EXPLORE DETECTIONS
Open redirect: ExacTag
Message contains use of the ExacTag open redirect. This has been exploited in the wild.
Open redirect: fenc.com
Message contains use of the fenc.com open redirect. This has been exploited in the wild.
Open redirect: g7.fr
Message contains use of the g7.fr open redirect. This has been exploited in the wild.
Open redirect: giving.lluh.org
Message contains use of the giving.lluh.org redirect. This redirection has been abused by threat actors in the wild.
Open redirect: Google Ad Services
Message contains use of the Google Ad Services open redirect, but the sender is not Google. This has been exploited in the wild.
Open Redirect: Google domain with /url path and suspicious indicators
This rule examines messages containing image attachments that utilize Google's open redirect (google[.]com/url...). To enhance accuracy and minimize false positives, the rule conducts additional assessments for suspicious indicators, as indicated in the comments.
Open redirect: Google Web Light
Message contains use of the Google Web Light open redirect. Google Web Light was sunset on December 19 2022.
Open redirect: HHS
Looks for use of the HHS open redirect.
Open redirect: ijf.org
Message contains use of the ijf.org redirect. This has been exploited in the wild.
Open redirect: Indeed
Detects emails containing links using Indeed '/r?target=xxxxxx' open redirect where the email has not come from indeed.com
Open redirect: IndiaTimes
Message contains use of the IndiaTimes open redirect. This has been exploited in the wild.
Open redirect: isadatalab.com
Message contains use of the isadatalab.com open redirect. This has been exploited in the wild.
Open redirect: k-mil.net
Message contains use of the k-mil.net open redirect. This has been exploited in the wild.
Open redirect: Klaviyo
Message contains use of the Klaviyo (kmail-lists.com) open redirect, but the link display text does not match known permutations. This has been exploited in the wild.
Open redirect: labcluster.com
Message contains use of the cm.labcluster.com/go.aspx redirect. This has been exploited in the wild for phishing.
Open redirect: LearningApps
Message contains use of the LearningApps open redirect. This has been exploited in the wild.
Open redirect: Linkedin
Detects emails containing links using Linkedin '/slink?code=xxxxx' open redirect where the email has not come from Linkedin.com
Open redirect: LinkedIn Redirect
Message contains use of a LinkedIn Redirect. The redirect contains a 3 second delay before redirecting the browser. This redirection has been abused by threat actors in the wild.
Open redirect: listing.ca
Message contains use of the listing.ca redirect. This has been exploited in the wild.
Open redirect: magic4media.com
Message contains use of the magic4media.com open redirect. This has been exploited in the wild.
Open redirect: magiccity.ne.jp
Message contains use of the magiccity.ne.jp redirect. This has been exploited in the wild.
Open redirect: magneticmarketing.com
Message contains use of the magneticmarketing.com open redirect. This has been exploited in the wild.
Open redirect: mail.spiceworks.com
Message contains use of the mail.spiceworks.com redirect. This has been exploited in the wild.
Open redirect: marketing.edinburghairport.com
Message contains use of a marketing.edinburghairport.com redirect. This redirection has been abused by threat actors in the wild.