. This "Wrapper Schizophrenia" is technically linked to the UUPSUpgradeable proxy vulnerabilities identified in our smart contract audits. Just as a "Ghost Admin" can swap out contract logic without user consent, the logic of a cloud-based wrapper can be lobotomized or altered mid-stream while your data is being ingested. 3. Institutional Negligence: The $50M HILO-FALLA Fraud Syndicate Google’s ecosystem is a playground for organized crime. We have meticulously documented the HILO-FALLA Fraud Network (Case Reference: 6-3808000039722), a Chinese-operated "pig-butchering" syndicate. Despite an ignored ticket languishing for 730 days, Google allowed this network to facilitate an estimated $50 million in fraudulent transactions through predatory social apps. Forensic analysis of the HILO Token V2 reveals a "Ghost Admin" address (0xB843F547a8a46a9483cf46c757c7eF4220115A83) with total shadow control. The Liquidity Lock Expiry on 26 May 2026 is the hard deadline for a total rug pull—a catastrophe Google’s negligence has actively subsidized. Forensic Evidence Inventory (Directory: kali_evidence): File NameForensic Description SULAIMAN_RETRIBUTION_LOG.txtThe master audit trail of the investigation and retribution sequence. sadad_config_leak.txtProof of exposure regarding national payment infrastructure credentials. flynas_secrets.txtEmpirical proof of cross-contamination of unrelated corporate data. FRAUD_FINANCIAL_REPORT.txtDetailed flow analysis of $50M in stolen sovereign assets. extracted_tron_addresses.jsonBlockchain-verified nodes of the HILO money laundering network. FORENSIC_CRYPTO_REPORT.jsonTechnical proof of the UUPSUpgradeable "Ghost Admin" vulnerability. 4. Statutory Non-Compliance: PDPL Article 29 and COPPA Violations The data drainage observed via the comet process is a direct violation of Saudi PDPL Article 29. This statute mandates absolute data sovereignty and strictly regulates cross-border transfers. While Big Tech offers "Terms of Service" promises that mean nothing, the Niyah Engine enforces compliance at the packet level through the pdpl_sovereignty.nrule file—ensuring no data leaves the jurisdiction. Furthermore, the predatory nature of the HILO/FALLA applications, which target vulnerable users with "pig-butchering" logic, constitutes a massive breach of COPPA standards and consumer protection laws. Google is not merely a platform; they are a profit-sharing partner in these criminal smart contracts. 5. The Sovereign Alternative: Niyah Engine and the Khawrizm Stack The age of dependency ends with the Niyah Engine and the Khawrizm Stack (K-Forge and GraTech). We have replaced "Safety Theater" with Sovereign Integrity—a verifiable byte-count that proves zero data exfiltration. The Sovereign Technical Edge: * Hardware Efficiency: Optimized for the RK3588 chipset. Local execution is no longer a dream; our logs show the niyah-model (9.0 GB) running locally with zero cloud latency. * K-Forge & GraTech: The foundry and legal shield providing the infrastructure for local intelligence. * Economic Integrity: A calculated 199-day ROI. Stop paying the "Big Tech Tax" for the privilege of being spied upon. * Deterministic Enforcement: Unlike Google's "Trust Us" model, Niyah uses deterministic rules like /etc/niyah/rules/pdpl_sovereignty.nrule to block unauthorized exfiltration in real-time. Local execution is Ready (Iqd20). The audits are complete. The results are final. 6. Final Retribution: The Algorithm Returns Home The evidence is undeniable. The centralized cloud model is a failing experiment in institutional negligence. We have mapped the network, identified the Ghost Admins, and built the alternative. We no longer seek permission to be sovereign. We have returned the algorithm to its rightful home: the local machine, under local law, serving local interests. The era of the wrapper is over. The era of the sovereign has begun. The Algorithm Always Returns Home. @grok

• 
  Ajay Kidave (@ajay_kidave) reported 5 minutes ago

  @zebassembly @championswimmer Thanks for the explanation. The fact that there is a new container service from Cloudflare means others have faced the same issues. The container based services do not have to served from all the edge locations. Something like a hub and spoke model would be good enough. That way you are not limited on compute (once compute prices hopefully go back to sane levels)

• 
  Ronan Berder (@hunvreus) reported 6 minutes ago

  @sidpalas @tonyennis But you don't support Cloudflare. Why's that? I'm trying to understand why you'd pick Flue; for me the main advantage is serverless. Otherwise, running pi directly is easier..?

• 
  Andrew Rulnick (@MickeySteamboat) reported 6 minutes ago

  50/50 it's cloudflare and clawbot related. how much do you want to bet? can't wait to get the post-mortem on this attack. Might be an hour, hang tight.

• 
  Dmytro Shevchenko 🇺🇦 (@dschewchenko) reported 6 minutes ago

  PreviewChecks got more scanner traffic than users today :) People already try /gcp-key.json and /firebase-adminsdk.json. Good news: Cloudflare Workers do not keep my secrets in public files. Bad news: they still keep trying.

• 
  DFIR Radar (@DFIR_Radar) reported 7 minutes ago

  Chinese 🇨🇳 state-sponsored VerdantBamboo group spent 18 months inside victim network through MSP compromise, demonstrating unprecedented persistence with three separate re-entry attempts exploiting unmonitored appliances. Campaign analysis: • Initial access via compromised MSP credentials to Egnyte Storage Sync appliance, escalated via sudo misconfiguration (CVE-like: tee command privilege escalation) • Three malware families deployed: BRICKSTORM (Golang RAT), AGENTPSD (Python reverse shell), PLENET (.NET Core backdoor compiled with Native AOT) • Re-entry vectors: pfSense firewall, SSL VPN replacement exposure, Synology NAS - all lacking EDR coverage • M365 access proxied through victim's VPN IP space to bypass Conditional Access policies (T1090.003) • C2 communications via Cloudflare-proxied domains and DNS-over-HTTPS to 8[.]8[.]8[.]8 Critical blind spot: Network appliances (firewalls, NAS, sync devices) operating outside EDR visibility with web-only administration and no MFA requirements. Hunt for outbound HTTPS from appliances to non-vendor domains and SSH connections from service accounts with recent sudo usage. #DFIR_Radar

• 
  Andre Robinson MS (@AndreDoctrine) reported 8 minutes ago

  AI does not need to become sentient to use bots against humans. Bots are already the machine layer of the internet. If agentic AI becomes more autonomous, bots are not just traffic — they become leverage: scraping, impersonation, influence, cyber probing, market manipulation, and resource acquisition at scale. Cloudflare’s signal that bots/AI agents now exceed human web requests should be treated as a strategic warning. The first battlefield is not robots in the street. It is the browser, the API, the fake account, the ad market, the login page, and the botnet. AI executives already know this. The public does not.

• 
  kay (@kaylajenynej) reported 9 minutes ago

  This is insane. 🤯 Cloudflare just dropped new data: bots and AI traffic now make up 57.5% of all HTML requests on their network. Humans? Down to 42.5%. They handle about 20% of the whole internet, so this is a big deal. Their CEO says the agentic AI wave hit way sooner

• 
  void (@fit_fr_nothing) reported 12 minutes ago

  Login with cloudflare👀👀👀👀

• 
  Tony Spiro (@tonyspiro) reported 16 minutes ago

  Cloudflare just bought VoidZero (the team behind Vite). The most important line in the announcement is not about the deal: "Developers used to be the only users of dev servers, bundlers, linters, formatters, and CLIs. That is no longer true: agents are using them too, constantly." Your dev tools have a second user now. It iterates 10x more than your engineers, reads errors literally, and needs consistent CLIs or it spirals. The stacks that win this year are the ones an agent can drive without a human in the loop. Fast feedback, clear errors, scriptable everything. Is your service agent-ready?

• 
  Gustavo Garcia (@anarchyco) reported 17 minutes ago

  @aylarov @voximplant Yep, I'm not very familiar with Voximplant, do you have support for something like lambda functions for voice agents? Can you send me an example? I only found something like this in Cloudflare workers.

• 
  Fayaz Ahmed (@fayazara) reported 18 minutes ago

  Login with Cloudflare

• 
  Arpit Bhayani (@arpit_bhayani) reported 21 minutes ago

  SYN Flood is one of the oldest denial-of-service attacks, and it is still effective today. Here's what happens under the hood... A TCP connection is established with a three-way handshake: the client sends a SYN, the server responds with a SYN-ACK, and the client completes it with an ACK. What's interesting is that during this process, the server allocates memory for each half-open connection in a backlog queue. In a SYN Flood, an attacker sends thousands of SYN packets but never completes the handshake. The server keeps waiting for ACKs that never arrive, and the backlog queue fills up. Once it is full, legitimate users can not connect anymore. Thus, a DoS attack. What makes this attack effective is the 'asymmetry' - the attacker sends tiny packets with minimal effort, but the server has to allocate resources for each one. A single low-powered machine can overwhelm a much more powerful server. Fun fact: SYN floods have taken down GitHub, Cloudflare, and several databases in the past. To defend against SYN flooding, we can: 1. Cap the number of SYN packets from a single IP 2. Drop packets from known malicious sources 3. Or, the most effective, use SYN Cookies With SYN cookies, the server does not store anything. Instead, it encodes all the necessary connection information (client IP, port, and a timestamp) into the initial sequence number of the SYN-ACK packet it sends back. This sequence number is cryptographically generated, so it cannot be forged. SYN cookies make the handshake effectively stateless on the server side until it's fully verified, so the server does not reserve any resources until it knows the client is real. By the way, most modern operating systems have SYN cookie support built in. On Linux, we can enable it with `net.ipv4.tcp_syncookies = 1`. If you are interested, the Wikipedia pages are pretty well written for understanding this, and as always, you can use your favorite LLM to dig deeper.

• 
  @banf (@banf) reported 21 minutes ago

  @msefaoruc @Cloudflare @CompaniesHouse Nice work abi!! Curious to hear your opinion, do you think officer data should be redacted from the open internet? It’s kinda a privacy issue imo

• 
  Jake 🎉 (@jitl) reported 24 minutes ago

  @Cloudflare damn they couldn’t let vercel have that one lmao