Open Redirect: Cartoon Network

This rule detects the use of Cartoon Network's Denmark domain as an open redirect.

Sublime rule (View on GitHub)

 1name: "Open Redirect: Cartoon Network"
 2description: "This rule detects the use of Cartoon Network's Denmark domain as an open redirect."
 3type: "rule"
 4severity: "medium"
 5source: |
 6  type.inbound
 7  // it has to be www. - note hitting the www doesn't work
 8  and any(body.links,
 9          .href_url.domain.domain == 'www.cartoonnetwork.dk'
10          // the path startswith a double //
11          and strings.starts_with(.href_url.path, '//')
12          // the path has to end in a trailing /
13          and strings.ends_with(.href_url.path, '/')
14   )  
15
16attack_types:
17  - "Credential Phishing"
18  - "Spam"
19tactics_and_techniques:
20  - "Open redirect"
21  - "Evasion"
22detection_methods:
23  - "Content analysis"
24  - "URL analysis"
25id: "7435e057-5abb-55b4-b1da-f1b6ec191c33"
to-top