Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Link to auto-downloaded file with Adobe branding | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-to-auto-downloaded-file-with-adobe-branding-e826c2cf | |
Link to auto-download of a suspicious file type (unsolicited) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-auto-download-of-a-suspicious-file-type-unsolicited-67ae2152 | |
Link to Google Apps Script macro (unsolicited) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-google-apps-script-macro-unsolicited-d10146df | |
Link to Google Apps Script macro via comment tagging | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-google-apps-script-macro-via-comment-tagging-66fecd30 | |
Link: Webflow link from unsolicited sender | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-webflow-link-from-unsolicited-sender-d4f3b8cf | |
Link: Zoho form link from unsolicited sender | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-zoho-form-link-from-unsolicited-sender-eb04a9f2 | |
Lookalike sender domain (untrusted sender) | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/lookalike-sender-domain-untrusted-sender-67721993 | |
Low reputation link to auto-downloaded HTML file with smuggling indicators | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/low-reputation-link-to-auto-downloaded-html-file-with-smuggling-indicators-339676c6 | |
MalwareBazaar: Malicious attachment hash in archive (trusted reporters) | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/malwarebazaar-malicious-attachment-hash-in-archive-trusted-reporters-9d734281 | |
MalwareBazaar: Malicious attachment hash (trusted reporters) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/malwarebazaar-malicious-attachment-hash-trusted-reporters-5b5c9c3e | |
Mass campaign: Cross Site Scripting (XSS) attempt | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/mass-campaign-cross-site-scripting-xss-attempt-6cbb7124 | |
Mass campaign: recipient address in subject, body, and link (untrusted sender) | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/mass-campaign-recipient-address-in-subject-body-and-link-untrusted-sender-599dabf5 | |
Message traversed multiple onmicrosoft.com tenants | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/message-traversed-multiple-onmicrosoftcom-tenants-9cf01c0d | |
Microsoft device code phishing | @ajpc500 | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/microsoft-device-code-phishing-61f3ae67 | |
Microsoft infrastructure abuse with suspicious patterns | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/microsoft-infrastructure-abuse-with-suspicious-patterns-cfe8e804 | |
Mismatched links: Free file share with urgent language | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/mismatched-links-free-file-share-with-urgent-language-478334c8 | |
New link domain (<=10d) from untrusted sender | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/new-link-domain-less10d-from-untrusted-sender-4805b0e6 | |
New sender domain (<=10d) from untrusted sender | Sublime Security | 2y ago Nov 20th, 2024 | /feeds/core/detection-rules/new-sender-domain-less10d-from-untrusted-sender-d87fa543 | |
Non-RFC compliant calendar files from unsolicited sender | Sublime Security | 3mo ago Oct 1st, 2025 | /feeds/core/detection-rules/non-rfc-compliant-calendar-files-from-unsolicited-sender-9859f100 | |
Notion suspicious file share | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/notion-suspicious-file-share-f7307929 | |
Open redirect: adnxs.com | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/open-redirect-adnxscom-7fc92916 | |
Open redirect: agena-smile.com | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-agena-smilecom-4a8ebce6 | |
Open redirect: amaterasu-for-website-5.com | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-amaterasu-for-website-5com-d31f7cb8 | |
Open redirect: api.spently.com | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-apispentlycom-69740e97 | |
Open redirect: Artisteer | Sublime Security | 8mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-artisteer-1f65eec3 | |
Open redirect: artkaderne | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-artkaderne-cc16a3f4 | |
Open Redirect: asemailmgmteu.com | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-asemailmgmteucom-368871ea | |
Open redirect: astroarts.co.jp | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-astroartscojp-6dd617af | |
Open redirect: Avast | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-avast-5f635658 | |
Open redirect: bananaguide.com | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/open-redirect-bananaguidecom-92fecf26 | |
Open redirect: bangkoksync.com | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/open-redirect-bangkoksynccom-e1449ccd | |
Open redirect: bestdeals.today | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-bestdealstoday-666de100 | |
Open redirect: Bitrix24 URL Path | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/open-redirect-bitrix24-url-path-e3c85e59 | |
Open redirect: BMW USA | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-bmw-usa-1bf4e69a | |
Open redirect: bubblelife.com | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-bubblelifecom-53c9b893 | |
Open redirect: buildingengines.com | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-buildingenginescom-93df711e | |
Open redirect: business.google.com website_shared URL Param | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-businessgooglecom-websiteshared-url-param-f146be73 | |
Open redirect: chkc.com.hk | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/open-redirect-chkccomhk-aa683479 | |
Open redirect: City of Calgary | Sublime Security | 8mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-city-of-calgary-00321858 | |
Open redirect: Club-OS | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-club-os-c6286914 | |
Open redirect: convertcart.com | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-convertcartcom-deab563d | |
Open redirect: Dell | Sublime Security | 8mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-dell-718c2b0f | |
Open redirect: designsori.com | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-designsoricom-4c38ff47 | |
Open redirect: documentmailbox.com | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-documentmailboxcom-9b2e9179 | |
Open redirect: Doubleclick.net | Sublime Security | 8mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-doubleclicknet-9c620146 | |
Open redirect: eaoko.org | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-eaokoorg-f8fd9912 | |
Open redirect: easycamp.com | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-easycampcom-f05d377d | |
Open redirect: embluemail.com | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/open-redirect-embluemailcom-48c5abd3 | |
Open redirect: emlakarsa | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-emlakarsa-ce5d5b63 | |
Open redirect: emp.eduyield.com | Sublime Security | 12d ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-empeduyieldcom-860e1381 |