Versions (3)
Version DetailsCurrent
Rev: 3 • Mar 25, 2021, 12:00 PMET PHISHING Observed CloudFlare Interstitial Phishing Page
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET PHISHING Observed CloudFlare Interstitial Phishing Page"; flow:established,from_server; http.header; content:"|0d 0a|cf-request-id|3a 20|"; file_data; content:"<title>Suspected phishing site|20 7c 20|Cloudflare</title>"; fast_pattern; reference:url,blog.cloudflare.com/protecting-cloudflare-sites-from-phishing; classtype:bad-unknown; sid:2032321; rev:3; metadata:affected_product Any, attack_target Client_Endpoint, created_at 2021_03_25, deployment Perimeter, deprecation_reason Age, confidence Medium, signature_severity Minor, updated_at 2024_01_04, reviewed_at 2024_01_04;)
Mar 25, 2021, 12:00 PM
Jan 4, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-phishing.rules