Versions (2)
Version DetailsCurrent
Rev: 2 • Jan 21, 2026, 12:00 PMET PHISHING EvilGinX Fake Captcha JS Resource Request
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET PHISHING EvilGinX Fake Captcha JS Resource Request"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/cdn-cgi/challenge-platform/"; startswith; fast_pattern; content:"/main.js"; endswith; classtype:credential-theft; sid:2066879; rev:2; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2026_01_21, deployment Perimeter, deployment SSLDecrypt, malware_family evilginx2, confidence Medium, signature_severity Major, updated_at 2026_01_22; target:src_ip;)
Jan 21, 2026, 12:00 PM
Jan 22, 2026, 12:00 PM
Jan 21, 2026, 9:34 PM
Jan 22, 2026, 11:34 PM
rules/emerging-phishing.rules