heroui logo

Open redirect: Nested Doubleclick.net

Sublime Rules

View Source
Summary
This detection rule aims to identify a specific pattern related to open redirects involving Doubleclick.net, particularly those that leverage nested URLs. The rule applies to inbound messages with fewer than ten links and focuses on links that lead to Doubleclick.net domains, specifically looking for paths that typically indicate ad clicks. It includes checks for certain query parameters that suggest the presence of an ad click redirect. The severity is heightened if the sender is either new or classified as an outlier, indicating that their messaging behavior is unusual or potentially malicious. This detection aims to combat common attack types such as credential phishing and malware distribution by monitoring for indicators of abusive URL practices that could mislead users into malicious sites.
Categories
  • Web
  • Cloud
Data Sources
  • User Account
  • Network Traffic
Created: 2024-07-17