Medium Severity
Open redirect: Google Ad Services
Description
Message contains use of the Google Ad Services open redirect, but the sender is not Google. This has been exploited in the wild.
References
No references.
Sublime Security
Created May 10th, 2024 • Last updated May 10th, 2024
Feed Source
Sublime Core Feed
Source
type.inbound
and any(body.links,
.href_url.domain.root_domain == 'googleadservices.com'
and .href_url.path =~ '/pagead/aclk'
and strings.icontains(.href_url.query_params, "adurl=")
)
and sender.email.domain.root_domain != 'google.com'
Playground
Test against your own EMLs or sample data.