Detection Method: HTML analysis

HTML analysis looks at the HTML code in emails, web pages, or attachments to spot potentially malicious elements or deceptive structures. It examines both what’s visible and hidden in the HTML to uncover tactics often used in phishing or malware attacks.
HTML analysis can help you detect:
  • Hidden scripts or iframes that might run harmful code
  • Obfuscated JavaScript designed to avoid detection
  • Misleading hyperlinks where the displayed text doesn’t match the real URL
  • Forms made to steal credentials or sensitive data
  • Suspicious HTML comments with hidden instructions
  • CSS tricks used to hide malicious content
For example, phishing emails often use HTML to replicate trusted login pages. HTML analysis can catch the hidden forms and scripts trying to steal your credentials.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Service abuse: Oracle Cloud Workflow callback scam
6d ago
Jul 10th, 2026
Sublime Security
Credential phishing: Blue button styled link with file-sharing template artifacts
8d ago
Jul 8th, 2026
Sublime Security
Service abuse: SurveyMonkey with suspicious outbound links
8d ago
Jul 8th, 2026
Sublime Security
Zoom Events newsletter abuse
8d ago
Jul 8th, 2026
Sublime Security
VIP impersonation: VIP recipient of previous thread with HTML generator
9d ago
Jul 7th, 2026
Sublime Security
BEC: Executive coaching vendor impersonation
15d ago
Jul 1st, 2026
Sublime Security
HTML: Template placeholders or recipient email in element class attributes
16d ago
Jun 30th, 2026
Sublime Security
Credential theft: JavaScript date manipulation in HTML body
17d ago
Jun 29th, 2026
Sublime Security
Link: Suspicious single-domain link with suspicious path and financial lure indicators
20d ago
Jun 26th, 2026
Sublime Security
Brand impersonation: Microsoft Teams invitation
20d ago
Jun 26th, 2026
Sublime Security
Link: Fake secure message notification template
21d ago
Jun 25th, 2026
Sublime Security
Body: Invisible Unicode obfuscation student loan callback phishing
21d ago
Jun 25th, 2026
Sublime Security
Body: Suspicious table template fingerprint
21d ago
Jun 25th, 2026
Sublime Security
Body: Fake secure email portal with HTML obfuscation
28d ago
Jun 18th, 2026
Sublime Security
Service abuse: Google Firebase sender address with suspicious content
28d ago
Jun 18th, 2026
Sublime Security
Evasion: Hidden content divs from freemail sender
29d ago
Jun 17th, 2026
Sublime Security
Self-impersonation: Sender matches recipient with bolded name and suspicious link
30d ago
Jun 16th, 2026
Sublime Security
Impersonation: Fake product discount promotion
30d ago
Jun 16th, 2026
Sublime Security
HTML content with print styling and credential theft language
30d ago
Jun 16th, 2026
Sublime Security
Body: Yellow highlighted text markers
30d ago
Jun 16th, 2026
Sublime Security