URL with Unicode U+2044 (⁄) or U+2215 (∕) characters

calendar Jan 12, 2026  ·
Share on: linkedin copy

Body of the message, or any links, contain the Unicode U+2044 (⁄) or U+2215 (∕) characters inside a URL.

Sublime rule (View on GitHub)

 1name: "URL with Unicode U+2044 (⁄) or U+2215 (∕) characters"
 2description: |
 3    Body of the message, or any links, contain the Unicode U+2044 (⁄) or U+2215 (∕) characters inside a URL.
 4type: "rule"
 5severity: "low"
 6authors:
 7  - twitter: "delivr_to"
 8references:
 9  - https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5
10source: |
11  type.inbound
12  and (
13    regex.icontains(body.plain.raw,
14                    'https?:\/\/[^\s⁄∕]+(?:\/[^\s⁄∕]+)*[⁄∕][^\s⁄∕]+'
15    )
16    or any(body.links,
17           regex.icontains(.href_url.url,
18                           'https?:\/\/[^\s⁄∕]+(?:\/[^\s⁄∕]+)*[⁄∕][^\s⁄∕]+'
19           )
20    )
21  )  
22attack_types:
23  - "Credential Phishing"
24tactics_and_techniques:
25  - "Evasion"
26  - "Social engineering"
27detection_methods:
28  - "Content analysis"
29  - "URL analysis"
30id: "12069f5b-a774-53ba-8473-633291f71e84"
to-top