This detection rule identifies the Baby Shark Command and Control (C2) framework by monitoring network traffic through a proxy. Specifically, it looks for URL patterns that match the default communication characteristics of the Baby Shark agent, which is known for its use in malicious command and control operations. The decision criterion is based on identifying URIs that contain the specific string 'momyshark\?key=', which is indicative of potential undesirable communication attempts associated with this tool. The detection is classified as critical, underscoring the potential severity of such a threat in a security context. This rule is applicable in environments where proxies are utilized to monitor and log web traffic, and is crafted to minimize false positives, making it an efficient choice for immediate alerts regarding potential Baby Shark agent activities.