• Sublime Core Feed
Medium Severity

Open Redirect: Cartoon Network

Labels

Credential Phishing
Spam
Open redirect
Evasion
Content analysis
URL analysis

Description

This rule detects the use of Cartoon Network's Denmark domain as an open redirect.

References

No references.

Sublime Security
Created Jul 17th, 2024 • Last updated Mar 18th, 2025
Feed Source
Sublime Core Feed
Source
GitHub
type.inbound
and any(body.links,
        .href_url.domain.sld == 'cartoonnetwork'
         // it has to be www. - not hitting the www doesn't work
        and .href_url.domain.subdomain == 'www'
        // the path startswith a double //
        and strings.starts_with(.href_url.path, '//')
        // the path has to end in a trailing /
        and strings.ends_with(.href_url.path, '/')
 )
MQL Rule Console
DocsLearning Labs

Playground

Test against your own EMLs or sample data.

Share

Post about this on your socials.

Get Started. Today.

Managed or self-managed. No MX changes.

Get Started