Sublime Security

Sublime Core Feed
Open redirect
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Tactic or Technique: Open redirect
Attackers abuse open redirect vulnerabilities to make malicious links appear trustworthy. These links begin with a legitimate domain, but when clicked, they send you to a completely different site—often one used for phishing or malware delivery.
It often begins with a link like “trusted-company[.]com/redirect?url=malicious-site[.]com” to bypass filters and build false confidence. Since the domain looks familiar, you’re more likely to trust it and click through. Behind the scenes, you’re immediately redirected to an attacker-controlled page.
This tactic works because many users and security tools only check the start of a URL. It’s frequently used in credential phishing and malware campaigns, especially when combined with realistic branding that makes the message feel like it came from a legitimate source.
Attack Types (4):
Credential Phishing
BEC/Fraud
Malware/Ransomware
Spam
Detection Methods (12):
Computer Vision
Content analysis
URL analysis
URL screenshot
Header analysis
Sender analysis
HTML analysis
File analysis
QR code analysis
Natural Language Understanding
Optical Character Recognition
Javascript analysis
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Service abuse: Formester with suspicious link behavior
14d ago
Dec 19th, 2025
Sublime Security
Credential Phishing
BEC/Fraud
Open redirect
Social engineering
Free file host
Computer Vision
Content analysis
URL analysis
URL screenshot
Credential Phishing
BEC/Fraud
Open redirect
Social engineering
Free file host
Computer Vision
Content analysis
URL analysis
URL screenshot
/feeds/core/detection-rules/service-abuse-formester-with-suspicious-link-behavior-e4b74fd4
Service abuse: Google application integration redirecting to suspicious hosts
16d ago
Dec 17th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Free subdomain host
Open redirect
Header analysis
Sender analysis
URL analysis
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Free subdomain host
Open redirect
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/service-abuse-google-application-integration-redirecting-to-suspicious-hosts-473d3247
Google presentation open redirect phishing
22d ago
Dec 11th, 2025
Sublime Security
Credential Phishing
Evasion
Open redirect
Social engineering
URL analysis
HTML analysis
Credential Phishing
Evasion
Open redirect
Social engineering
URL analysis
HTML analysis
/feeds/core/detection-rules/google-presentation-open-redirect-phishing-5d01ee3a
Open redirect (go2.aspx) leading to Microsoft credential phishing
23d ago
Dec 10th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Open redirect
Content analysis
Header analysis
URL analysis
Credential Phishing
Impersonation: Brand
Open redirect
Content analysis
Header analysis
URL analysis
/feeds/core/detection-rules/open-redirect-go2aspx-leading-to-microsoft-credential-phishing-51667096
Link: QR code in EML attachment with credential phishing indicators
1mo ago
Dec 2nd, 2025
Sublime Security
Credential Phishing
Evasion
Open redirect
QR code
Computer Vision
Content analysis
File analysis
QR code analysis
Credential Phishing
Evasion
Open redirect
QR code
Computer Vision
Content analysis
File analysis
QR code analysis
/feeds/core/detection-rules/link-qr-code-in-eml-attachment-with-credential-phishing-indicators-9908ed3a
Constant Contact link infrastructure abuse
2mo ago
Oct 17th, 2025
Sublime Security
Credential Phishing
Free email provider
Open redirect
Social engineering
Content analysis
Header analysis
QR code analysis
Sender analysis
Credential Phishing
Free email provider
Open redirect
Social engineering
Content analysis
Header analysis
QR code analysis
Sender analysis
/feeds/core/detection-rules/constant-contact-link-infrastructure-abuse-8c5e8e4c
Google Accelerated Mobile Pages (AMP) abuse
3mo ago
Sep 22nd, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Open redirect
Computer Vision
Content analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
URL screenshot
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Open redirect
Computer Vision
Content analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
URL screenshot
/feeds/core/detection-rules/google-accelerated-mobile-pages-amp-abuse-46907029
Open Redirect: Google domain with /url path and suspicious indicators
3mo ago
Sep 22nd, 2025
Sublime Security
Credential Phishing
Evasion
Open redirect
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Credential Phishing
Evasion
Open redirect
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-google-domain-with-url-path-and-suspicious-indicators-fc5adf74
Open Redirect: asemailmgmteu.com
3mo ago
Sep 15th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-asemailmgmteucom-368871ea
Link: Multistage landing - FreshDesk knowledge base abuse
4mo ago
Aug 21st, 2025
Sublime Security
Credential Phishing
Open redirect
Impersonation: Brand
Social engineering
Content analysis
Natural Language Understanding
URL analysis
URL screenshot
Credential Phishing
Open redirect
Impersonation: Brand
Social engineering
Content analysis
Natural Language Understanding
URL analysis
URL screenshot
/feeds/core/detection-rules/link-multistage-landing-freshdesk-knowledge-base-abuse-edd6acf7
Open redirect: fenc.com
5mo ago
Aug 5th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-fenccom-6ff1ab52
Open redirect: museepicassoparis.fr
5mo ago
Aug 5th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-museepicassoparisfr-7ac8f887
Open redirect: radiopublic.com
5mo ago
Aug 5th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-radiopubliccom-2cb3f7a0
Open redirect: api.spently.com
5mo ago
Aug 5th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-apispentlycom-69740e97
Open redirect: agena-smile.com
5mo ago
Aug 5th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-agena-smilecom-4a8ebce6
Open redirect: eaoko.org
5mo ago
Aug 5th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-eaokoorg-f8fd9912
Open redirect: adnxs.com
5mo ago
Aug 5th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-adnxscom-7fc92916
Open redirect: Bitrix24 URL Path
5mo ago
Aug 5th, 2025
Sublime Security
Credential Phishing
Open redirect
Sender analysis
URL analysis
Credential Phishing
Open redirect
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-bitrix24-url-path-e3c85e59
Open redirect: listing.ca
5mo ago
Aug 5th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-listingca-e90871fe
Open redirect: vconfex.com
5mo ago
Aug 5th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
Credential Phishing
Malware/Ransomware
Open redirect
Sender analysis
URL analysis
/feeds/core/detection-rules/open-redirect-vconfexcom-877de339
Page 1 of 7

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Service abuse: Formester with suspicious link behavior	14d ago Dec 19th, 2025	Sublime Security	Credential Phishing BEC/Fraud Open redirect Social engineering Free file host Computer Vision Content analysis URL analysis URL screenshot	/feeds/core/detection-rules/service-abuse-formester-with-suspicious-link-behavior-e4b74fd4
Service abuse: Google application integration redirecting to suspicious hosts	16d ago Dec 17th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Evasion Free file host Free subdomain host Open redirect Header analysis Sender analysis URL analysis	/feeds/core/detection-rules/service-abuse-google-application-integration-redirecting-to-suspicious-hosts-473d3247
Google presentation open redirect phishing	22d ago Dec 11th, 2025	Sublime Security	Credential Phishing Evasion Open redirect Social engineering URL analysis HTML analysis	/feeds/core/detection-rules/google-presentation-open-redirect-phishing-5d01ee3a
Open redirect (go2.aspx) leading to Microsoft credential phishing	23d ago Dec 10th, 2025	Sublime Security	Credential Phishing Impersonation: Brand Open redirect Content analysis Header analysis URL analysis	/feeds/core/detection-rules/open-redirect-go2aspx-leading-to-microsoft-credential-phishing-51667096
Link: QR code in EML attachment with credential phishing indicators	1mo ago Dec 2nd, 2025	Sublime Security	Credential Phishing Evasion Open redirect QR code Computer Vision Content analysis File analysis QR code analysis	/feeds/core/detection-rules/link-qr-code-in-eml-attachment-with-credential-phishing-indicators-9908ed3a
Constant Contact link infrastructure abuse	2mo ago Oct 17th, 2025	Sublime Security	Credential Phishing Free email provider Open redirect Social engineering Content analysis Header analysis QR code analysis Sender analysis	/feeds/core/detection-rules/constant-contact-link-infrastructure-abuse-8c5e8e4c
Google Accelerated Mobile Pages (AMP) abuse	3mo ago Sep 22nd, 2025	Sublime Security	Credential Phishing Malware/Ransomware Impersonation: Brand Open redirect Computer Vision Content analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis URL screenshot	/feeds/core/detection-rules/google-accelerated-mobile-pages-amp-abuse-46907029
Open Redirect: Google domain with /url path and suspicious indicators	3mo ago Sep 22nd, 2025	Sublime Security	Credential Phishing Evasion Open redirect Computer Vision Content analysis File analysis Header analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-google-domain-with-url-path-and-suspicious-indicators-fc5adf74
Open Redirect: asemailmgmteu.com	3mo ago Sep 15th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-asemailmgmteucom-368871ea
Link: Multistage landing - FreshDesk knowledge base abuse	4mo ago Aug 21st, 2025	Sublime Security	Credential Phishing Open redirect Impersonation: Brand Social engineering Content analysis Natural Language Understanding URL analysis URL screenshot	/feeds/core/detection-rules/link-multistage-landing-freshdesk-knowledge-base-abuse-edd6acf7
Open redirect: fenc.com	5mo ago Aug 5th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-fenccom-6ff1ab52
Open redirect: museepicassoparis.fr	5mo ago Aug 5th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-museepicassoparisfr-7ac8f887
Open redirect: radiopublic.com	5mo ago Aug 5th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-radiopubliccom-2cb3f7a0
Open redirect: api.spently.com	5mo ago Aug 5th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-apispentlycom-69740e97
Open redirect: agena-smile.com	5mo ago Aug 5th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-agena-smilecom-4a8ebce6
Open redirect: eaoko.org	5mo ago Aug 5th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-eaokoorg-f8fd9912
Open redirect: adnxs.com	5mo ago Aug 5th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-adnxscom-7fc92916
Open redirect: Bitrix24 URL Path	5mo ago Aug 5th, 2025	Sublime Security	Credential Phishing Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-bitrix24-url-path-e3c85e59
Open redirect: listing.ca	5mo ago Aug 5th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-listingca-e90871fe
Open redirect: vconfex.com	5mo ago Aug 5th, 2025	Sublime Security	Credential Phishing Malware/Ransomware Open redirect Sender analysis URL analysis	/feeds/core/detection-rules/open-redirect-vconfexcom-877de339