Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
445
Views
1
Helpful
1
Replies

addtional support needed for shortened URL and OPEN Redirect abused

dukebox
Level 1
Level 1

‎02-07-2024 09:49 PM - edited ‎02-07-2024 09:58 PM

There is a multiple list of shortened URL and OPEN Redirect encoded being abused by spammers. So we cannot easlily filter and block the open redirect.

CISCO ESA and CISCO ETD support many but not all of them unfortunately, forcing us to basically blocked all of them, even he legit ones.

Is there a list of upcoming support to be added?

like this shortlist from some abused we've seen on our environement

  • r20.rs6.net = the BAD encoded constantcontact trackers and open redirect links...anyway to decode these? 
  • *.link (app.link, page.link, sng.link etc)
  • google.com/amp
  • linkedin.com/slink? 

urlscan.io historical scan of phishy links abused using GOOGLE/AMP open redirect 

urlscan.io historical scan of phishy links abused using LINKEDIN open redirect 

ref : https://krebsonsecurity.com/2022/02/how-phishers-are-slinking-their-links-into-linkedin/

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trusted-domain-hidden-danger-deceptive-url-redirections-in-email-phishing-attacks/

Labels:
0 Helpful
1 Reply 1

Ruben Cocheno
Spotlight
Spotlight

‎02-08-2024 12:16 AM

@dukebox 

Open a new feature request with TAC

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
Customers Also Viewed These Support Documents