sublimemediumRule

Service abuse: Domains By Proxy sender

Message originates from a sender using Domains By Proxy's domain privacy service, commonly used to hide domain ownership information.

MITRE ATT&CK

T1566 T1566.001 T1566.002 T1598 T1534 T1656 T1036 T1027

defense-evasioninitial-access

Detection Query

type.inbound
and sender.email.domain.root_domain == 'domainsbyproxy.com'

Data Sources

Email MessagesEmail HeadersEmail Attachments

Platforms

Raw Content

name: "Service abuse: Domains By Proxy sender"
description: "Message originates from a sender using Domains By Proxy's domain privacy service, commonly used to hide domain ownership information."
type: "rule"
severity: "medium"
source: |
  type.inbound
  and sender.email.domain.root_domain == 'domainsbyproxy.com'

attack_types:
  - "Spam"
  - "Credential Phishing"
  - "BEC/Fraud"
tactics_and_techniques:
  - "Evasion"
  - "Social engineering"
detection_methods:
  - "Header analysis"
  - "Sender analysis"
id: "d069b183-18f4-5a49-8205-ff2f1f62a130"