Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Service abuse: SurveyMonkey survey from newly registered domain | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-surveymonkey-survey-from-newly-registered-domain-50a85fa7 | |
Service abuse: Suspicious Zoom Docs link | Sublime Security | 3mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/service-abuse-suspicious-zoom-docs-link-064b2594 | |
Service abuse: Task management message sent via SendGrid | Sublime Security | 5mo ago Oct 6th, 2025 | /feeds/core/detection-rules/service-abuse-task-management-message-sent-via-sendgrid-568a63f5 | |
Service abuse: Trello board invitation with VIP impersonation | Sublime Security | 1mo ago Feb 3rd, 2026 | /feeds/core/detection-rules/service-abuse-trello-board-invitation-with-vip-impersonation-fedfc94b | |
Service abuse: Vimeo with external plain-text links in message | Sublime Security | 4d ago Mar 6th, 2026 | /feeds/core/detection-rules/service-abuse-vimeo-with-external-plain-text-links-in-message-ba94ae6b | |
Service abuse: WeTransfer callback scam | Sublime Security | 1mo ago Jan 30th, 2026 | /feeds/core/detection-rules/service-abuse-wetransfer-callback-scam-c60c8650 | |
Service abuse: Wix redirect through bulk mailer domains | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/service-abuse-wix-redirect-through-bulk-mailer-domains-60af216d | |
Sharepoint link likely unrelated to sender | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/sharepoint-link-likely-unrelated-to-sender-6870f489 | |
Sharepoint online with external recipients and external display name | @vector_sec | 3y ago Aug 17th, 2023 | /feeds/core/detection-rules/sharepoint-online-with-external-recipients-and-external-display-name-5579bb4b | |
Spam: Attendee list solicitation | Sublime Security | 6mo ago Aug 29th, 2025 | /feeds/core/detection-rules/spam-attendee-list-solicitation-69715b62 | |
Spam: Campaign with excessive space/char obfuscation and free file hosted link | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/spam-campaign-with-excessive-spacechar-obfuscation-and-free-file-hosted-link-122bc0ca | |
Spam: Commonly observed formatting of unauthorized free giveaways | Sublime Security | 1mo ago Jan 14th, 2026 | /feeds/core/detection-rules/spam-commonly-observed-formatting-of-unauthorized-free-giveaways-8bc49fa3 | |
Spam: Default Microsoft Exchange Online sender domain (onmicrosoft.com) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/spam-default-microsoft-exchange-online-sender-domain-onmicrosoftcom-3f2a64ce | |
Spam: Fake dating profile notification | Sublime Security | 3mo ago Dec 3rd, 2025 | /feeds/core/detection-rules/spam-fake-dating-profile-notification-0f33fea2 | |
Spam: Fake photo share | Sublime Security | 4mo ago Nov 8th, 2025 | /feeds/core/detection-rules/spam-fake-photo-share-eb086f7d | |
Spam: Firebase password reset from suspicious sender | Sublime Security | 3mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/spam-firebase-password-reset-from-suspicious-sender-a2f673a9 | |
Spam/fraud: Predatory journal/research paper request | Sublime Security | 4mo ago Nov 3rd, 2025 | /feeds/core/detection-rules/spamfraud-predatory-journalresearch-paper-request-263ca56b | |
Spam: Ghostwriting services scam with manipulative language | Sublime Security | 4mo ago Oct 17th, 2025 | /feeds/core/detection-rules/spam-ghostwriting-services-scam-with-manipulative-language-b747c3ea | |
Spam: Item giveaway spam template | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/spam-item-giveaway-spam-template-06a5f93b | |
Spam: Link to blob.core.windows.net from new domain (<30d) | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/spam-link-to-blobcorewindowsnet-from-new-domain-less30d-a09b3800 | |
Spam: Mastercard promotional content with image-based body | Sublime Security | 4mo ago Nov 5th, 2025 | /feeds/core/detection-rules/spam-mastercard-promotional-content-with-image-based-body-5f2cb559 | |
Spam: New job cold outreach from unsolicited sender | Sublime Security | 5mo ago Sep 29th, 2025 | /feeds/core/detection-rules/spam-new-job-cold-outreach-from-unsolicited-sender-ec39b789 | |
Spam: New link domain (<=10d) and emojis | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/spam-new-link-domain-less10d-and-emojis-33677993 | |
Spam: Sendersrv.com with financial communications and unsubscribe language | Sublime Security | 14d ago Feb 24th, 2026 | /feeds/core/detection-rules/spam-sendersrvcom-with-financial-communications-and-unsubscribe-language-69570820 | |
Spam: Sexually explicit content with emoji in subject from freemail provider | Sublime Security | 1h ago Mar 10th, 2026 | /feeds/core/detection-rules/spam-sexually-explicit-content-with-emoji-in-subject-from-freemail-provider-4a2326d4 | |
Spam: Sexually explicit Google Drive share | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/spam-sexually-explicit-google-drive-share-3f951c06 | |
Spam: Sexually explicit Google group invitation | Sublime Security | 3mo ago Nov 12th, 2025 | /feeds/core/detection-rules/spam-sexually-explicit-google-group-invitation-4e0bec29 | |
Spam: Sexually explicit Looker Studio report | Sublime Security | 5mo ago Oct 2nd, 2025 | /feeds/core/detection-rules/spam-sexually-explicit-looker-studio-report-f1e649cd | |
Spam: Single recipient duplicated in cc | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/spam-single-recipient-duplicated-in-cc-387cacc9 | |
Spam: Unsolicited malformed PDF | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/spam-unsolicited-malformed-pdf-f0c50031 | |
Spam: Unsolicited WordPress account creation or password reset request | Sublime Security | 3mo ago Nov 24th, 2025 | /feeds/core/detection-rules/spam-unsolicited-wordpress-account-creation-or-password-reset-request-e182b6b2 | |
Spam: URL shortener with short body content and emojis | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/spam-url-shortener-with-short-body-content-and-emojis-b7797e4c | |
Spam: Website errors solicitation | Sublime Security | 2mo ago Dec 11th, 2025 | /feeds/core/detection-rules/spam-website-errors-solicitation-122ea794 | |
Spoofable internal domain with suspicious signals | Sublime Security | 7mo ago Jul 23rd, 2025 | /feeds/core/detection-rules/spoofable-internal-domain-with-suspicious-signals-40089d69 | |
Subject and sender display name contains matching long alphanumeric string | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/subject-and-sender-display-name-contains-matching-long-alphanumeric-string-a8a0c831 | |
Suspected cross-site scripting (XSS) found in subject | Sublime Security | 6mo ago Sep 4th, 2025 | /feeds/core/detection-rules/suspected-cross-site-scripting-xss-found-in-subject-8a946cfa | |
Suspected lookalike domain with suspicious language | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspected-lookalike-domain-with-suspicious-language-3674ced0 | |
Suspected WordPress abuse with cross-site scripting (XSS) indicators | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/suspected-wordpress-abuse-with-cross-site-scripting-xss-indicators-9c21225b | |
Suspicious attachment with unscannable Cloudflare link | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f | |
Suspicious display name: Gmail sender with engaging language | Sublime Security | 4d ago Mar 6th, 2026 | /feeds/core/detection-rules/suspicious-display-name-gmail-sender-with-engaging-language-82ca0ff1 | |
Suspicious DocuSign share from new domain | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/suspicious-docusign-share-from-new-domain-d430a1f3 | |
Suspicious invoice reference with missing or image-only attachments | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-invoice-reference-with-missing-or-image-only-attachments-466c1680 | |
Suspicious Links to Cloudflare R2 and Edge Services | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-links-to-cloudflare-r2-and-edge-services-5dd3e5c8 | |
Suspicious link to Looker Studio (lookerstudio.google.com) from a new and unsolicited sender | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-link-to-looker-studio-lookerstudiogooglecom-from-a-new-and-unsolicited-sender-dbb50cb4 | |
Suspicious message with unscannable Cloudflare link | Sublime Security | 5mo ago Sep 22nd, 2025 | /feeds/core/detection-rules/suspicious-message-with-unscannable-cloudflare-link-70ea21f9 | |
Suspicious message with unscannable Vercel link | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-message-with-unscannable-vercel-link-b5acffe7 | |
Suspicious newly registered reply-to domain with engaging financial or urgent language | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-newly-registered-reply-to-domain-with-engaging-financial-or-urgent-language-db4d9bb3 | |
Suspicious recipient pattern and language with low reputation link to login | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/suspicious-recipient-pattern-and-language-with-low-reputation-link-to-login-a8ea0402 | |
Suspicious request for financial information | Sublime Security | 3mo ago Dec 6th, 2025 | /feeds/core/detection-rules/suspicious-request-for-financial-information-4ebdaa4d | |
Suspicious sender display name with long procedurally generated text blob | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-sender-display-name-with-long-procedurally-generated-text-blob-2a40b043 |