Open redirect: Atdmt

calendar Jan 12, 2026  ยท
Share on: linkedin copy

Message contains use of the Atdmt (Facebook) open redirect.

Sublime rule (View on GitHub)

 1name: "Open redirect: Atdmt"
 2description: |
 3    Message contains use of the Atdmt (Facebook) open redirect.
 4references:
 5  - "https://en.wikipedia.org/wiki/Atdmt"
 6type: "rule"
 7authors:
 8  - twitter: "vector_sec"
 9severity: "medium"
10source: |
11  type.inbound
12  and any(body.links,
13          .href_url.domain.domain == 'ad.atdmt.com'
14          and strings.ilike(.href_url.path, '*/c*')
15  )  
16attack_types:
17  - "Credential Phishing"
18  - "Malware/Ransomware"
19tactics_and_techniques:
20  - "Open redirect"
21detection_methods:
22  - "URL analysis"
23id: "fafbd230-bb09-5306-b652-3060639b8660"
to-top