Sublime Security

Sublime Core Feed
HTML analysis
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: HTML analysis
HTML analysis looks at the HTML code in emails, web pages, or attachments to spot potentially malicious elements or deceptive structures. It examines both what’s visible and hidden in the HTML to uncover tactics often used in phishing or malware attacks.
HTML analysis can help you detect:
Hidden scripts or iframes that might run harmful code
Obfuscated JavaScript designed to avoid detection
Misleading hyperlinks where the displayed text doesn’t match the real URL
Forms made to steal credentials or sensitive data
Suspicious HTML comments with hidden instructions
CSS tricks used to hide malicious content
For example, phishing emails often use HTML to replicate trusted login pages. HTML analysis can catch the hidden forms and scripts trying to steal your credentials.
Blog Posts
Talking phish over turkey · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Attack Types (6):
Credential Phishing
Spam
BEC/Fraud
Malware/Ransomware
Callback Phishing
Extortion
Tactics & Techniques (23):
Evasion
Social engineering
Spoofing
Free subdomain host
Free email provider
Free file host
HTML smuggling
Impersonation: Brand
Image as content
Open redirect
Out of band pivot
Scripting
ICS Phishing
Exploit
PDF
Impersonation: VIP
Lookalike domain
Credential Phishing
Encryption
HTML injection
Impersonation: Employee
OneNote
ISO
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Body: Fake secure email portal with HTML obfuscation
5d ago
Jun 18th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
Spoofing
Content analysis
HTML analysis
URL analysis
Sender analysis
Threat intelligence
Credential Phishing
Evasion
Social engineering
Spoofing
Content analysis
HTML analysis
URL analysis
Sender analysis
Threat intelligence
Service abuse: Google Firebase sender address with suspicious content
5d ago
Jun 18th, 2026
Sublime Security
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Evasion: Hidden content divs from freemail sender
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
Evasion
Free email provider
HTML analysis
Content analysis
Sender analysis
Credential Phishing
Evasion
Free email provider
HTML analysis
Content analysis
Sender analysis
Self-impersonation: Sender matches recipient with bolded name and suspicious link
7d ago
Jun 16th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
Header analysis
HTML analysis
Sender analysis
Credential Phishing
Evasion
Social engineering
Header analysis
HTML analysis
Sender analysis
Impersonation: Fake product discount promotion
7d ago
Jun 16th, 2026
Sublime Security
BEC/Fraud
Social engineering
Free file host
Content analysis
HTML analysis
URL analysis
BEC/Fraud
Social engineering
Free file host
Content analysis
HTML analysis
URL analysis
HTML content with print styling and credential theft language
7d ago
Jun 16th, 2026
Sublime Security
Credential Phishing
Evasion
HTML smuggling
Social engineering
Content analysis
HTML analysis
Natural Language Understanding
Credential Phishing
Evasion
HTML smuggling
Social engineering
Content analysis
HTML analysis
Natural Language Understanding
Body: Yellow highlighted text markers
7d ago
Jun 16th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Evasion
HTML analysis
Content analysis
Credential Phishing
BEC/Fraud
Evasion
HTML analysis
Content analysis
Link: Credential harvesting with excess padding evasion
8d ago
Jun 15th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
Content analysis
HTML analysis
Exif analysis
URL screenshot
Credential Phishing
Evasion
Social engineering
Content analysis
HTML analysis
Exif analysis
URL screenshot
Brand impersonation: Adobe Sign with suspicious indicators
13d ago
Jun 10th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
HTML analysis
Sender analysis
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
HTML analysis
Sender analysis
Attachment: EML file contains HTML attachment with login portal indicators
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Evasion
HTML smuggling
Content analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Sender analysis
Credential Phishing
Evasion
HTML smuggling
Content analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Sender analysis
Brand impersonation: Fake DocuSign HTML table not linking to DocuSign domains
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
HTML analysis
Header analysis
Sender analysis
URL analysis
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
HTML analysis
Header analysis
Sender analysis
URL analysis
Brand impersonation: Zoom
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Evasion
Computer Vision
Content analysis
HTML analysis
Natural Language Understanding
URL analysis
Credential Phishing
Impersonation: Brand
Social engineering
Evasion
Computer Vision
Content analysis
HTML analysis
Natural Language Understanding
URL analysis
Credential phishing: Suspicious e-sign agreement document notification
18d ago
Jun 5th, 2026
Sublime Security
Credential Phishing
Social engineering
Content analysis
Header analysis
HTML analysis
URL analysis
Sender analysis
Credential Phishing
Social engineering
Content analysis
Header analysis
HTML analysis
URL analysis
Sender analysis
Link: Self-sent PDF lure with subject correlation
19d ago
Jun 4th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Social engineering
Evasion
Header analysis
HTML analysis
Sender analysis
Content analysis
BEC/Fraud
Credential Phishing
Social engineering
Evasion
Header analysis
HTML analysis
Sender analysis
Content analysis
Body: HTML whitespace stuffing with short initial message
25d ago
May 29th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
Content analysis
HTML analysis
Header analysis
Credential Phishing
Evasion
Social engineering
Content analysis
HTML analysis
Header analysis
Brand impersonation: Figma with malicious document access overlay
27d ago
May 27th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Image as content
Sender analysis
HTML analysis
URL screenshot
Optical Character Recognition
URL analysis
Credential Phishing
Impersonation: Brand
Social engineering
Image as content
Sender analysis
HTML analysis
URL screenshot
Optical Character Recognition
URL analysis
Image as content with a link to an open redirect
28d ago
May 26th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Image as content
Open redirect
Social engineering
Content analysis
HTML analysis
URL analysis
Credential Phishing
Malware/Ransomware
Evasion
Image as content
Open redirect
Social engineering
Content analysis
HTML analysis
URL analysis
Service abuse: Amazon invitation with suspected callback phishing
1mo ago
May 22nd, 2026
Sublime Security
Callback Phishing
Out of band pivot
Social engineering
Content analysis
HTML analysis
Sender analysis
Callback Phishing
Out of band pivot
Social engineering
Content analysis
HTML analysis
Sender analysis
Brand impersonation: Paperless Post
1mo ago
May 18th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Content analysis
Header analysis
HTML analysis
Sender analysis
URL analysis
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Content analysis
Header analysis
HTML analysis
Sender analysis
URL analysis
Attachment: Embedded VBScript in MHT file
1mo ago
May 14th, 2026
Sublime Security
Malware/Ransomware
Evasion
Scripting
Archive analysis
File analysis
HTML analysis
Malware/Ransomware
Evasion
Scripting
Archive analysis
File analysis
HTML analysis
Page 1 of 7

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Body: Fake secure email portal with HTML obfuscation	5d ago Jun 18th, 2026	Sublime Security	Credential Phishing Evasion Social engineering Spoofing Content analysis HTML analysis URL analysis Sender analysis Threat intelligence
Service abuse: Google Firebase sender address with suspicious content	5d ago Jun 18th, 2026	Sublime Security	Spam Credential Phishing Free subdomain host Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis URL analysis Whois
Evasion: Hidden content divs from freemail sender	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing Evasion Free email provider HTML analysis Content analysis Sender analysis
Self-impersonation: Sender matches recipient with bolded name and suspicious link	7d ago Jun 16th, 2026	Sublime Security	Credential Phishing Evasion Social engineering Header analysis HTML analysis Sender analysis
Impersonation: Fake product discount promotion	7d ago Jun 16th, 2026	Sublime Security	BEC/Fraud Social engineering Free file host Content analysis HTML analysis URL analysis
HTML content with print styling and credential theft language	7d ago Jun 16th, 2026	Sublime Security	Credential Phishing Evasion HTML smuggling Social engineering Content analysis HTML analysis Natural Language Understanding
Body: Yellow highlighted text markers	7d ago Jun 16th, 2026	Sublime Security	Credential Phishing BEC/Fraud Evasion HTML analysis Content analysis
Link: Credential harvesting with excess padding evasion	8d ago Jun 15th, 2026	Sublime Security	Credential Phishing Evasion Social engineering Content analysis HTML analysis Exif analysis URL screenshot
Brand impersonation: Adobe Sign with suspicious indicators	13d ago Jun 10th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Content analysis Header analysis HTML analysis Sender analysis
Attachment: EML file contains HTML attachment with login portal indicators	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing Evasion HTML smuggling Content analysis File analysis Header analysis HTML analysis Javascript analysis Sender analysis
Brand impersonation: Fake DocuSign HTML table not linking to DocuSign domains	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Content analysis HTML analysis Header analysis Sender analysis URL analysis
Brand impersonation: Zoom	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Evasion Computer Vision Content analysis HTML analysis Natural Language Understanding URL analysis
Credential phishing: Suspicious e-sign agreement document notification	18d ago Jun 5th, 2026	Sublime Security	Credential Phishing Social engineering Content analysis Header analysis HTML analysis URL analysis Sender analysis
Link: Self-sent PDF lure with subject correlation	19d ago Jun 4th, 2026	Sublime Security	BEC/Fraud Credential Phishing Social engineering Evasion Header analysis HTML analysis Sender analysis Content analysis
Body: HTML whitespace stuffing with short initial message	25d ago May 29th, 2026	Sublime Security	Credential Phishing Evasion Social engineering Content analysis HTML analysis Header analysis
Brand impersonation: Figma with malicious document access overlay	27d ago May 27th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Image as content Sender analysis HTML analysis URL screenshot Optical Character Recognition URL analysis
Image as content with a link to an open redirect	28d ago May 26th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion Image as content Open redirect Social engineering Content analysis HTML analysis URL analysis
Service abuse: Amazon invitation with suspected callback phishing	1mo ago May 22nd, 2026	Sublime Security	Callback Phishing Out of band pivot Social engineering Content analysis HTML analysis Sender analysis
Brand impersonation: Paperless Post	1mo ago May 18th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Impersonation: Brand Content analysis Header analysis HTML analysis Sender analysis URL analysis
Attachment: Embedded VBScript in MHT file	1mo ago May 14th, 2026	Sublime Security	Malware/Ransomware Evasion Scripting Archive analysis File analysis HTML analysis