ChatGPT "Unusual / Suspicious Activity Detected" — Unlock Path

It's almost always your egress IP, not your account. Switch network, wait for the cool-down, re-login. Full diagnosis below.

TL;DR (the fix that works ~80% of the time): turn off your VPN, switch your phone to mobile data (4G/5G), open the ChatGPT app or chatgpt.com in a fresh tab, wait if it’s still blocked, and try again in 30 minutes. Do not reset your password or contact support first — neither fixes an IP-level block, and rapid retries extend it.

As of June 2026 the exact wording you see is usually one of:

  • Unusual activity has been detected from your device. Try again later.
  • Suspicious activity has been detected.
  • A separate Cloudflare page: Sorry, you have been blocked (“the action you just performed triggered the security solution”).

All three are the same underlying mechanism. The message almost never means “your account has a problem.” It means the IP this request came from scored above OpenAI’s risk threshold. That score is computed by Cloudflare plus OpenAI’s anti-abuse system from signals like: is the IP in a datacenter range, did the account just log in from many places, are there bursty request patterns in the last 24 hours, sudden country jumps, and so on.

Once you understand that, the correct response is switch network + wait for cool-down — not repeatedly retrying, changing passwords, or contacting support, none of which fix the problem and some of which pull the account itself into the risk review.

Which error are you actually seeing?

What’s on screenWhat it meansFirst move
Unusual activity has been detected from your deviceYour egress IP / fingerprint scored too highSwitch network (Step 2)
Suspicious activity has been detectedSame as above; older wordingSwitch network (Step 2)
Sorry, you have been blocked (Cloudflare page)Cloudflare WAF blocked the request — usually VPN/datacenter IPDrop the VPN, switch IP (Step 2)
Please unblock challenges.cloudflare.com to proceedUsually a Cloudflare-wide incident, not youCheck status, wait (see FAQ)
Normal login page loads, then replies errorCould be account-sideJump to Step 5

Symptoms

  • “Unusual / Suspicious activity” banner blocks login
  • You can sign in but every reply errors
  • Worked before, broke right after a VPN node switch
  • Sudden 503 / disconnects after a period of use
  • Password reset and cookie clear don’t help

Quick verdict

It’s almost always egress IP reputation, not the account. Process: switch network → wait for cool-down → re-login.

Common causes

In rough order of frequency:

1. Egress IP is on OpenAI’s risk list

High-risk IP sources:

  • Datacenter IPs: AWS / GCP / Alibaba egress — OpenAI rejects these by default
  • Heavily abused VPN exits: free VPNs, shared proxies, residential VPNs shared by many accounts
  • Some country IPs: regions OpenAI does not serve, or that carry a high abuse rate
  • Tor exit nodes: effectively always trigger it

How to verify: visit browserleaks.com/ip and check the IP type. A Hosting, VPN, or Proxy label means high risk; ISP / residential is what you want.

2. Rapid country jumps in a short window

OpenAI sees the account in the US, then Japan five minutes later, then Germany ten minutes after that — a classic botnet / stolen-account signature. It auto-locks.

How to verify: have you been switching VPN nodes a lot recently?

3. Concurrent multi-device / multi-browser logins

One account signed into five devices, each on a different IP range — past the threshold. Shared Team/Business seats are the worst offenders.

How to verify: is the account shared, or signed in on many devices?

4. Burst request volume

More common with API users: 50 requests inside 100 ms trips the anti-abuse system. Web users hit it too — repeatedly mashing the regenerate button.

How to verify: have you been scripting calls or clicking retry rapidly?

5. Anomalous browser fingerprint

Headless browsers (Puppeteer / Selenium), heavily modified user-agent strings, JavaScript disabled, or third-party ChatGPT desktop clients hitting unofficial endpoints — all make the fingerprint “not look human.” Privacy extensions that block challenges.cloudflare.com cause the Cloudflare variant specifically.

How to verify: try regular Chrome / Safari or the official ChatGPT app with extensions off.

Shortest path to fix

Ordered “least painful first” — none of these steps deepens the lock:

Step 1: 30-second test of IP vs account

Don’t re-login yet. Open an incognito/private window to chatgpt.com:

  • Same “unusual/suspicious” message → it’s the IP (go to Step 2)
  • Login page loads normally → it’s likely the account (jump to Step 5)

Step 2: Switch to a clean IP

Ranked cleanest to riskiest:

RecommendedNetwork
BestMobile 4G / 5G (carrier IPs, rarely flagged)
GoodHome broadband (residential ISP)
GoodPaid stable VPN (dedicated US-East / US-West exit)
MarginalOffice wired (depends on whether the office IP has been abused)
AvoidFree VPN
AvoidDatacenter IPs
AvoidShared proxies

Fastest test: turn off WiFi on your phone, switch to mobile data, open the ChatGPT app. If it loads, the IP was the problem.

Step 3: Wait 30–60 minutes

Safety holds have a cool-down. Within 30 minutes of the first error, do not keep retrying — each failure extends the hold. Wait at least 30 minutes, try once, and if it’s still locked wait another 30. Resist the urge to refresh.

Step 4: Clear cookies + use a mainstream browser

If the fingerprint is flagged:

  1. DevTools (F12) → Application → Storage → Clear site data (clears cookies for chatgpt.com)
  2. Quit any third-party ChatGPT clients
  3. Use native Chrome / Safari / Edge or the official ChatGPT app
  4. Disable all browser extensions (especially ad/script blockers that may block challenges.cloudflare.com)

Step 5: Account-side checks

If a clean network still doesn’t fix it:

  1. Go to chatgpt.com, click Log in → Forgot password?, and run the reset flow. If the reset email arrives, the account itself isn’t banned. (The old chat.openai.com host now redirects to chatgpt.com, so use the new one.)
  2. Check the registered email for OpenAI messages (verification prompts, security warnings, a real “we noticed a new login” notice).
  3. Re-enroll 2FA from scratch if you have it on.

Step 6: Contact support (last resort)

Only after you’ve confirmed the IP is clean, the account can receive email, and 24+ hours have passed: open the chat widget at the bottom-right of help.openai.com, start a new chat, and type “talk to a person” to reach a human agent. That widget is the channel that actually files an account ticket as of June 2026 — there is no support phone line, and there is no help@openai.com mailbox (general mail goes to support@openai.com, but the widget routes faster). Have this ready:

Persistent "Unusual activity" block on [your account email]

I've been unable to access ChatGPT for 24+ hours from a clean
residential network. Steps taken:
- Verified IP type via browserleaks.com/ip (residential ISP, not VPN)
- Tested incognito + 4 different browsers
- Cleared site data, restarted devices
- Password reset email arrived successfully (confirms account is intact)

Account email: [email]
Approximate time of first lockout (UTC): [time]

How to confirm it’s fixed

You’re genuinely clear (not just temporarily lucky) when all of these hold:

  1. You can log in and send 3–4 messages with no error, on the same network you’ll keep using
  2. browserleaks.com/ip shows your active IP as ISP/residential, not Hosting/VPN/Proxy
  3. A page refresh and a fresh incognito session both load without the banner

If it only works on mobile data but breaks back on your VPN, the VPN exit is the culprit — keep it off for ChatGPT or move to a dedicated residential exit.

When this is not on you

A residential IP that was fine yesterday can turn risky overnight if other tenants on the same shared VPN abused it, or if a Cloudflare-wide incident is in progress. That isn’t “your fault,” but you still have to switch networks or wait it out — OpenAI won’t unblock a specific shared IP on request.

Prevention

  • Pick one stable, paid VPN exit and use it long-term — don’t node-hop
  • Don’t let the VPN client auto-rotate IPs while ChatGPT is in use
  • Avoid free / shared proxies for AI tools — they get polluted fast
  • For teams, give each person their own seat — don’t share one login across many devices
  • For API scripts, add rate limiting (at least 1 second between requests, and respect 429 back-off headers)
  • Don’t drive the web app with headless browsers or unofficial desktop clients

FAQ

Is my account banned? Almost certainly not. If the password-reset email arrives (Step 5), the account is intact — a true ban blocks the reset flow and usually comes with an explicit email from OpenAI. The “unusual activity” page is an IP/risk gate, not an account suspension.

Why does it only happen on my VPN? Most VPN exits are datacenter or heavily shared IPs, exactly the ranges OpenAI’s anti-abuse system distrusts. Switch to mobile data or a dedicated residential exit. A “premium” VPN doesn’t help if hundreds of users share the same exit IP.

I see “Sorry, you have been blocked” instead — same thing? That’s the Cloudflare WAF page rather than OpenAI’s own banner, but the cure is the same: drop the VPN/proxy, clear cookies, disable extensions that block challenges.cloudflare.com, and retry from a clean residential IP.

How long does the cool-down last? Typically minutes to an hour for a first trip; longer if you kept retrying. Waiting 30–60 minutes without hammering the page is the reliable reset. There’s no button to clear it faster.

Will changing my password fix it? No. A password change does nothing for an IP-level block and, if done repeatedly, can itself look suspicious. Only reset the password to prove the account is alive (Step 5), not as a fix.

Is ChatGPT just down for everyone right now? Possible. If you also see Please unblock challenges.cloudflare.com to proceed, it’s likely a Cloudflare-wide incident. Check status.openai.com and cloudflarestatus.com before troubleshooting your own setup.

Tags: #ChatGPT #Debug #Troubleshooting