Tactic or Technique: Open redirect

Attackers abuse open redirect vulnerabilities to make malicious links appear trustworthy. These links begin with a legitimate domain, but when clicked, they send you to a completely different site—often one used for phishing or malware delivery.
It often begins with a link like “trusted-company[.]com/redirect?url=malicious-site[.]com” to bypass filters and build false confidence. Since the domain looks familiar, you’re more likely to trust it and click through. Behind the scenes, you’re immediately redirected to an attacker-controlled page.
This tactic works because many users and security tools only check the start of a URL. It’s frequently used in credential phishing and malware campaigns, especially when combined with realistic branding that makes the message feel like it came from a legitimate source.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Open redirect: Diesel.az
2d ago
Jul 14th, 2026
Sublime Security
Open redirect: JustPaste.it
14d ago
Jul 2nd, 2026
Sublime Security
Link: Google Cloud Storage link with index.php in URL
16d ago
Jun 30th, 2026
Sublime Security
Link: Google Cloud Storage redirect to external domain
16d ago
Jun 30th, 2026
Sublime Security
Link: Google Cloud Storage link with redirect.html in URL
16d ago
Jun 30th, 2026
Sublime Security
Brand impersonation: Microsoft logo or suspicious language with open redirect
1mo ago
Jun 5th, 2026
Sublime Security
Open Redirect: Google domain with /url path and suspicious indicators
1mo ago
Jun 5th, 2026
Sublime Security
Constant Contact link infrastructure abuse
1mo ago
Jun 5th, 2026
Sublime Security
Open redirect: Mailtrack Korea
1mo ago
Jun 4th, 2026
Sublime Security
Open redirect: Hakumonkai.org
1mo ago
Jun 1st, 2026
Sublime Security
Service abuse: Google OAuth with suspicious redirect destination
1mo ago
May 27th, 2026
Sublime Security
Image as content with a link to an open redirect
1mo ago
May 26th, 2026
Sublime Security
Attachment: Link to Doubleclick.net open redirect
2mo ago
Apr 29th, 2026
Sublime Security
Attachment: Calendar invite with Google redirect and invoice request
2mo ago
Apr 28th, 2026
Sublime Security
Attachment: Calendar invite with suspicious link leading to an open redirect
2mo ago
Apr 28th, 2026
Sublime Security
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender
2mo ago
Apr 28th, 2026
Sublime Security
Service abuse: Google Tag Manager debug cookie clearing with open redirect potential
2mo ago
Apr 27th, 2026
Sublime Security
Link: URL path containing /moni/index
2mo ago
Apr 24th, 2026
Sublime Security
Service abuse: Meetup.com redirect with brand impersonation
3mo ago
Apr 15th, 2026
Sublime Security
Service abuse: Mimecast URL with excessive path length
3mo ago
Apr 8th, 2026
Sublime Security