Detection Method: URL analysis

URL analysis scans links in emails, attachments, or embedded content to find malicious destinations aimed at stealing your credentials, delivering malware, or launching other types of attacks. This method looks at key factors like the structure of the URL, redirection paths, domain reputation, and what the link shows when clicked.
URL analysis can help you detect:
  • Phishing sites pretending to be trusted login pages
  • Malicious domains hidden through URL shorteners or redirects
  • Login forms on suspicious or newly registered domains
  • Brand impersonation using slight domain tweaks (typosquatting or homograph attacks)
  • Suspicious URLs with weird characters or unusual patterns
For example, attackers often use redirect chains to hide their final destination from security scanners. With URL analysis, we can follow these redirects to reveal the true destination and assess the potential threat.
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Attack Types (6):
Credential Phishing
BEC/Fraud
Malware/Ransomware
Callback Phishing
Spam
Extortion
Tactics & Techniques (25):
Open redirect
Social engineering
Free file host
Impersonation: Brand
Evasion
QR code
Free subdomain host
Free email provider
Image as content
Out of band pivot
Encryption
PDF
Exploit
Lookalike domain
Spoofing
Impersonation: Employee
Credential Phishing
HTML injection
Scripting
LNK
Punycode
IPFS
HTML smuggling
OneNote
Impersonation: VIP
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Service abuse: Formester with suspicious link behavior
14d ago
Dec 19th, 2025
Sublime Security
Credential Phishing
BEC/Fraud
Open redirect
Social engineering
Free file host
Computer Vision
Content analysis
URL analysis
URL screenshot
/feeds/core/detection-rules/service-abuse-formester-with-suspicious-link-behavior-e4b74fd4
Brand impersonation: Google Drive fake file share
14d ago
Dec 19th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Social engineering
Content analysis
Header analysis
URL analysis
Computer Vision
/feeds/core/detection-rules/brand-impersonation-google-drive-fake-file-share-b424a941
Fake voicemail notification (untrusted sender)
15d ago
Dec 18th, 2025
Sublime Security
Credential Phishing
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/fake-voicemail-notification-untrusted-sender-74ba7787
Service abuse: Monday.com infrastructure with phishing intent
15d ago
Dec 18th, 2025
Sublime Security
Credential Phishing
Evasion
Social engineering
QR code
Content analysis
File analysis
Header analysis
QR code analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/service-abuse-mondaycom-infrastructure-with-phishing-intent-a346e3b1
Service abuse: Google application integration redirecting to suspicious hosts
16d ago
Dec 17th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Free subdomain host
Open redirect
Header analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/service-abuse-google-application-integration-redirecting-to-suspicious-hosts-473d3247
Credential phishing content and link (untrusted sender)
16d ago
Dec 17th, 2025
Sublime Security
Credential Phishing
Social engineering
Computer Vision
Sender analysis
URL analysis
URL screenshot
/feeds/core/detection-rules/credential-phishing-content-and-link-untrusted-sender-f0c95bb7
Self-sent fake PDF attachment with misleading link
17d ago
Dec 16th, 2025
Sublime Security
Credential Phishing
Evasion
Free subdomain host
Social engineering
Content analysis
URL analysis
Sender analysis
/feeds/core/detection-rules/self-sent-fake-pdf-attachment-with-misleading-link-8a285d2e
Link: Mamba 2FA phishing kit
17d ago
Dec 16th, 2025
Sublime Security
Credential Phishing
Evasion
Social engineering
URL analysis
/feeds/core/detection-rules/link-mamba-2fa-phishing-kit-8d527c0f
Salesforce infrastructure abuse
17d ago
Dec 16th, 2025
Sublime Security
Credential Phishing
Evasion
Social engineering
Content analysis
Header analysis
Natural Language Understanding
URL analysis
/feeds/core/detection-rules/salesforce-infrastructure-abuse-78a77c70
Credential phishing: Suspicious e-sign agreement document notification
18d ago
Dec 15th, 2025
Sublime Security
Credential Phishing
Social engineering
Content analysis
Header analysis
HTML analysis
URL analysis
Sender analysis
/feeds/core/detection-rules/credential-phishing-suspicious-e-sign-agreement-document-notification-9b68c2d8
Brand impersonation: Microsoft Teams invitation
18d ago
Dec 15th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Header analysis
HTML analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-microsoft-teams-invitation-46410ad8
Deceptive Dropbox mention
18d ago
Dec 15th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Free file host
Free subdomain host
Social engineering
Header analysis
Content analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/deceptive-dropbox-mention-58a107bc
Credential phishing: Engaging language and other indicators (untrusted sender)
21d ago
Dec 12th, 2025
Sublime Security
Credential Phishing
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/credential-phishing-engaging-language-and-other-indicators-untrusted-sender-c2bc8ca2
Attachment: Adobe image lure in body or attachment with suspicious link
21d ago
Dec 12th, 2025
Sublime Security
Credential Phishing
Image as content
Impersonation: Brand
Content analysis
Computer Vision
Optical Character Recognition
Sender analysis
URL analysis
/feeds/core/detection-rules/attachment-adobe-image-lure-in-body-or-attachment-with-suspicious-link-1d7add81
QR Code with suspicious indicators
21d ago
Dec 12th, 2025
Sublime Security
Credential Phishing
QR code
Social engineering
Content analysis
Header analysis
Computer Vision
Natural Language Understanding
QR code analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/qr-code-with-suspicious-indicators-04f5c34f
Service abuse: Callback phishing via Microsoft Teams invite
21d ago
Dec 12th, 2025
Sublime Security
Callback Phishing
Impersonation: Brand
Out of band pivot
Social engineering
Content analysis
URL analysis
Sender analysis
/feeds/core/detection-rules/service-abuse-callback-phishing-via-microsoft-teams-invite-13e35e5f
Link: Self-sender with sender org in subject and credential theft indicator
22d ago
Dec 11th, 2025
Sublime Security
Credential Phishing
Social engineering
Evasion
Natural Language Understanding
Content analysis
Sender analysis
URL analysis
Header analysis
/feeds/core/detection-rules/link-self-sender-with-sender-org-in-subject-and-credential-theft-indicator-bfa9aa08
Link: Base64 encoded recipient address in URL fragment with subject hash
22d ago
Dec 11th, 2025
Sublime Security
Credential Phishing
Encryption
Evasion
Social engineering
Content analysis
URL analysis
Header analysis
/feeds/core/detection-rules/link-base64-encoded-recipient-address-in-url-fragment-with-subject-hash-eb9694b8
Google presentation open redirect phishing
22d ago
Dec 11th, 2025
Sublime Security
Credential Phishing
Evasion
Open redirect
Social engineering
URL analysis
HTML analysis
/feeds/core/detection-rules/google-presentation-open-redirect-phishing-5d01ee3a
Brand impersonation: Microsoft with low reputation links
23d ago
Dec 10th, 2025
Sublime Security
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6
Page 1 of 18