A NewBrowser.rar file downloaded when web address is put on browser

No, I didn’t.

I did it carefully
it can’t do anything without run

hmm i used same password in 1 account also

I was not at home so temporarily I removed Cloudflare and now my website running normally
I will resolve it when I am at my workplace

yes I see there is a link in 301 redirection
I removed it
now I enabled 2 factor authentication
i should do it before

This issue was raised a while ago - we’re just awaiting Cloudflare response at this point. Has anyone heard anything by chance?


Go through the entire thread, you will be able to fix it. I am able to fix it by following the above.

In short, the account was compromised or accessed by someone else, and planted some redirect links that download that file. Need to remove those redirect links and you are good to go.

didn’t got anything from Cloudflare
i just solve by myself

We checked internally and an email was sent to your email address relating to the account yesterday. Check your spam filters. Subject was: [Action Required] - Secure your Cloudflare Account.


thank you
I got your mail
but after a long delay.
just 9 hours after I resolve it
and I got mail when I was sleeping peacefully

An enormous list of compromised passwords was released on 21st December on the dark web. I think i see a pattern on the leak.

Has any of you used any of the following:

  1. Termius (SSh client)?
  2. An android phone using MIUI?

hmm, you are right.
I also got a mail from google that my saved password has leaked
but I changed my password instantly
and I am not using the above-listed anything
I am using only Samsung and iPhone
by the way, china is famous to leak data so I avoid using Chinese products and services

Hello thanks for the help, my account was compromised and this is what I did with your instructions:

I deleted the added redirect on https://dash.cloudflare.com/?to=/:account/redirect-rules

I went through the audit logs and found out that a lot was changed/added.
Here´s a screenshot of what the hacker did on my account:

please tell me how to disable these actions.
My website www.emelexista.com is still being redirected as I sent this message.

To revert the actions just go through them one by one and revert those that seem off manually.

How did you do this, as this link goes to nowhere… the correct link is https://dash.cloudflare.com/?to=/:account/:zone/rules/redirect-rules.

Thank you for the help.
This was very useful.
I could finally make my site https://www.emelexista.com/ work again