Open redirect: Snapchat

Dec 20, 2023 · Attack surface reduction ·

Message contains use of the click.snapchat.com open redirect.

Sublime rule (View on GitHub)

 1name: "Open redirect: Snapchat"
 2description: |
 3    Message contains use of the click.snapchat.com open redirect.
 4type: "rule"
 5authors:
 6  - twitter: "vector_sec"
 7severity: "medium"
 8source: |
 9  type.inbound
10  and any(body.links, .href_url.domain.domain == "click.snapchat.com")
11  and sender.email.domain.root_domain != "snapchat.com"  
12tags:
13  - "Attack surface reduction"
14attack_types:
15  - "Credential Phishing"
16  - "Malware/Ransomware"
17tactics_and_techniques:
18  - "Open redirect"
19detection_methods:
20  - "Sender analysis"
21  - "URL analysis"
22id: "6f363e68-ced9-5f0e-8951-4070623cd705"

Related rules

Link to a Domain with Punycode Characters
Open redirect: Linkedin
Open redirect: Panera Bread
Open redirect: Samsung
Open redirect: Slack