Service abuse: Linode Objects HTML file hosting

calendar Jun 5, 2026 · Attack surface reduction  ·
Share on: linkedin copy

Detects inbound messages containing links to HTML files hosted on Linode's object storage service (linodeobjects.com). This pattern is commonly used to host malicious content or bypass security controls by leveraging legitimate cloud storage infrastructure.

Sublime rule (View on GitHub)

 1name: "Service abuse: Linode Objects HTML file hosting"
 2description: "Detects inbound messages containing links to HTML files hosted on Linode's object storage service (linodeobjects.com). This pattern is commonly used to host malicious content or bypass security controls by leveraging legitimate cloud storage infrastructure."
 3type: "rule"
 4severity: "medium"
 5source: |
 6  type.inbound
 7  and any(body.current_thread.links,
 8          .href_url.domain.root_domain == "linodeobjects.com"
 9          and strings.iends_with(.href_url.path, ".html")
10  )  
11tags:
12 - "Attack surface reduction"
13attack_types:
14  - "Credential Phishing"
15  - "Malware/Ransomware"
16tactics_and_techniques:
17  - "Free file host"
18  - "Evasion"
19detection_methods:
20  - "URL analysis"
21  - "Content analysis"
22id: "7e223bac-b437-57e5-be99-f82b23c4ca61"

Related rules

to-top