← Back to Explore
sublimelowRule
Privatelayer VPS in Headers
The message was sent using a Privatelayer VPS, a provider known to be used for phishing.
Detection Query
type.inbound
and any(headers.domains, .domain == "hostedby.privatelayer.net" )
Author
ajpc500
Data Sources
Email MessagesEmail HeadersEmail Attachments
Platforms
email
Tags
Suspicious headers
Raw Content
name: "Privatelayer VPS in Headers"
description: |
The message was sent using a Privatelayer VPS, a provider known to be used for phishing.
type: "rule"
severity: "low"
authors:
- twitter: "ajpc500"
source: |
type.inbound
and any(headers.domains, .domain == "hostedby.privatelayer.net" )
tags:
- "Suspicious headers"