• HTML analysis

Detection Method: HTML analysis

HTML analysis looks at the HTML code in emails, web pages, or attachments to spot potentially malicious elements or deceptive structures. It examines both what’s visible and hidden in the HTML to uncover tactics often used in phishing or malware attacks.
HTML analysis can help you detect:
  • Hidden scripts or iframes that might run harmful code
  • Obfuscated JavaScript designed to avoid detection
  • Misleading hyperlinks where the displayed text doesn’t match the real URL
  • Forms made to steal credentials or sensitive data
  • Suspicious HTML comments with hidden instructions
  • CSS tricks used to hide malicious content
For example, phishing emails often use HTML to replicate trusted login pages. HTML analysis can catch the hidden forms and scripts trying to steal your credentials.
Blog Posts
Talking phish over turkey
Talking phish over turkey
Living Off the Land: Credential Phishing via Docusign abuse
Living Off the Land: Credential Phishing via Docusign abuse
Call Me Maybe? The Rise of Callback Phishing Emails
Call Me Maybe? The Rise of Callback Phishing Emails
Attack Types (5):
Credential Phishing
Callback Phishing
Malware/Ransomware
BEC/Fraud
Spam
Tactics & Techniques (15):
Evasion
Social engineering
Impersonation: Brand
Free file host
Free email provider
HTML smuggling
Open redirect
Free subdomain host
Scripting
Impersonation: VIP
Lookalike domain
Impersonation: Employee
OneNote
PDF
Image as content
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Link: Multistage Landing - Scribd Document
7d ago
May 16th, 2025
Sublime Security
Credential Phishing
Evasion
Social engineering
Impersonation: Brand
Free file host
URL analysis
HTML analysis
Natural Language Understanding
Computer Vision
Optical Character Recognition
URL screenshot
/feeds/core/detection-rules/link-multistage-landing-scribd-document-afa9807d
Canva Design With Suspicious Embedded Link
7d ago
May 16th, 2025
Sublime Security
Credential Phishing
Evasion
Social engineering
Free file host
HTML analysis
URL analysis
Natural Language Understanding
Sender analysis
/feeds/core/detection-rules/canva-design-with-suspicious-embedded-link-02959e22
Brand Impersonation: Zoom
8d ago
May 15th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Evasion
Computer Vision
Content analysis
HTML analysis
Natural Language Understanding
URL analysis
/feeds/core/detection-rules/brand-impersonation-zoom-5abad540
Brand Impersonation: Microsoft Teams Invitation
18d ago
May 5th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
HTML analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-microsoft-teams-invitation-46410ad8
Link: Multistage Landing - Abused Google Drive
18d ago
May 5th, 2025
Sublime Security
Credential Phishing
Evasion
Free email provider
Free file host
Content analysis
Sender analysis
URL analysis
Whois
HTML analysis
/feeds/core/detection-rules/link-multistage-landing-abused-google-drive-c86288b4
Service Abuse: HelloSign From an Unsolicited Sender Address
23d ago
Apr 30th, 2025
Sublime Security
Credential Phishing
Social engineering
Free file host
Evasion
HTML analysis
Sender analysis
Header analysis
/feeds/core/detection-rules/service-abuse-hellosign-from-an-unsolicited-sender-address-68ca0753
Callback Phishing: AOL Senders with Suspicious HTML Template or PDF Attachment
25d ago
Apr 28th, 2025
Sublime Security
Callback Phishing
Free email provider
Social engineering
Content analysis
Header analysis
File analysis
HTML analysis
Exif analysis
Sender analysis
/feeds/core/detection-rules/callback-phishing-aol-senders-with-suspicious-html-template-or-pdf-attachment-f6044eed
Attachment: Web Files With Suspicious Comments
25d ago
Apr 28th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
HTML smuggling
Evasion
File analysis
HTML analysis
Content analysis
/feeds/core/detection-rules/attachment-web-files-with-suspicious-comments-93061d17
Google Presentation Open Redirect Phishing
29d ago
Apr 24th, 2025
Sublime Security
Credential Phishing
Evasion
Open redirect
Social engineering
URL analysis
HTML analysis
/feeds/core/detection-rules/google-presentation-open-redirect-phishing-5d01ee3a
Link: Multistage Landing - Microsoft Forms Abuse
1mo ago
Apr 15th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
HTML analysis
URL analysis
Content analysis
/feeds/core/detection-rules/link-multistage-landing-microsoft-forms-abuse-85a2cd12
Link: Multistage Landing - Abused Docusign
1mo ago
Apr 11th, 2025
Sublime Security
Credential Phishing
Evasion
Free subdomain host
Free file host
Content analysis
Sender analysis
URL analysis
Whois
HTML analysis
/feeds/core/detection-rules/link-multistage-landing-abused-docusign-4189a645
Credential Phishing: Suspicious E-sign Agreement Document Notification
1mo ago
Apr 10th, 2025
Sublime Security
Credential Phishing
Social engineering
Content analysis
Header analysis
HTML analysis
URL analysis
Sender analysis
/feeds/core/detection-rules/credential-phishing-suspicious-e-sign-agreement-document-notification-9b68c2d8
Attachment: HTML with obfuscation and recipient's email in JavaScript strings
1mo ago
Apr 10th, 2025
Sublime Security
Credential Phishing
HTML smuggling
Scripting
Archive analysis
File analysis
HTML analysis
Javascript analysis
/feeds/core/detection-rules/attachment-html-with-obfuscation-and-recipients-email-in-javascript-strings-1aff486b
Google Share Notification with Suspicious Comments
1mo ago
Apr 8th, 2025
Sublime Security
Credential Phishing
Impersonation: VIP
Free file host
HTML analysis
Header analysis
Sender analysis
Content analysis
/feeds/core/detection-rules/google-share-notification-with-suspicious-comments-c69c9924
Attachment: EML file with HTML attachment (unsolicited)
1mo ago
Mar 28th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
Content analysis
File analysis
Header analysis
HTML analysis
Sender analysis
/feeds/core/detection-rules/attachment-eml-file-with-html-attachment-unsolicited-c24fd191
Impersonation: Chrome Web Store Policy
2mo ago
Mar 18th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Free email provider
Lookalike domain
Content analysis
Header analysis
HTML analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/impersonation-chrome-web-store-policy-4a98f283
Open Redirect: Shibboleth SSO Logout Return Parameter
2mo ago
Mar 18th, 2025
Sublime Security
Credential Phishing
Open redirect
Evasion
HTML analysis
URL analysis
Sender analysis
/feeds/core/detection-rules/open-redirect-shibboleth-sso-logout-return-parameter-374b7517
Sharepoint Link Likely Unrelated to Sender
2mo ago
Mar 12th, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Employee
Lookalike domain
OneNote
PDF
Social engineering
URL analysis
Sender analysis
Header analysis
HTML analysis
/feeds/core/detection-rules/sharepoint-link-likely-unrelated-to-sender-6870f489
Spam: Image as content with Hidden HTML Element
2mo ago
Mar 3rd, 2025
Sublime Security
Spam
Evasion
Image as content
Content analysis
HTML analysis
Sender analysis
/feeds/core/detection-rules/spam-image-as-content-with-hidden-html-element-5de8861f
Link: Multistage Landing - Abused Adobe frame.io
2mo ago
Mar 3rd, 2025
Sublime Security
Credential Phishing
Evasion
Free file host
Content analysis
Whois
Computer Vision
URL analysis
HTML analysis
/feeds/core/detection-rules/link-multistage-landing-abused-adobe-frameio-a6c457c5