Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Link: Multistage landing - Trello board abuse | Sublime Security | 6mo ago Aug 20th, 2025 | /feeds/core/detection-rules/link-multistage-landing-trello-board-abuse-14a5b23a | |
Link: MyActiveCampaign Link Abuse | Sublime Security | 6mo ago Aug 20th, 2025 | /feeds/core/detection-rules/link-myactivecampaign-link-abuse-f5b91ce5 | |
Link: .onion From Unsolicited Sender | Sublime Security | 7mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-onion-from-unsolicited-sender-9ac0fc83 | |
Link: PDF and financial display text to free file host | Sublime Security | 5mo ago Sep 24th, 2025 | /feeds/core/detection-rules/link-pdf-and-financial-display-text-to-free-file-host-b010740b | |
Link: PDF filename impersonation with credential theft language | Sublime Security | 26d ago Feb 12th, 2026 | /feeds/core/detection-rules/link-pdf-filename-impersonation-with-credential-theft-language-05931513 | |
Link: Personal SharePoint with invalid recipients and credential theft language | Sublime Security | 1mo ago Jan 23rd, 2026 | /feeds/core/detection-rules/link-personal-sharepoint-with-invalid-recipients-and-credential-theft-language-79d5403d | |
Link: QR code with phishing disposition in img or pdf | Sublime Security | 7mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-qr-code-with-phishing-disposition-in-img-or-pdf-8e8949f6 | |
Link: QR Code with suspicious language (untrusted sender) | Sublime Security | 7mo ago Jul 30th, 2025 | /feeds/core/detection-rules/link-qr-code-with-suspicious-language-untrusted-sender-25a84d1c | |
Link: QuickBooks image lure with suspicious link | Sublime Security | 7mo ago Jul 23rd, 2025 | /feeds/core/detection-rules/link-quickbooks-image-lure-with-suspicious-link-3826a923 | |
Link: Recipient email address in 'eta' parameter | Sublime Security | 1mo ago Jan 27th, 2026 | /feeds/core/detection-rules/link-recipient-email-address-in-eta-parameter-d24e42a2 | |
Link: Romance/Sexual Language With Suspicious Link | Sublime Security | 6mo ago Aug 22nd, 2025 | /feeds/core/detection-rules/link-romancesexual-language-with-suspicious-link-d5694cae | |
Link: ScreenConnect installer with suspicious relay domain | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-screenconnect-installer-with-suspicious-relay-domain-37d21eef | |
Link: Scribd fullscreen link from suspicious sender | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-scribd-fullscreen-link-from-suspicious-sender-9e9bc972 | |
Link: Self-sender with sender org in subject and credential theft indicator | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-self-sender-with-sender-org-in-subject-and-credential-theft-indicator-bfa9aa08 | |
Link: Self-sent message with quarterly document review request | Sublime Security | 1mo ago Jan 21st, 2026 | /feeds/core/detection-rules/link-self-sent-message-with-quarterly-document-review-request-3c42cec6 | |
Link: SharePoint filename matches org name | Sublime Security | 1mo ago Feb 6th, 2026 | /feeds/core/detection-rules/link-sharepoint-filename-matches-org-name-cb954726 | |
Link: Squarespace infrastructure abuse | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-squarespace-infrastructure-abuse-a8fe9d30 | |
Link: Suspicious go.php redirect with document lure | Sublime Security | 1mo ago Feb 6th, 2026 | /feeds/core/detection-rules/link-suspicious-gophp-redirect-with-document-lure-f3d8c227 | |
Link: Suspicious URL with recipient targeting and special characters | Sublime Security | 17d ago Feb 21st, 2026 | /feeds/core/detection-rules/link-suspicious-url-with-recipient-targeting-and-special-characters-e808be3a | |
Link to auto-downloaded disk image in encrypted zip | @ajpc500 | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-auto-downloaded-disk-image-in-encrypted-zip-b50f0cb1 | |
Link to auto-downloaded DMG in encrypted zip | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-to-auto-downloaded-dmg-in-encrypted-zip-43af98d3 | |
Link to auto-downloaded file with Adobe branding | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/link-to-auto-downloaded-file-with-adobe-branding-e826c2cf | |
Link to auto-downloaded file with Google Drive branding | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-auto-downloaded-file-with-google-drive-branding-4b5343be | |
Link to auto-download of a suspicious file type (unsolicited) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-auto-download-of-a-suspicious-file-type-unsolicited-67ae2152 | |
Link to Google Apps Script macro (unsolicited) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-google-apps-script-macro-unsolicited-d10146df | |
Link to Google Apps Script macro via comment tagging | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-to-google-apps-script-macro-via-comment-tagging-66fecd30 | |
Link: Uncommon SharePoint document type with sender's display name | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/link-uncommon-sharepoint-document-type-with-senders-display-name-02d290b2 | |
Link: URL scheme obfuscation via split HTML anchors | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/link-url-scheme-obfuscation-via-split-html-anchors-10375948 | |
Link: URL shortener with copy-paste instructions and credential theft language | Sublime Security | 1mo ago Feb 6th, 2026 | /feeds/core/detection-rules/link-url-shortener-with-copy-paste-instructions-and-credential-theft-language-a0a2c573 | |
Link: WordPress login page with Blogspot Binance scam | Sublime Security | 21d ago Feb 17th, 2026 | /feeds/core/detection-rules/link-wordpress-login-page-with-blogspot-binance-scam-909dfae5 | |
Lookalike sender domain (untrusted sender) | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/lookalike-sender-domain-untrusted-sender-67721993 | |
Low reputation link to auto-downloaded HTML file with smuggling indicators | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/low-reputation-link-to-auto-downloaded-html-file-with-smuggling-indicators-339676c6 | |
macOS malware: Compiled AppleScript with document double-extension | Sublime Security | 1mo ago Feb 5th, 2026 | /feeds/core/detection-rules/macos-malware-compiled-applescript-with-document-double-extension-9669c169 | |
Mass campaign: Cross Site Scripting (XSS) attempt | Sublime Security | 7mo ago Jul 16th, 2025 | /feeds/core/detection-rules/mass-campaign-cross-site-scripting-xss-attempt-6cbb7124 | |
Mass campaign: recipient address in subject, body, and link (untrusted sender) | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/mass-campaign-recipient-address-in-subject-body-and-link-untrusted-sender-599dabf5 | |
Microsoft device code phishing | @ajpc500 | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/microsoft-device-code-phishing-61f3ae67 | |
Microsoft infrastructure abuse with suspicious patterns | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/microsoft-infrastructure-abuse-with-suspicious-patterns-cfe8e804 | |
Mismatched links: Free file share with urgent language | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/mismatched-links-free-file-share-with-urgent-language-478334c8 | |
Newly registered sender or reply-to domain with newly registered linked domain | Sublime Security | 7mo ago Aug 5th, 2025 | /feeds/core/detection-rules/newly-registered-sender-or-reply-to-domain-with-newly-registered-linked-domain-e5b6a81f | |
Non-RFC compliant calendar files from unsolicited sender | Sublime Security | 5mo ago Oct 1st, 2025 | /feeds/core/detection-rules/non-rfc-compliant-calendar-files-from-unsolicited-sender-9859f100 | |
Open redirect: City of Calgary | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-city-of-calgary-00321858 | |
Open redirect: giving.lluh.org | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-givinglluhorg-a2bf1099 | |
Open redirect: Klaviyo | Sublime Security | 2y ago May 14th, 2024 | /feeds/core/detection-rules/open-redirect-klaviyo-ce5a370a | |
Open redirect: marketing.edinburghairport.com | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-marketingedinburghairportcom-33a47565 | |
Open redirect: next2.io | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-next2io-5085c422 | |
Open redirect: people.anuneo.com | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-peopleanuneocom-2ae83b73 | |
Open redirect: queue.swytchbike.com | Sublime Security | 1mo ago Jan 12th, 2026 | /feeds/core/detection-rules/open-redirect-queueswytchbikecom-916003d1 | |
Open redirect: slubnaglowie.pl | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-slubnaglowiepl-2ec356d0 | |
Open redirect: typedrawers.com | Sublime Security | 9mo ago May 23rd, 2025 | /feeds/core/detection-rules/open-redirect-typedrawerscom-158d9e95 | |
PayPal invoice abuse | Sublime Security | 27d ago Feb 11th, 2026 | /feeds/core/detection-rules/paypal-invoice-abuse-0ff7a0d4 |