TL;DR (the fix that works ~80% of the time): turn off your VPN, switch your phone to mobile data (4G/5G), open the ChatGPT app or chatgpt.com in a fresh tab, wait if it’s still blocked, and try again in 30 minutes. Do not reset your password or contact support first — neither fixes an IP-level block, and rapid retries extend it.
As of June 2026 the exact wording you see is usually one of:
Unusual activity has been detected from your device. Try again later.Suspicious activity has been detected.- A separate Cloudflare page:
Sorry, you have been blocked(“the action you just performed triggered the security solution”).
All three are the same underlying mechanism. The message almost never means “your account has a problem.” It means the IP this request came from scored above OpenAI’s risk threshold. That score is computed by Cloudflare plus OpenAI’s anti-abuse system from signals like: is the IP in a datacenter range, did the account just log in from many places, are there bursty request patterns in the last 24 hours, sudden country jumps, and so on.
Once you understand that, the correct response is switch network + wait for cool-down — not repeatedly retrying, changing passwords, or contacting support, none of which fix the problem and some of which pull the account itself into the risk review.
Which error are you actually seeing?
| What’s on screen | What it means | First move |
|---|---|---|
Unusual activity has been detected from your device | Your egress IP / fingerprint scored too high | Switch network (Step 2) |
Suspicious activity has been detected | Same as above; older wording | Switch network (Step 2) |
Sorry, you have been blocked (Cloudflare page) | Cloudflare WAF blocked the request — usually VPN/datacenter IP | Drop the VPN, switch IP (Step 2) |
Please unblock challenges.cloudflare.com to proceed | Usually a Cloudflare-wide incident, not you | Check status, wait (see FAQ) |
| Normal login page loads, then replies error | Could be account-side | Jump to Step 5 |
Symptoms
- “Unusual / Suspicious activity” banner blocks login
- You can sign in but every reply errors
- Worked before, broke right after a VPN node switch
- Sudden 503 / disconnects after a period of use
- Password reset and cookie clear don’t help
Quick verdict
It’s almost always egress IP reputation, not the account. Process: switch network → wait for cool-down → re-login.
Common causes
In rough order of frequency:
1. Egress IP is on OpenAI’s risk list
High-risk IP sources:
- Datacenter IPs: AWS / GCP / Alibaba egress — OpenAI rejects these by default
- Heavily abused VPN exits: free VPNs, shared proxies, residential VPNs shared by many accounts
- Some country IPs: regions OpenAI does not serve, or that carry a high abuse rate
- Tor exit nodes: effectively always trigger it
How to verify: visit browserleaks.com/ip and check the IP type. A Hosting, VPN, or Proxy label means high risk; ISP / residential is what you want.
2. Rapid country jumps in a short window
OpenAI sees the account in the US, then Japan five minutes later, then Germany ten minutes after that — a classic botnet / stolen-account signature. It auto-locks.
How to verify: have you been switching VPN nodes a lot recently?
3. Concurrent multi-device / multi-browser logins
One account signed into five devices, each on a different IP range — past the threshold. Shared Team/Business seats are the worst offenders.
How to verify: is the account shared, or signed in on many devices?
4. Burst request volume
More common with API users: 50 requests inside 100 ms trips the anti-abuse system. Web users hit it too — repeatedly mashing the regenerate button.
How to verify: have you been scripting calls or clicking retry rapidly?
5. Anomalous browser fingerprint
Headless browsers (Puppeteer / Selenium), heavily modified user-agent strings, JavaScript disabled, or third-party ChatGPT desktop clients hitting unofficial endpoints — all make the fingerprint “not look human.” Privacy extensions that block challenges.cloudflare.com cause the Cloudflare variant specifically.
How to verify: try regular Chrome / Safari or the official ChatGPT app with extensions off.
Shortest path to fix
Ordered “least painful first” — none of these steps deepens the lock:
Step 1: 30-second test of IP vs account
Don’t re-login yet. Open an incognito/private window to chatgpt.com:
- Same “unusual/suspicious” message → it’s the IP (go to Step 2)
- Login page loads normally → it’s likely the account (jump to Step 5)
Step 2: Switch to a clean IP
Ranked cleanest to riskiest:
| Recommended | Network |
|---|---|
| Best | Mobile 4G / 5G (carrier IPs, rarely flagged) |
| Good | Home broadband (residential ISP) |
| Good | Paid stable VPN (dedicated US-East / US-West exit) |
| Marginal | Office wired (depends on whether the office IP has been abused) |
| Avoid | Free VPN |
| Avoid | Datacenter IPs |
| Avoid | Shared proxies |
Fastest test: turn off WiFi on your phone, switch to mobile data, open the ChatGPT app. If it loads, the IP was the problem.
Step 3: Wait 30–60 minutes
Safety holds have a cool-down. Within 30 minutes of the first error, do not keep retrying — each failure extends the hold. Wait at least 30 minutes, try once, and if it’s still locked wait another 30. Resist the urge to refresh.
Step 4: Clear cookies + use a mainstream browser
If the fingerprint is flagged:
- DevTools (
F12) → Application → Storage → Clear site data (clears cookies forchatgpt.com) - Quit any third-party ChatGPT clients
- Use native Chrome / Safari / Edge or the official ChatGPT app
- Disable all browser extensions (especially ad/script blockers that may block
challenges.cloudflare.com)
Step 5: Account-side checks
If a clean network still doesn’t fix it:
- Go to
chatgpt.com, click Log in → Forgot password?, and run the reset flow. If the reset email arrives, the account itself isn’t banned. (The oldchat.openai.comhost now redirects tochatgpt.com, so use the new one.) - Check the registered email for OpenAI messages (verification prompts, security warnings, a real “we noticed a new login” notice).
- Re-enroll 2FA from scratch if you have it on.
Step 6: Contact support (last resort)
Only after you’ve confirmed the IP is clean, the account can receive email, and 24+ hours have passed: open the chat widget at the bottom-right of help.openai.com, start a new chat, and type “talk to a person” to reach a human agent. That widget is the channel that actually files an account ticket as of June 2026 — there is no support phone line, and there is no help@openai.com mailbox (general mail goes to support@openai.com, but the widget routes faster). Have this ready:
Persistent "Unusual activity" block on [your account email]
I've been unable to access ChatGPT for 24+ hours from a clean
residential network. Steps taken:
- Verified IP type via browserleaks.com/ip (residential ISP, not VPN)
- Tested incognito + 4 different browsers
- Cleared site data, restarted devices
- Password reset email arrived successfully (confirms account is intact)
Account email: [email]
Approximate time of first lockout (UTC): [time]
How to confirm it’s fixed
You’re genuinely clear (not just temporarily lucky) when all of these hold:
- You can log in and send 3–4 messages with no error, on the same network you’ll keep using
browserleaks.com/ipshows your active IP asISP/residential, notHosting/VPN/Proxy- A page refresh and a fresh incognito session both load without the banner
If it only works on mobile data but breaks back on your VPN, the VPN exit is the culprit — keep it off for ChatGPT or move to a dedicated residential exit.
When this is not on you
A residential IP that was fine yesterday can turn risky overnight if other tenants on the same shared VPN abused it, or if a Cloudflare-wide incident is in progress. That isn’t “your fault,” but you still have to switch networks or wait it out — OpenAI won’t unblock a specific shared IP on request.
Prevention
- Pick one stable, paid VPN exit and use it long-term — don’t node-hop
- Don’t let the VPN client auto-rotate IPs while ChatGPT is in use
- Avoid free / shared proxies for AI tools — they get polluted fast
- For teams, give each person their own seat — don’t share one login across many devices
- For API scripts, add rate limiting (at least 1 second between requests, and respect
429back-off headers) - Don’t drive the web app with headless browsers or unofficial desktop clients
FAQ
Is my account banned? Almost certainly not. If the password-reset email arrives (Step 5), the account is intact — a true ban blocks the reset flow and usually comes with an explicit email from OpenAI. The “unusual activity” page is an IP/risk gate, not an account suspension.
Why does it only happen on my VPN? Most VPN exits are datacenter or heavily shared IPs, exactly the ranges OpenAI’s anti-abuse system distrusts. Switch to mobile data or a dedicated residential exit. A “premium” VPN doesn’t help if hundreds of users share the same exit IP.
I see “Sorry, you have been blocked” instead — same thing?
That’s the Cloudflare WAF page rather than OpenAI’s own banner, but the cure is the same: drop the VPN/proxy, clear cookies, disable extensions that block challenges.cloudflare.com, and retry from a clean residential IP.
How long does the cool-down last? Typically minutes to an hour for a first trip; longer if you kept retrying. Waiting 30–60 minutes without hammering the page is the reliable reset. There’s no button to clear it faster.
Will changing my password fix it? No. A password change does nothing for an IP-level block and, if done repeatedly, can itself look suspicious. Only reset the password to prove the account is alive (Step 5), not as a fix.
Is ChatGPT just down for everyone right now?
Possible. If you also see Please unblock challenges.cloudflare.com to proceed, it’s likely a Cloudflare-wide incident. Check status.openai.com and cloudflarestatus.com before troubleshooting your own setup.
Related
- ChatGPT login fails
- ChatGPT cannot open
- ChatGPT beginner guide
- ChatGPT prompt improvement
- ChatGPT model selection guide
Tags: #ChatGPT #Debug #Troubleshooting