Medium Severity
Link: Scribd Fullscreen Link From Suspicious Sender
Description
Detects messages containing Scribd links with the fullscreen parameter from senders with no prior benign communication or recent history.
References
No references.
Sublime Security
Created May 14th, 2025 • Last updated May 14th, 2025
Feed Source
Sublime Core Feed
Source
type.inbound
and length(body.links) < 10
and any(body.links,
(
.href_url.domain.root_domain == "scribd.com"
or strings.icontains(.href_url.query_params, 'scribd.com')
or strings.icontains(.href_url.query_params, 'scribd%2ecom')
or strings.icontains(.href_url.query_params, 'scribd%252ecom')
)
and strings.icontains(.href_url.fragment, 'fullscreen')
)
and not profile.by_sender_email().any_messages_benign
Playground
Test against your own EMLs or sample data.