Medium Severity
Open redirect: Avast
Description
Detects emails containing links to avast.com leveraging an open redirect
References
No references.
Sublime Security
Created Aug 17th, 2023 • Last updated Oct 4th, 2023
Feed Source
Sublime Core Feed
Source
type.inbound
and any(body.links,
.href_url.domain.root_domain == "avast.com"
and strings.contains(.href_url.query_params, "DisplayRedirectCustomPage")
)
and sender.email.domain.root_domain != "avast.com"
and (
not profile.by_sender().solicited
or (
profile.by_sender().any_messages_malicious_or_spam
and not profile.by_sender().any_false_positives
)
)
Playground
Test against your own EMLs or sample data.