diff --git a/scanners/nuclei/cascading-rules/subdomain_http.yaml b/scanners/nuclei/cascading-rules/subdomain_http.yaml
new file mode 100644
index 0000000000..bb8f8d30aa
--- /dev/null
+++ b/scanners/nuclei/cascading-rules/subdomain_http.yaml
@@ -0,0 +1,33 @@
+# SPDX-FileCopyrightText: 2021 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: "cascading.securecodebox.io/v1"
+kind: CascadingRule
+metadata:
+  name: "nuclei-subdomain-scan-light-http"
+  labels:
+    securecodebox.io/invasive: non-invasive
+    securecodebox.io/intensive: light
+spec:
+  matches:
+    anyOf:
+      - category: "Open Port"
+        attributes:
+          port: 80
+          state: open
+      - category: "Open Port"
+        attributes:
+          service: "http"
+          state: open
+      - category: "Open Port"
+        attributes:
+          service: "http-*"
+          state: open
+      
+  scanSpec:
+    scanType: "nuclei"
+    parameters:
+      # Target domain name of the finding and start a nuclei scan
+      - "-u"
+      - "http://{{$.hostOrIP}}:{{attributes.port}}"
diff --git a/scanners/nuclei/cascading-rules/subdomain.yaml b/scanners/nuclei/cascading-rules/subdomain_https.yaml
similarity index 51%
rename from scanners/nuclei/cascading-rules/subdomain.yaml
rename to scanners/nuclei/cascading-rules/subdomain_https.yaml
index 819c120c3b..fd6135462c 100644
--- a/scanners/nuclei/cascading-rules/subdomain.yaml
+++ b/scanners/nuclei/cascading-rules/subdomain_https.yaml
@@ -5,18 +5,28 @@
 apiVersion: "cascading.securecodebox.io/v1"
 kind: CascadingRule
 metadata:
-  name: "nuclei-subdomain-scan-light"
+  name: "nuclei-subdomain-scan-light-https"
   labels:
     securecodebox.io/invasive: non-invasive
     securecodebox.io/intensive: light
 spec:
   matches:
     anyOf:
-      - category: "Subdomain"
-        osi_layer: "NETWORK"
+      - category: "Open Port"
+        attributes:
+          port: 443
+          state: open
+      - category: "Open Port"
+        attributes:
+          service: "https"
+          state: open
+      - category: "Open Port"
+        attributes:
+          service: "https*"
+          state: open
   scanSpec:
     scanType: "nuclei"
     parameters:
       # Target domain name of the finding and start a nuclei scan
       - "-u"
-      - "{{location}}"
+      - "https://{{$.hostOrIP}}:{{attributes.port}}"