Open redirect: Google Web Light

calendar Aug 21, 2023  ยท
Share on: linkedin copy

Message contains use of the Google Web Light domain for open redirect.

Sublime rule (View on GitHub)

 1name: "Open redirect: Google Web Light"
 2description: |
 3    Message contains use of the Google Web Light domain for open redirect.
 4type: "rule"
 5authors:
 6  - twitter: "ajpc500"
 7severity: "medium"
 8source: |
 9  type.inbound
10  and any(body.links,
11          .href_url.domain.domain == 'googleweblight.com' and strings.ilike(.href_url.url, '*/i?u=*')
12  )  
13attack_types:
14  - "Credential Phishing"
15  - "Malware/Ransomware"
16tactics_and_techniques:
17  - "Open redirect"
18detection_methods:
19  - "Sender analysis"
20  - "URL analysis"
21id: "27030ba5-c9dc-5789-bd3e-621626e0a123"
to-top