Skip to main content

Table 2 Redirection types

From: LSTM RNN: detecting exploit kits using redirection chain sequences

Category Type Example
Header Referrer referrer field holds source, and host field holds destination URL
Header Location host field holds source, and location field holds destination URL
Content HTML http-equiv=~Refresh~ url=~< url>~ and form |a|p|img src=~< url>~
Content JavaScript window |document(.location |.open)?.href |hostname|replace|assign|write
Content iFrame < iframe src=~http://evil.com~></iframe>
Content Base64 window.cback(‘aHR0cDovL2V2aWwuY29tL2V4cGxvaXQvZXhwbG9pdC5waHA=’);
Content Concatenation var a = ~http://~ + ‘evil’ + ~.com~; window.href=a;
Content Unknown URL found in page content and subsequently visited, no verifiable source
Relational Subdomain URL shares domain with recently accessed URL, no other identifiable source