Referrer URL analysis

HTTP referrers provide a wealth of information about where your site visitors are coming from. Found in your web server logs, these referrer URLs can help identify phishing websites targeting your brand in the early stages of an account takeover
attack.

Bolster’s engine detects phishing on such URLs in real-time and helps you identify users who might be compromised. In addition to helping you with mitigation on such accounts by restricting access or resetting passwords, Bolster also performs automated takedowns on such sites.

Sample Referral URLs in nginx logs

Benefits of Scanning Referral URLs

  1. Identify  account takeovers in real-time

Instantly identify a compromised user when they get redirected from a malicious site and force a password reset or limit their access immediately. Flag, hide, or verify compromised-account activity to prevent platform abuse.

2. Automatically take down the phishing site impersonating your brand

Bolster sends takedown notices to hosting providers the moment it identifies a       phishing site. This prevents one account takeover from turning into thousands.

Workflow to scan suspicious referral sites in web server logs

3. Block malicious infrastructure proactively

Bolster’s extensive and rich threat intelligence API can help identify malicious infrastructure based on the domains in your referral logs. This helps you take   additional proactive measures like blocking all traffic from such infrastructure

4. Easy to integrate
It is one of the lowest hanging fruits with very little lift. Scanning referral logs does not require involvement from the product teams unlike web agent integration on your site. You can easily use Bolster Phishing Detection APIs and start scanning suspicious url. Check out our API Document here