EXPLORE DETECTIONS
Open redirect: Samsung
Message contains use of the Samsung open redirect, but the sender is not Samsung.
Open redirect: sciencebuddies.org
Message contains use of the sciencebuddies.org open redirect. This has been exploited in the wild.
Open redirect: secondstreetapp.com
Message contains use of the secondstreetapp.com redirect. This has been exploited in the wild.
Open redirect: Shibboleth SSO Logout Return Parameter
Detects links that contain a Shibboleth SSO logout endpoint with a return parameter, which could be used for open redirect attacks. The rule checks for both direct path inclusion and URL-encoded versions in query parameters. Only triggers on senders with non-common prevalence.
Open redirect: shoppermeet.net
Message contains use of the shoppermeet.net redirect. This has been exploited in the wild for phishing.
Open redirect: shoppingwebapi.didatravel.com
Message contains use of the shoppingwebapi.didatravel.com open redirect. This has been exploited in the wild.
Open redirect: Signature Travel Network
Message contains use of the Signature Travel Network open redirect, but the sender is not Signature Travel Network. This has been exploited in the wild.
Open redirect: Slack
Message contains use of Slack's open redirect but the sender is not Slack.
Open redirect: slubnaglowie.pl
Message contains use of a slubnaglowie.pl redirect. This redirection has been abused by threat actors in the wild.
Open redirect: smartadserver.com
Message contains use of the smartadserver.com redirect. This has been exploited in the wild.
Open redirect: smore.com
Message contains use of the smore.com redirect. This has been exploited in the wild for phishing.
Open redirect: Snapchat
Message contains use of the click.snapchat.com open redirect.
Open redirect: social.bigpress.net
Message contains use of the social.bigpress.net open redirect. This has been exploited in the wild.
Open redirect: ssg-financial.com
Message contains use of the ssg-financial.com open redirect. This has been exploited in the wild.
Open redirect: stats.lib.pdx.edu
Message contains use of the stats.lib.pdx.edu open redirect. This has been exploited in the wild.
Open redirect: storematch.jp
Message contains use of the storematch.jp open redirect. This has been exploited in the wild.
Open redirect: Ticketmaster
Message contains use of the Ticketmaster open redirect, but the sender is not Ticketmaster. This has been exploited in the wild.
Open redirect: TikTok
Message contains use of an open redirect on TikTok. This has been exploited in the wild.
Open redirect: tkqlhce.com
Message contains use of the tkqlhce.com redirect. This has been exploited in the wild for phishing.
Open redirect: tuttocauzioni.it
Message contains use of the tuttocauzioni.it redirect. This has been exploited in the wild.
Open redirect: typedrawers.com
Detects messages containing links or QR codes pointing to typedrawers.com/home/leaving with target parameter, sent from non-trusted domains or authenticated sources failing DMARC checks. Considers sender reputation and requires either unsolicited contact or prior malicious activity without false positives.
Open redirect: U.S. Antarctic Program Data Center (USAP-DC)
Message contains use of the U.S. Antarctic Program Data Center (USAP-DC) open redirect.
Open redirect: unitedwaynwvt.org
Message contains use of the unitedwaynwvt.org open redirect. This has been exploited in the wild.
Open redirect: ust.hk
Message contains use of the ust.hk open redirect. This has been exploited in the wild.