1. Home
  2. Companies
  3. Cloudflare
  4. Outage Map
Cloudflare

Cloudflare Outage Map

The map below depicts the most recent cities worldwide where Cloudflare users have reported problems and outages. If you are having an issue with Cloudflare, make sure to submit a report below

Loading map, please wait...

The heatmap above shows where the most recent user-submitted and social media reports are geographically clustered. The density of these reports is depicted by the color scale as shown below.

Cloudflare users affected:

Less
More
Check Current Status

Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

Most Affected Locations

Outage reports and issues in the past 15 days originated from:

Location Reports
Paris, Île-de-France 2
New York City, NY 1
Manchester, England 1
Angers, Pays de la Loire 1
London, England 1
Noida, UP 2
Jewar, UP 1
Braga, Braga 1
Prievidza, Nitriansky 1
Farmers Branch, TX 1
Helsinki, Uusimaa 1
Crisfield, MD 1
Nanaimo, BC 1
Check Current Status

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

  • DFIR_Radar
    DFIR Radar (@DFIR_Radar) reported

    ClickLock Stealer hits macOS with a ClickFix lure and an 83-hour kill loop that makes the machine unusable until the victim hands over their password, with zero detections on VirusTotal at first upload. - Initial access follows the ClickFix playbook: victim pastes a Terminal command from a compromised page (T1204.002). An orchestrator hides the cursor, plays a fake Cloudflare animation, and pulls four modules from two compromised WordPress sites while the victim watches. - The four modules cover the full stealer stack: a Keychain module queries macOS for Chrome's Safe Storage AES key to decrypt cookies and passwords offline; a credential module serves a fake AppleScript password dialog that validates input against the local directory service so only correct passwords exfiltrate; a crypto module iterates 30+ wallet extensions including MetaMask and Phantom via LevelDB; and GSocket provides a persistent reverse shell disguised as an iCloud process. - If the victim cancels the dialog, two LaunchAgents are installed for persistence (T1543.001), and a kill loop hammers Finder, Dock, browsers, Terminal, and Activity Monitor for up to 83 hours. A parallel loop kills NotificationCenter for six hours to suppress Gatekeeper alerts. Exfiltration runs over three Telegram bots with no traditional C2. - Modules forge timestamps and self-delete. Only the GSocket backdoor remains on disk. #DFIR_Radar

  • brucewok88
    大黑郭 (@brucewok88) reported

    I spent hours trying to fix a Cloudflare Worker routing and caching issue with Claude Code and kept going in circles. I switched to GPT-5.6 Sol in Codex, and it found the root cause, updated the right code, and got everything working in minutes. Fast, simple, and impressive.

  • threepointone
    sunil pai (@threepointone) reported

    lol I hear people on bsky are trying to cancel cloudflare for sponsoring localfirstconf?

  • NotUnHackable
    Aaryan Bansal (@NotUnHackable) reported

    @cloudflare @CloudflareDev just fix the env variables being so hard and for no reason keeps failing silently in the background in the workers page. this is actually really annoying

  • Andrii38324276
    Andrii (@Andrii38324276) reported

    @eastdakota @Cloudflare Great PR move to look breezy about it publicly, but genuinely curious: does Cloudflare actually see a measurable customer bump every time a competitor loses an engineer to a rival, or is this more vibes than data at this point?

  • DFIR_Radar
    DFIR Radar (@DFIR_Radar) reported

    Kratos PhaaS is a maturing Microsoft 365 credential-theft platform active since Sept 2025, with 1,484 previously unattributed sandbox sessions now linked to the family across 20+ countries. - Kratos runs three page generations (V0, V1, V2), each with distinct exfiltration endpoints: V0 POSTs to /PTT/SOft/mini.php, V1 to next.php/nex.php/n3xt.php, V2 to save.php. The kit chains legitimate platforms (SharePoint, Canva, DocuSign lures) through Cloudflare Turnstile anti-bot checks before serving a fake Microsoft 365 login. Browser tab title is nearly always "Authentication" and an animated envelope with "Loading in progress..." precedes the credential form. - The single best hunting fingerprint: HTTP requests to both /assets/img/barr.svg and /assets/img/lg.svg in the same session. That pair yields 90% recall with near-zero false positives. Key hashes: lg.svg = cd231b895bbcd7154b81df1e065bf02f1ec667b920c8b6d23308cd509833b5ea, styles.css = c447e75f1029ed7a5882add16bcd13ad44be3bd47c93c830ff39185e23d25ebb (connects 636 tasks across V1 and V2). - Notable defanged IOCs: razen[.]online, enerdizerandtron[.]de, jumpast[.]es, abal[.]my, dufllot[.]sbs, trisrnareprjdocz[.]com; operator IP 41.128.0[.]142. URL tokens factura, dgt, and abogados signal Spanish-language affiliates. - If WebSocket activity appears alongside credential POST, treat it as a possible AiTM indicator. #DFIR_Radar

  • The_red_gamer0
    The_red_gamer (@The_red_gamer0) reported

    @ProtonVPN Cloudflare Warp does the job of hiding that without slowing internet down, and they only keep important logs for 24 hours before they get deleted unlike ISPs who keep them for years

  • talk2sunder
    Sunder (@talk2sunder) reported

    Our Teams bot went silent. Zero errors. Zero logs. Azure said healthy, Cloudflare said healthy, our servers said healthy. Slack worked fine. Same bot, same endpoint. Gave it to Claude (Fable 5). It pointed the bot's endpoint at a plain webhook listener. Microsoft's messages showed up instantly. So Teams WAS sending — something about our edge was unreachable. One openssl probe later: our CDN required TLS 1.3, and Microsoft's Teams delivery fleet still speaks TLS 1.2. No logs because of handshake failire. Fable 5 rocks.

  • RyanHernalsteen
    Ryan Hernalsteen (@RyanHernalsteen) reported

    3/ The test I set myself: take the stack my personal site already runs on (Astro + Cloudflare Pages) and stretch it into something it was never meant to be. No game framework. No auth provider. No new hosting bill. I expected to hit a wall. I didn't.

  • mick__net
    Mick.net - Maker: Document.Bot 🤖 BestTime.app 🎉 (@mick__net) reported

    @sumukx I like 5.6 but same here in terms of OCD chasing targets. I asked to use a cloudflare tunnel. After 1h still OCD retrying i asked why it took so long and what it is blocking it. Then it replied i need you to run ‘cloudflare login’ in the terminal for auth. I think 5.5 would have asked directly instead of trying really hard with 100’s of unsuccessful work arounds.

  • onlyawassie
    OnlyAWassie (@onlyawassie) reported

    @ztrader369 Legal Problems with robinhood copyrights the got reported to cloudflare and cloudflare disabled everything

  • mfts0
    Marc Seitz — oss/acc (@mfts0) reported

    @jarekceborski @LocalCanApp I remember you use Cloudflare under the hood for the published urls. So generate the localcan domains locally so it’s accessible from same network. Optionally make it publishable so outside of network clients can access. That part is Cloudflare? Does it restrict you in any way like certain headers or cookies or storage cannot be sent on these domains?

  • broisnees
    broisnees (@broisnees) reported

    Hey @Cloudflare we support d1!

  • Zatkobrat
    Zatkobratko (@Zatkobrat) reported

    Bizarre is perhaps not the word I used since it's only been a day. I do not agree with them disabling it and fixing vamp is perhaps not good. Since the first dever can be an idiot, but apperantly they got attacks on their site on cloudflare. So it seems that they are right now not only fixing vamp, but also their website and transferring it to another decentralized hosting server. Might take a few more days tbh

  • staysaasy
    staysaasy (@staysaasy) reported

    I'd recently been meaning to build something end-to-end to feel where AI acceleration helps. So I built something that I personally wanted for a while, which is a chrome extension to block existing sites until you solve a math, brainteaser, or quick coding problem. The overall thinking is that site blockers are too annoying and get uninstalled. More importantly, I've been getting increasingly freaked out that AI + social media means that we're getting pincered between attention-crushing feeds on one side and mental laziness from AI on the other. So if the brakes on the dopamine actually force my brain to work, I'm kinda solving both problems. Since we also like to talk about AI development, I'll add a few things I learned from this exercise: Coding a very compact site and JS package is *extremely* fast, but getting it to something workable takes much, much longer. Claude Code basically one-shotted an initial working version of the project. It's cliche at this point but I thought that I was 90% done in the first 30 minutes, and I was probably actually only 5% finished with something I was happy with. But I really see why (somewhat foolish, often non-technical) people are constantly crowing about how magical it is that they one-shotted some app, because even I was pretty confident that I was nearly done after that first half hour. Overall, the code still got written probably 10x faster than if I'd coded it all by hand. And keep in mind that this is an extremely compact project. But even with that said, the coding agents did a pretty poor job of structuring the code and I had to fix a bunch of it by hand and/or with very targeted prompts. GPT via Cursor was better than Claude at this, fwiw. AI is extremely good at coming up with tiny incremental features ("it'd be great to have a setting for timeouts, I'll add that") and makes totally dumb macro product decisions, you can really feel how alien and inhuman the intelligence is at times. Especially for a project like this that has to do with human psychology. It also picks weird color schemes; I ended up picking all of this outrun-inspired color palette myself. AI is incredibly valuable at compensating for your weaknesses. I put the landing page for this extension behind Cloudflare and had some DNS/hosting issues, an area where I'm not an expert. Claude solved them all in about 10 minutes. 3 years ago, I would have been googling like an idiot for hours. AI is not much help at all for much of the work related to making a project presentable. Site copy, making a teaser video, taking nice screenshots... if you use AI your copy immediately looks like horrific AI slop, and actually generating even moderately nice assets still requires care. Dealing with the Chrome store's annoyances still requires human willpower. Overall, I really see why we're *not* seeing an explosion of new products despite the impressive power of AI to write code. There's just so much else to do to get even a tiny project presentable that I'm not surprised to see that despite the very real productivity boost, so few people actually follow through that any increase is basically a rounding error. Thanks for reading all of this. I'll put a link to the project in a comment as well.

Check Current Status