Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Impersonation: Suspected supplier impersonation with suspicious content | Sublime Security | 11mo ago Feb 3rd, 2025 | /feeds/core/detection-rules/impersonation-suspected-supplier-impersonation-with-suspicious-content-63d8b1ce | |
Inline image as message with attachment or link | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/inline-image-as-message-with-attachment-or-link-823d7107 | |
Issuu document with suspicious embedded link | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/issuu-document-with-suspicious-embedded-link-0d73f43d | |
Link: Abused Adobe Express | Sublime Security | 6mo ago Jul 23rd, 2025 | /feeds/core/detection-rules/link-abused-adobe-express-c7d17bfd | |
Link abuse: Self-service creation platform link with suspicious recipient behavior | Sublime Security | 1mo ago Dec 2nd, 2025 | /feeds/core/detection-rules/link-abuse-self-service-creation-platform-link-with-suspicious-recipient-behavior-384ad135 | |
Link: Adobe share with suspicious indicators | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-adobe-share-with-suspicious-indicators-b33cae80 | |
Link: Apple App Store malicious ad manager themed apps from free email provider | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-apple-app-store-malicious-ad-manager-themed-apps-from-free-email-provider-9ce402c6 | |
Link: Apple TestFlight from free email provider | Sublime Security | 3mo ago Oct 17th, 2025 | /feeds/core/detection-rules/link-apple-testflight-from-free-email-provider-9b447f1f | |
Link: Base64 encoded recipient address in URL fragment with subject hash | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-base64-encoded-recipient-address-in-url-fragment-with-subject-hash-eb9694b8 | |
Link: Breely link masquerading as PDF | Sublime Security | 7d ago Jan 16th, 2026 | /feeds/core/detection-rules/link-breely-link-masquerading-as-pdf-4a498c21 | |
Link: chatbot.page platform abuse | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-chatbotpage-platform-abuse-bfd6a076 | |
Link: Common hidden directory observed | Sublime Security | 10d ago Jan 13th, 2026 | /feeds/core/detection-rules/link-common-hidden-directory-observed-9f316da6 | |
Link: Credential phishing traversing Russian infrastructure | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-credential-phishing-traversing-russian-infrastructure-a5203e3b | |
Link: Credential phishing via WordPress | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-credential-phishing-via-wordpress-db696058 | |
Link: Cryptocurrency fraud with suspicious links | Sublime Security | 1mo ago Dec 1st, 2025 | /feeds/core/detection-rules/link-cryptocurrency-fraud-with-suspicious-links-d0da37ce | |
Link: CVE-2024-21413 Microsoft Outlook Remote Code Execution Vulnerability | Sublime Security | 2y ago Feb 15th, 2024 | /feeds/core/detection-rules/link-cve-2024-21413-microsoft-outlook-remote-code-execution-vulnerability-e8151426 | |
Link: Direct link to gamma.app document with mode parameter | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-direct-link-to-gammaapp-document-with-mode-parameter-080ab581 | |
Link: Direct link to keap.app contact-us page | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-direct-link-to-keapapp-contact-us-page-a7a69267 | |
Link: Direct link to limewire hosted file | Sublime Security | 5mo ago Aug 18th, 2025 | /feeds/core/detection-rules/link-direct-link-to-limewire-hosted-file-70840d00 | |
Link: Direct link to riddle.com hosted showcase | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-direct-link-to-riddlecom-hosted-showcase-cca7d2f5 | |
Link: Direct link to Zoom Docs from non-Zoom sender | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-direct-link-to-zoom-docs-from-non-zoom-sender-5c6362db | |
Link: Direct POWR.io Form Builder with suspicious patterns | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-direct-powrio-form-builder-with-suspicious-patterns-fd37cc93 | |
Link: Display text matches subject line | Sublime Security | 2mo ago Nov 14th, 2025 | /feeds/core/detection-rules/link-display-text-matches-subject-line-ba722cf0 | |
Link: Display text with excessive right-to-left mark characters | Sublime Security | 2d ago Jan 21st, 2026 | /feeds/core/detection-rules/link-display-text-with-excessive-right-to-left-mark-characters-a45cfd4c | |
Link: Excessive URL rewrite encoders | Sublime Security | 2d ago Jan 21st, 2026 | /feeds/core/detection-rules/link-excessive-url-rewrite-encoders-b88e53a7 | |
Link: Executable file download with suspicious message content | Sublime Security | 3mo ago Oct 16th, 2025 | /feeds/core/detection-rules/link-executable-file-download-with-suspicious-message-content-ce9a4926 | |
Link: Figma design deck with credential theft language | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-figma-design-deck-with-credential-theft-language-87601924 | |
Link: File sharing impersonation with suspicious language and sending patterns | Sublime Security | 2mo ago Oct 31st, 2025 | /feeds/core/detection-rules/link-file-sharing-impersonation-with-suspicious-language-and-sending-patterns-d3363041 | |
Link: File sharing pretext with suspicious body and link | Sublime Security | 3mo ago Oct 10th, 2025 | /feeds/core/detection-rules/link-file-sharing-pretext-with-suspicious-body-and-link-c5718a8e | |
Link: Flagged bit.ly link | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-flagged-bitly-link-1528eb6c | |
Link: Free file hosting with undisclosed recipients | Sublime Security | 4mo ago Sep 11th, 2025 | /feeds/core/detection-rules/link-free-file-hosting-with-undisclosed-recipients-b6281306 | |
Link: Free subdomain host with undisclosed recipients | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-free-subdomain-host-with-undisclosed-recipients-c23d979d | |
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender | Sublime Security | 6mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-google-calendar-invite-linking-to-an-open-redirect-from-an-untrusted-freemail-sender-bb4f1ea9 | |
Link: Google Firebase dynamic link that redirects to new domain (<7 days old) | @ajpc500 | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-google-firebase-dynamic-link-that-redirects-to-new-domain-less7-days-old-5a204a37 | |
Link: Google Translate (unsolicited) | @ajpc500 | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-google-translate-unsolicited-6949e115 | |
Link: GoPhish query param values | Sublime Security | 18d ago Jan 5th, 2026 | /feeds/core/detection-rules/link-gophish-query-param-values-6d2b9c8a | |
Link: HR impersonation with suspicious domain indicators and credential theft | Sublime Security | 1mo ago Dec 3rd, 2025 | /feeds/core/detection-rules/link-hr-impersonation-with-suspicious-domain-indicators-and-credential-theft-f31f8831 | |
Link: /index.php enclosed in three asterisks | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-indexphp-enclosed-in-three-asterisks-aa4bbafc | |
Link: Intuit link abuse with file share context | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-intuit-link-abuse-with-file-share-context-cd15cc34 | |
Link: Invoice or receipt from freemail sender with customer service number | @vector_sec | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-invoice-or-receipt-from-freemail-sender-with-customer-service-number-3825232d | |
Link: IPFS | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-ipfs-19fa6442 | |
Link: IPv4-mapped IPv6 address obfuscation | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-ipv4-mapped-ipv6-address-obfuscation-caacf30c | |
Link: Jensi file preview link from unsolicited sender | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-jensi-file-preview-link-from-unsolicited-sender-122b39f3 | |
Link: Mamba 2FA phishing kit | Sublime Security | 1mo ago Dec 16th, 2025 | /feeds/core/detection-rules/link-mamba-2fa-phishing-kit-8d527c0f | |
Link: Microsoft Dynamics 365 form phishing | Sublime Security | 1mo ago Dec 5th, 2025 | /feeds/core/detection-rules/link-microsoft-dynamics-365-form-phishing-f72b9085 | |
Link: Microsoft impersonation using hosted png with suspicious link | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-microsoft-impersonation-using-hosted-png-with-suspicious-link-07c696d4 | |
Link: Microsoft protected message with matching sender and recipient addresses | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-microsoft-protected-message-with-matching-sender-and-recipient-addresses-a5a2f75d | |
Link: Multiple HTTP protocols in single URL | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-multiple-http-protocols-in-single-url-92f9d241 | |
Link: Multistage landing - Abused Adobe Acrobat hosted PDF | Sublime Security | 11d ago Jan 12th, 2026 | /feeds/core/detection-rules/link-multistage-landing-abused-adobe-acrobat-hosted-pdf-609081ef | |
Link: Multistage landing - Abused Adobe frame.io | Sublime Security | 5mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-abused-adobe-frameio-a6c457c5 |