ET MALWARE GET Request to Remote Cloudflare Branding from wikimedia .org (Commonly ClickFix)

SID: 2068948Rev: 40 views
History
Sourceet/open
CreatedApril 23, 2026
UpdatedApril 24, 2026
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE GET Request to Remote Cloudflare Branding from wikimedia .org (Commonly ClickFix)"; flow:established,to_server; http.method; content:"GET"; http.uri; bsize:43; content:"/wikipedia/commons/9/94/Cloudflare_Logo.png"; startswith; fast_pattern; http.host; content:"upload.wikimedia.org"; startswith; classtype:trojan-activity; sid:2068948; rev:4; metadata:affected_product Web_Browsers, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2026_04_23, deployment Perimeter, deployment SSLDecrypt, former_category HUNTING, malware_family ClickFix, confidence Medium, signature_severity Major, updated_at 2026_04_24; target:src_ip;)

Metadata

affected productWeb_Browsers
attack targetClient_Endpoint
tls stateTLSDecrypt
created at2026_04_23
deploymentSSLDecrypt
former categoryHUNTING
malware familyClickFix
confidenceMedium
signature severityMajor
updated at2026_04_24

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!