Open redirect: Snapchat

calendar Aug 21, 2023  ยท
Share on: linkedin copy

Message contains use of the click.snapchat.com open redirect.

Sublime rule (View on GitHub)

 1name: "Open redirect: Snapchat"
 2description: |
 3    Message contains use of the click.snapchat.com open redirect.
 4type: "rule"
 5authors:
 6  - twitter: "vector_sec"
 7severity: "medium"
 8source: |
 9  type.inbound
10  and any(body.links, .href_url.domain.domain == "click.snapchat.com")
11  and sender.email.domain.root_domain != "snapchat.com"  
12attack_types:
13  - "Credential Phishing"
14  - "Malware/Ransomware"
15tactics_and_techniques:
16  - "Open redirect"
17detection_methods:
18  - "Sender analysis"
19  - "URL analysis"
20id: "6f363e68-ced9-5f0e-8951-4070623cd705"
to-top