Rule History

SID: 3321476 • Source: pawpatrules

Versions (2)

Version DetailsCurrent

Rev: 5 • Dec 19, 2025, 12:00 PM

Message:

🐾 - 🚨 Possible malicious Web 🌐 redirection from 🅿 parked domain

Rule:

alert http $EXTERNAL_NET 80 -> any any (msg:"🐾 - 🚨 Possible malicious Web 🌐 redirection from 🅿 parked domain"; requires:version >= 8; flow:to_client, stateless; flowbits:set,pptrls.malprkeddom; flowbits:isnotset,pptrls.malprkeddom; content:"|52 65 64 69 72 65 63 74 69 6e 67|"; http.location; content:"http"; startswith; http.server; content:"nginx"; http.stat_code; content:"302"; reference:url,https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/; target:dest_ip; metadata:attack_target Client_Endpoint, created_at 2025_12_19, updated_at 2025_12_19; sid:3321476; rev:5; classtype:bad-unknown;)

Created:

Dec 19, 2025, 12:00 PM

Updated:

Dec 19, 2025, 12:00 PM

DB Created:

Dec 19, 2025, 12:34 AM

DB Updated:

Dec 19, 2025, 2:34 PM

Filename:

rules/PAW-PATRULES_MALWARES.rules