• Sublime Core Feed
Low Severity

Open redirect: McGill University

Labels

Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis

Description

Message contains use of McGill University's open redirect but the sender is not McGill University.

References

No references.

Sublime Security
Created Aug 17th, 2023 • Last updated Aug 21st, 2023
Feed Source
Sublime Core Feed
Source
GitHub
type.inbound
and any(body.links,
        .href_url.domain.domain == 'myalumni.mcgill.ca' and .href_url.path =~ '/redirect.aspx'
)
and any(body.links, strings.ilike(.href_url.query_params, '*tokenUrl=*'))
and sender.email.domain.root_domain != 'mcgill.ca'
MQL Rule Console
DocsLearning Labs

Playground

Test against your own EMLs or sample data.

Share

Post about this on your socials.

Get Started. Today.

Managed or self-managed. No MX changes.

Get Started