This rule identifies potentially malicious Firebase Dynamic Links that redirect users to a newly created domain. Attackers can exploit Google's Firebase services to create links that direct unsuspecting users to phishing sites or malware downloads. The detection focuses specifically on links that redirect to domains that are less than seven days old, which can be an indicator of fraudulent activity, as attackers often utilize newly registered domains to avoid detection. This rule leverages URL analysis and WHOIS database queries to assess the age of the target domain, specifically looking for links that originate from `goo.gl` and contain the term `app` in their structure. By analyzing redirect history, the rule assesses whether any linked domains meet the criteria for being newly created.