Detection Method: HTML analysis

HTML analysis looks at the HTML code in emails, web pages, or attachments to spot potentially malicious elements or deceptive structures. It examines both what’s visible and hidden in the HTML to uncover tactics often used in phishing or malware attacks.
HTML analysis can help you detect:
  • Hidden scripts or iframes that might run harmful code
  • Obfuscated JavaScript designed to avoid detection
  • Misleading hyperlinks where the displayed text doesn’t match the real URL
  • Forms made to steal credentials or sensitive data
  • Suspicious HTML comments with hidden instructions
  • CSS tricks used to hide malicious content
For example, phishing emails often use HTML to replicate trusted login pages. HTML analysis can catch the hidden forms and scripts trying to steal your credentials.
Blog Posts
Talking phish over turkey · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Call Me Maybe? The Rise of Callback Phishing Emails · Blog · Sublime Security
Attack Types (6):
Credential Phishing
Callback Phishing
BEC/Fraud
Malware/Ransomware
Spam
Extortion
Tactics & Techniques (22):
Impersonation: Brand
Social engineering
Free email provider
Evasion
HTML smuggling
ICS Phishing
Scripting
Exploit
Open redirect
Free subdomain host
Image as content
PDF
Impersonation: VIP
Lookalike domain
Credential Phishing
Encryption
Free file host
HTML injection
Impersonation: Employee
OneNote
Out of band pivot
ISO
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Link: Suspicious Loom HTML file path
6d ago
May 6th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
HTML analysis
URL analysis
Callback phishing: AOL senders with suspicious HTML template or PDF attachment
8d ago
May 4th, 2026
Sublime Security
Callback Phishing
Free email provider
Social engineering
Content analysis
Header analysis
File analysis
HTML analysis
Exif analysis
Sender analysis
Link: Credential harvesting with excess padding evasion
8d ago
May 4th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
Content analysis
HTML analysis
Exif analysis
URL screenshot
Venmo payment request abuse
8d ago
May 4th, 2026
Sublime Security
Callback Phishing
BEC/Fraud
Social engineering
Impersonation: Brand
Evasion
Natural Language Understanding
Content analysis
Sender analysis
HTML analysis
Abuse: Robinhood injected content
12d ago
Apr 30th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
HTML analysis
Sender analysis
Attachment: HTML smuggling with atob and high entropy via calendar invite
14d ago
Apr 28th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
ICS Phishing
Scripting
File analysis
HTML analysis
Javascript analysis
Sender analysis
Attachment: HTML smuggling with eval and atob via calendar invite
14d ago
Apr 28th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
HTML smuggling
ICS Phishing
Scripting
File analysis
HTML analysis
Javascript analysis
CVE-2023-5631 - Roundcube Webmail XSS via crafted SVG
15d ago
Apr 27th, 2026
Sublime Security
Malware/Ransomware
Evasion
Exploit
HTML smuggling
Scripting
Content analysis
HTML analysis
Sender analysis
Attachment: Double base64-encoded zip file in HTML smuggling attachment
15d ago
Apr 27th, 2026
@ajpc500
Malware/Ransomware
Credential Phishing
Evasion
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Sender analysis
Service abuse: Meetup.com redirect with brand impersonation
27d ago
Apr 15th, 2026
Sublime Security
Credential Phishing
Open redirect
Impersonation: Brand
Evasion
URL analysis
HTML analysis
Content analysis
Sender analysis
Credential Phishing: W-2 lure with inline SVG Windows logo
1mo ago
Apr 8th, 2026
Sublime Security
Credential Phishing
Evasion
HTML smuggling
Social engineering
Content analysis
HTML analysis
Service abuse: Google Firebase sender address with suspicious content
1mo ago
Apr 2nd, 2026
Sublime Security
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Service abuse: Substack credential theft with confusable characters and branded button redirects
1mo ago
Mar 19th, 2026
Sublime Security
Credential Phishing
Social engineering
Evasion
Sender analysis
HTML analysis
Natural Language Understanding
URL analysis
Link: PDF display text with fake copyright claim template
1mo ago
Mar 18th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Image as content
PDF
Content analysis
HTML analysis
Attachment: Archive containing HTML file with file scheme link
1mo ago
Mar 17th, 2026
Sublime Security
Credential Phishing
Evasion
Exploit
HTML smuggling
Social engineering
Archive analysis
File analysis
HTML analysis
Body HTML: Comment with 24-character hex token
1mo ago
Mar 17th, 2026
Sublime Security
Spam
Evasion
Content analysis
HTML analysis
Credential phishing: Blue button styled link with file-sharing template artifacts
2mo ago
Mar 9th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
HTML analysis
URL analysis
Link: Apple App Store link to apps impersonating AI adveristing
2mo ago
Mar 5th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Content analysis
URL analysis
HTML analysis
Service abuse: HungerRush domain with SendGrid tracking targeting ProtonMail
2mo ago
Mar 4th, 2026
Sublime Security
BEC/Fraud
Evasion
Sender analysis
HTML analysis
Content analysis
Brand impersonation: Zoom via HTML styling
2mo ago
Feb 27th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
HTML analysis
Page 1 of 6