Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Google Drive abuse: Credential phishing link | Sublime Security | 2y ago Jul 31st, 2024 | /feeds/core/detection-rules/google-drive-abuse-credential-phishing-link-c74aece0 | |
Google Drive direct download link from unsolicited sender | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/google-drive-direct-download-link-from-unsolicited-sender-78a19343 | |
Google Notification alert link from non-Google sender | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/google-notification-alert-link-from-non-google-sender-a1c1acfd | |
Google presentation open redirect phishing | Sublime Security | 2mo ago Dec 11th, 2025 | /feeds/core/detection-rules/google-presentation-open-redirect-phishing-5d01ee3a | |
Google services using g.co shortlinks | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/google-services-using-gco-shortlinks-09ff8a73 | |
Image as content with a link to an open redirect (unsolicited) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/image-as-content-with-a-link-to-an-open-redirect-unsolicited-f5cec36b | |
Impersonation: Chrome Web Store policy | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/impersonation-chrome-web-store-policy-4a98f283 | |
Impersonation: Salesforce fake campaign failure notification | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/impersonation-salesforce-fake-campaign-failure-notification-d66000ca | |
Impersonation: Social Security Administration (SSA) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/impersonation-social-security-administration-ssa-6196767e | |
Impersonation: Suspected supplier impersonation with suspicious content | Sublime Security | 1y ago Feb 3rd, 2025 | /feeds/core/detection-rules/impersonation-suspected-supplier-impersonation-with-suspicious-content-63d8b1ce | |
Inline image as message with attachment or link | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/inline-image-as-message-with-attachment-or-link-823d7107 | |
Issuu document with suspicious embedded link | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/issuu-document-with-suspicious-embedded-link-0d73f43d | |
Link: 9WOLF phishkit initial landing URI | Sublime Security | 1mo ago Jan 30th, 2026 | /feeds/core/detection-rules/link-9wolf-phishkit-initial-landing-uri-a165e206 | |
Link: Abused Adobe Express | Sublime Security | 7mo ago Jul 23rd, 2025 | /feeds/core/detection-rules/link-abused-adobe-express-c7d17bfd | |
Link abuse: Self-service creation platform link with suspicious recipient behavior | Sublime Security | 3mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/link-abuse-self-service-creation-platform-link-with-suspicious-recipient-behavior-384ad135 | |
Link: Adobe share with suspicious indicators | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-adobe-share-with-suspicious-indicators-b33cae80 | |
Link: Apple App Store link to apps impersonating AI adveristing | Sublime Security | 5d ago Mar 5th, 2026 | /feeds/core/detection-rules/link-apple-app-store-link-to-apps-impersonating-ai-adveristing-19b556e6 | |
Link: Apple App Store malicious ad manager themed apps from free email provider | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-apple-app-store-malicious-ad-manager-themed-apps-from-free-email-provider-9ce402c6 | |
Link: Apple TestFlight from free email provider | Sublime Security | 4mo ago Oct 17th, 2025 | /feeds/core/detection-rules/link-apple-testflight-from-free-email-provider-9b447f1f | |
Link: Base64 encoded recipient address in URL fragment with hex subdomain | Sublime Security | 1mo ago Jan 29th, 2026 | /feeds/core/detection-rules/link-base64-encoded-recipient-address-in-url-fragment-with-hex-subdomain-781e86ae | |
Link: Base64 encoded recipient address in URL fragment with subject hash | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-base64-encoded-recipient-address-in-url-fragment-with-subject-hash-eb9694b8 | |
Link: Blogspot hosting explicit romance content | Sublime Security | 13h ago Mar 9th, 2026 | /feeds/core/detection-rules/link-blogspot-hosting-explicit-romance-content-132e88c5 | |
Link: Breely link masquerading as PDF | Sublime Security | 1mo ago Jan 16th, 2026 | /feeds/core/detection-rules/link-breely-link-masquerading-as-pdf-4a498c21 | |
Link: chatbot.page platform abuse | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-chatbotpage-platform-abuse-bfd6a076 | |
Link: Common hidden directory observed | Sublime Security | 1mo ago Feb 3rd, 2026 | /feeds/core/detection-rules/link-common-hidden-directory-observed-9f316da6 | |
Link: Credential phishing traversing Russian infrastructure | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-credential-phishing-traversing-russian-infrastructure-a5203e3b | |
Link: Credential phishing via WordPress | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-credential-phishing-via-wordpress-db696058 | |
Link: Credential theft with invisible Unicode character in page title from unsolicited sender | Sublime Security | 25d ago Feb 13th, 2026 | /feeds/core/detection-rules/link-credential-theft-with-invisible-unicode-character-in-page-title-from-unsolicited-sender-5fe14d53 | |
Link: Cryptocurrency fraud with suspicious links | Sublime Security | 3mo ago Dec 1st, 2025 | /feeds/core/detection-rules/link-cryptocurrency-fraud-with-suspicious-links-d0da37ce | |
Link: CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability | Sublime Security | 2y ago Feb 15th, 2024 | /feeds/core/detection-rules/link-cve-2024-21413-microsoft-outlook-remote-code-execution-vulnerability-e8151426 | |
Link: Direct download of executable file | Sublime Security | 8d ago Mar 2nd, 2026 | /feeds/core/detection-rules/link-direct-download-of-executable-file-dbbfd077 | |
Link: Direct link to gamma.app document with mode parameter | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-direct-link-to-gammaapp-document-with-mode-parameter-080ab581 | |
Link: Direct link to keap.app contact-us page | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-direct-link-to-keapapp-contact-us-page-a7a69267 | |
Link: Direct link to limewire hosted file | Sublime Security | 6mo ago Aug 18th, 2025 | /feeds/core/detection-rules/link-direct-link-to-limewire-hosted-file-70840d00 | |
Link: Direct link to riddle.com hosted showcase | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-direct-link-to-riddlecom-hosted-showcase-cca7d2f5 | |
Link: Direct link to Zoom Docs from non-Zoom sender | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-direct-link-to-zoom-docs-from-non-zoom-sender-5c6362db | |
Link: Direct MSI download from low reputation domain | Sublime Security | 19d ago Feb 19th, 2026 | /feeds/core/detection-rules/link-direct-msi-download-from-low-reputation-domain-1eb77537 | |
Link: Direct POWR.io Form Builder with suspicious patterns | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-direct-powrio-form-builder-with-suspicious-patterns-fd37cc93 | |
Link: Display text matches subject line | Sublime Security | 3mo ago Nov 14th, 2025 | /feeds/core/detection-rules/link-display-text-matches-subject-line-ba722cf0 | |
Link: Display text with excessive right-to-left mark characters | Sublime Security | 1mo ago Jan 21st, 2026 | /feeds/core/detection-rules/link-display-text-with-excessive-right-to-left-mark-characters-a45cfd4c | |
Link: Excessive URL rewrite encoders | Sublime Security | 1mo ago Jan 21st, 2026 | /feeds/core/detection-rules/link-excessive-url-rewrite-encoders-b88e53a7 | |
Link: Executable file download with suspicious message content | Sublime Security | 4mo ago Oct 16th, 2025 | /feeds/core/detection-rules/link-executable-file-download-with-suspicious-message-content-ce9a4926 | |
Link: Figma design deck with credential theft language | Sublime Security | 6d ago Mar 4th, 2026 | /feeds/core/detection-rules/link-figma-design-deck-with-credential-theft-language-87601924 | |
Link: File sharing impersonation with suspicious language and sending patterns | Sublime Security | 4mo ago Oct 31st, 2025 | /feeds/core/detection-rules/link-file-sharing-impersonation-with-suspicious-language-and-sending-patterns-d3363041 | |
Link: File sharing pretext with suspicious body and link | Sublime Security | 5mo ago Oct 10th, 2025 | /feeds/core/detection-rules/link-file-sharing-pretext-with-suspicious-body-and-link-c5718a8e | |
Link: Flagged bit.ly link | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-flagged-bitly-link-1528eb6c | |
Link: Free file hosting with undisclosed recipients | Sublime Security | 15d ago Feb 23rd, 2026 | /feeds/core/detection-rules/link-free-file-hosting-with-undisclosed-recipients-b6281306 | |
Link: Free subdomain host with undisclosed recipients | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-free-subdomain-host-with-undisclosed-recipients-c23d979d | |
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-google-calendar-invite-linking-to-an-open-redirect-from-an-untrusted-freemail-sender-bb4f1ea9 | |
Link: Google Drawings link from new sender | Sublime Security | 12h ago Mar 9th, 2026 | /feeds/core/detection-rules/link-google-drawings-link-from-new-sender-fb91c892 |