Open redirect: Avast

calendar Jan 12, 2026  ยท
Share on: linkedin copy

Detects emails containing links to avast.com leveraging an open redirect

Sublime rule (View on GitHub)

 1name: "Open redirect: Avast"
 2description: "Detects emails containing links to avast.com leveraging an open redirect"
 3type: "rule"
 4severity: "medium"
 5source: |
 6  type.inbound
 7  and any(body.links,
 8          .href_url.domain.root_domain == "avast.com"
 9          and strings.contains(.href_url.query_params,
10                               "DisplayRedirectCustomPage"
11          )
12  )
13  and sender.email.domain.root_domain != "avast.com"
14  and (
15    not profile.by_sender().solicited
16    or (
17      profile.by_sender().any_messages_malicious_or_spam
18      and not profile.by_sender().any_messages_benign
19    )
20  )  
21attack_types:
22  - "Credential Phishing"
23  - "Malware/Ransomware"
24tactics_and_techniques:
25  - "Open redirect"
26detection_methods:
27  - "Sender analysis"
28  - "URL analysis"
29id: "5f635658-19be-5112-a47b-f8c9bd271999"
to-top