High Severity
Service Abuse: Google Account Notification with Links to Free File Host
Description
Detects messages impersonating Google Accounts that contain links redirecting to known file hosting services
References
Sublime Security
Created Apr 16th, 2025 • Last updated Apr 16th, 2025
Feed Source
Sublime Core Feed
Source
type.inbound
and sender.email.email == "no-reply@accounts.google.com"
and any(body.links, .href_url.domain.domain in $free_file_hosts)
Playground
Test against your own EMLs or sample data.