Rule History

SID: 3300358 • Source: pawpatrules

Versions (4)

Version DetailsCurrent

Rev: 4 • Oct 31, 2022, 12:00 PM

Message:

🐾 - 🚨 👀 api.ipify.org lookup public IP address from local network - Possible Leak 🚱

Rule:

alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"🐾 - 🚨 👀 api.ipify.org lookup public IP address from local network - Possible Leak 🚱"; flow:to_server, stateless; threshold:type limit, track by_src,count 1, seconds 3600; tls_sni; content:"api.ipify.org"; fast_pattern; nocase; ja3.hash; content:!"bc29aa426fc99c0be1b9be941869f88a"; metadata:created_at 2022_10_31, updated_at 2024_08_17; sid:3300358; rev:4; classtype:external-ip-check;)

Created:

Oct 31, 2022, 12:00 PM

Updated:

Aug 17, 2024, 12:00 PM

DB Created:

Feb 21, 2024, 4:00 PM

DB Updated:

May 29, 2025, 11:12 PM

Filename:

rules/PAW-PATRULES_LEAKS.rules