Detection Method: HTML analysis

HTML analysis looks at the HTML code in emails, web pages, or attachments to spot potentially malicious elements or deceptive structures. It examines both what’s visible and hidden in the HTML to uncover tactics often used in phishing or malware attacks.
HTML analysis can help you detect:
  • Hidden scripts or iframes that might run harmful code
  • Obfuscated JavaScript designed to avoid detection
  • Misleading hyperlinks where the displayed text doesn’t match the real URL
  • Forms made to steal credentials or sensitive data
  • Suspicious HTML comments with hidden instructions
  • CSS tricks used to hide malicious content
For example, phishing emails often use HTML to replicate trusted login pages. HTML analysis can catch the hidden forms and scripts trying to steal your credentials.
Blog Posts
Talking phish over turkey · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Attack Types (6):
Credential Phishing
Malware/Ransomware
Spam
BEC/Fraud
Callback Phishing
Extortion
Tactics & Techniques (21):
Social engineering
Evasion
Image as content
PDF
Exploit
HTML smuggling
Free subdomain host
Impersonation: Brand
Impersonation: VIP
Lookalike domain
Credential Phishing
Scripting
Free email provider
Open redirect
Free file host
HTML injection
Encryption
Impersonation: Employee
OneNote
Out of band pivot
ISO
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Service abuse: Substack credential theft with confusable characters and branded button redirects
11d ago
Mar 19th, 2026
Sublime Security
Credential Phishing
Social engineering
Evasion
Sender analysis
HTML analysis
Natural Language Understanding
URL analysis
Link: PDF display text with fake copyright claim template
12d ago
Mar 18th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Image as content
PDF
Content analysis
HTML analysis
Attachment: Archive containing HTML file with file scheme link
13d ago
Mar 17th, 2026
Sublime Security
Credential Phishing
Evasion
Exploit
HTML smuggling
Social engineering
Archive analysis
File analysis
HTML analysis
Body HTML: Comment with 24-character hex token
13d ago
Mar 17th, 2026
Sublime Security
Spam
Evasion
Content analysis
HTML analysis
Service abuse: Google Firebase sender address with suspicious content
18d ago
Mar 12th, 2026
Sublime Security
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Credential phishing: Blue button styled link with file-sharing template artifacts
21d ago
Mar 9th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
HTML analysis
URL analysis
Link: Apple App Store link to apps impersonating AI adveristing
25d ago
Mar 5th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Content analysis
URL analysis
HTML analysis
Service abuse: HungerRush domain with SendGrid tracking targeting ProtonMail
26d ago
Mar 4th, 2026
Sublime Security
BEC/Fraud
Evasion
Sender analysis
HTML analysis
Content analysis
Brand impersonation: Zoom via HTML styling
1mo ago
Feb 27th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
HTML analysis
Link: Credential theft with invisible Unicode character in page title from unsolicited sender
1mo ago
Feb 13th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
Natural Language Understanding
Content analysis
HTML analysis
URL analysis
URL screenshot
Service abuse: Apple TestFlight with suspicious developer reference
1mo ago
Feb 6th, 2026
Sublime Security
Spam
Social engineering
Content analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Brand impersonation: Microsoft Teams invitation
1mo ago
Feb 6th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
HTML analysis
URL analysis
Link: Common hidden directory observed
1mo ago
Feb 3rd, 2026
Sublime Security
Credential Phishing
Evasion
URL analysis
HTML analysis
Service abuse: Trello board invitation with VIP impersonation
1mo ago
Feb 3rd, 2026
Sublime Security
Credential Phishing
Impersonation: VIP
Social engineering
Content analysis
Header analysis
HTML analysis
Sender analysis
Brand impersonation: Aramco
2mo ago
Jan 28th, 2026
Sublime Security
BEC/Fraud
Impersonation: Brand
Lookalike domain
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
Brand impersonation: File sharing notification with template artifacts
2mo ago
Jan 23rd, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Evasion
HTML analysis
Computer Vision
Content analysis
Header analysis
Link: Tycoon2FA phishing kit (non-exhaustive)
2mo ago
Jan 23rd, 2026
Sublime Security
Credential Phishing
Free subdomain host
Evasion
Credential Phishing
URL analysis
HTML analysis
Content analysis
Spam: Commonly observed formatting of unauthorized free giveaways
2mo ago
Jan 14th, 2026
Sublime Security
Spam
Impersonation: Brand
Social engineering
Content analysis
HTML analysis
Sender analysis
URL analysis
Attachment: HTML smuggling with unescape
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Scripting
Archive analysis
File analysis
HTML analysis
Javascript analysis
Attachment: Embedded VBScript in MHT file (unsolicited)
2mo ago
Jan 12th, 2026
Sublime Security
Malware/Ransomware
Evasion
Scripting
Archive analysis
File analysis
HTML analysis
Sender analysis
Page 1 of 6