Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Link: Google Firebase dynamic link that redirects to new domain (<7 days old) | @ajpc500 | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-google-firebase-dynamic-link-that-redirects-to-new-domain-less7-days-old-5a204a37 | |
Link: Google Forms link with credential theft language | Sublime Security | 8d ago Mar 2nd, 2026 | /feeds/core/detection-rules/link-google-forms-link-with-credential-theft-language-0cad40e2 | |
Link: Google Translate (unsolicited) | @ajpc500 | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-google-translate-unsolicited-6949e115 | |
Link: GoPhish query param values | Sublime Security | 2mo ago Jan 5th, 2026 | /feeds/core/detection-rules/link-gophish-query-param-values-6d2b9c8a | |
Link: Hotel booking spoofed display URL | Sublime Security | 21d ago Feb 17th, 2026 | /feeds/core/detection-rules/link-hotel-booking-spoofed-display-url-96deeec7 | |
Link: HR impersonation with suspicious domain indicators and credential theft | Sublime Security | 3mo ago Dec 3rd, 2025 | /feeds/core/detection-rules/link-hr-impersonation-with-suspicious-domain-indicators-and-credential-theft-f31f8831 | |
Link: HTML file with suspicious binary fragment ending pattern | Sublime Security | 1mo ago Jan 29th, 2026 | /feeds/core/detection-rules/link-html-file-with-suspicious-binary-fragment-ending-pattern-dc5e3700 | |
Link: /index.php enclosed in three asterisks | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-indexphp-enclosed-in-three-asterisks-aa4bbafc | |
Link: Intuit link abuse with file share context | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-intuit-link-abuse-with-file-share-context-cd15cc34 | |
Link: Invoice or receipt from freemail sender with customer service number | @vector_sec | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-invoice-or-receipt-from-freemail-sender-with-customer-service-number-3825232d | |
Link: IPFS | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-ipfs-19fa6442 | |
Link: IPv4-mapped IPv6 address obfuscation | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-ipv4-mapped-ipv6-address-obfuscation-caacf30c | |
Link: JavaScript obfuscation with Telegram bot integration | Sublime Security | 13d ago Feb 25th, 2026 | /feeds/core/detection-rules/link-javascript-obfuscation-with-telegram-bot-integration-032a4485 | |
Link: Jensi file preview link from unsolicited sender | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-jensi-file-preview-link-from-unsolicited-sender-122b39f3 | |
Link: Mamba 2FA phishing kit | Sublime Security | 1mo ago Jan 28th, 2026 | /feeds/core/detection-rules/link-mamba-2fa-phishing-kit-8d527c0f | |
Link: Microsoft Dynamics 365 form phishing | Sublime Security | 1mo ago Jan 27th, 2026 | /feeds/core/detection-rules/link-microsoft-dynamics-365-form-phishing-f72b9085 | |
Link: Microsoft impersonation using hosted png with suspicious link | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-microsoft-impersonation-using-hosted-png-with-suspicious-link-07c696d4 | |
Link: Microsoft protected message with matching sender and recipient addresses | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-microsoft-protected-message-with-matching-sender-and-recipient-addresses-a5a2f75d | |
Link: Mixed case HTTPS protocol | Sublime Security | 11h ago Mar 9th, 2026 | /feeds/core/detection-rules/link-mixed-case-https-protocol-f3424a81 | |
Link: Multiple HTTP protocols in single URL | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-multiple-http-protocols-in-single-url-92f9d241 | |
Link: Multistage landing - Abused Adobe Acrobat hosted PDF | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-multistage-landing-abused-adobe-acrobat-hosted-pdf-609081ef | |
Link: Multistage landing - Abused Adobe frame.io | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-abused-adobe-frameio-a6c457c5 | |
Link: Multistage Landing - Abused Buildin.ai | Sublime Security | 6mo ago Sep 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-abused-buildinai-e0a79ef5 | |
Link: Multistage landing - Abused Docusign | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-abused-docusign-4189a645 | |
Link: Multistage landing - Abused Google Drive | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-abused-google-drive-c86288b4 | |
Link: Multistage landing - ClickUp abuse | Sublime Security | 11d ago Feb 27th, 2026 | /feeds/core/detection-rules/link-multistage-landing-clickup-abuse-78a5d035 | |
Link: Multistage landing - FreshDesk knowledge base abuse | Sublime Security | 6mo ago Aug 21st, 2025 | /feeds/core/detection-rules/link-multistage-landing-freshdesk-knowledge-base-abuse-edd6acf7 | |
Link: Multistage landing - JotForm abuse | Sublime Security | 3mo ago Dec 1st, 2025 | /feeds/core/detection-rules/link-multistage-landing-jotform-abuse-5b64326f | |
Link: Multistage landing - Ludus presentation | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-ludus-presentation-a8b3c311 | |
Link: Multistage landing - Microsoft Forms abuse | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-multistage-landing-microsoft-forms-abuse-85a2cd12 | |
Link: Multistage landing - Published Google Doc | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-multistage-landing-published-google-doc-031e1ff8 | |
Link: Multistage landing - Scribd document | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-multistage-landing-scribd-document-afa9807d | |
Link: Multistage landing - Trello board abuse | Sublime Security | 6mo ago Aug 20th, 2025 | /feeds/core/detection-rules/link-multistage-landing-trello-board-abuse-14a5b23a | |
Link: MyActiveCampaign Link Abuse | Sublime Security | 6mo ago Aug 20th, 2025 | /feeds/core/detection-rules/link-myactivecampaign-link-abuse-f5b91ce5 | |
Link: Obfuscation via userinfo with excessive URL padding | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-obfuscation-via-userinfo-with-excessive-url-padding-806317a3 | |
Link: .onion From Unsolicited Sender | Sublime Security | 7mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-onion-from-unsolicited-sender-9ac0fc83 | |
Link: PDF and financial display text to free file host | Sublime Security | 5mo ago Sep 24th, 2025 | /feeds/core/detection-rules/link-pdf-and-financial-display-text-to-free-file-host-b010740b | |
Link: PDF filename impersonation with credential theft language | Sublime Security | 26d ago Feb 12th, 2026 | /feeds/core/detection-rules/link-pdf-filename-impersonation-with-credential-theft-language-05931513 | |
Link: Personal SharePoint with invalid recipients and credential theft language | Sublime Security | 1mo ago Jan 23rd, 2026 | /feeds/core/detection-rules/link-personal-sharepoint-with-invalid-recipients-and-credential-theft-language-79d5403d | |
Link: QR code with phishing disposition in img or pdf | Sublime Security | 7mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-qr-code-with-phishing-disposition-in-img-or-pdf-8e8949f6 | |
Link: QR Code with suspicious language (untrusted sender) | Sublime Security | 7mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-qr-code-with-suspicious-language-untrusted-sender-25a84d1c | |
Link: QuickBooks image lure with suspicious link | Sublime Security | 7mo ago Jul 23rd, 2025 | /feeds/core/detection-rules/link-quickbooks-image-lure-with-suspicious-link-3826a923 | |
Link: Recipient domain in URL path | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-recipient-domain-in-url-path-de08731f | |
Link: Recipient email address in 'eta' parameter | Sublime Security | 1mo ago Jan 27th, 2026 | /feeds/core/detection-rules/link-recipient-email-address-in-eta-parameter-d24e42a2 | |
Link: Referrer anonymization service from untrusted sender | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-referrer-anonymization-service-from-untrusted-sender-9fab2e1e | |
Link: Romance/Sexual Language With Suspicious Link | Sublime Security | 6mo ago Aug 22nd, 2025 | /feeds/core/detection-rules/link-romancesexual-language-with-suspicious-link-d5694cae | |
Link: ScreenConnect installer with suspicious relay domain | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-screenconnect-installer-with-suspicious-relay-domain-37d21eef | |
Link: Scribd fullscreen link from suspicious sender | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-scribd-fullscreen-link-from-suspicious-sender-9e9bc972 | |
Link: Self-sender with sender org in subject and credential theft indicator | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-self-sender-with-sender-org-in-subject-and-credential-theft-indicator-bfa9aa08 | |
Link: Self-sent message with quarterly document review request | Sublime Security | 1mo ago Jan 21st, 2026 | /feeds/core/detection-rules/link-self-sent-message-with-quarterly-document-review-request-3c42cec6 |