Detection Method: URL analysis

URL analysis scans links in emails, attachments, or embedded content to find malicious destinations aimed at stealing your credentials, delivering malware, or launching other types of attacks. This method looks at key factors like the structure of the URL, redirection paths, domain reputation, and what the link shows when clicked.
URL analysis can help you detect:
  • Phishing sites pretending to be trusted login pages
  • Malicious domains hidden through URL shorteners or redirects
  • Login forms on suspicious or newly registered domains
  • Brand impersonation using slight domain tweaks (typosquatting or homograph attacks)
  • Suspicious URLs with weird characters or unusual patterns
For example, attackers often use redirect chains to hide their final destination from security scanners. With URL analysis, we can follow these redirects to reveal the true destination and assess the potential threat.
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Attack Types (6):
Spam
Credential Phishing
Malware/Ransomware
BEC/Fraud
Callback Phishing
Extortion
Tactics & Techniques (23):
Evasion
Social engineering
Free file host
Image as content
Impersonation: Brand
PDF
Free subdomain host
IPFS
HTML smuggling
Scripting
Free email provider
Impersonation: Employee
Lookalike domain
Exploit
Out of band pivot
LNK
QR code
Encryption
Open redirect
Spoofing
OneNote
Punycode
Impersonation: VIP
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Spam: Fake photo share
4d ago
Nov 8th, 2025
Sublime Security
Spam
Evasion
Social engineering
Content analysis
Sender analysis
URL analysis
Whois
/feeds/core/detection-rules/spam-fake-photo-share-eb086f7d
Brand impersonation: Microsoft with low reputation links
4d ago
Nov 8th, 2025
Sublime Security
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-microsoft-with-low-reputation-links-b59201b6
Credential phishing: Suspicious e-sign agreement document notification
5d ago
Nov 7th, 2025
Sublime Security
Credential Phishing
Social engineering
Content analysis
Header analysis
HTML analysis
URL analysis
Sender analysis
/feeds/core/detection-rules/credential-phishing-suspicious-e-sign-agreement-document-notification-9b68c2d8
Brand impersonation: SharePoint PDF attachment with credential theft language
5d ago
Nov 7th, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
PDF
Evasion
Computer Vision
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Header analysis
Whois
/feeds/core/detection-rules/brand-impersonation-sharepoint-pdf-attachment-with-credential-theft-language-ae3756fa
Brand impersonation: Paperless Post
6d ago
Nov 6th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Content analysis
Header analysis
HTML analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/brand-impersonation-paperless-post-e9ec5e09
Fake voicemail notification (untrusted sender)
8d ago
Nov 4th, 2025
Sublime Security
Credential Phishing
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
URL analysis
/feeds/core/detection-rules/fake-voicemail-notification-untrusted-sender-74ba7787
Attachment: EML file with IPFS links
8d ago
Nov 4th, 2025
Sublime Security
Credential Phishing
Evasion
Free file host
Free subdomain host
IPFS
File analysis
URL analysis
/feeds/core/detection-rules/attachment-eml-file-with-ipfs-links-1fe9d7e7
Attachment: HTML smuggling with atob and high entropy
8d ago
Nov 4th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
HTML smuggling
Scripting
Archive analysis
Content analysis
File analysis
HTML analysis
Javascript analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/attachment-html-smuggling-with-atob-and-high-entropy-03fcac11
ClickFunnels link infrastructure abuse
8d ago
Nov 4th, 2025
Sublime Security
Credential Phishing
Free email provider
Free subdomain host
Social engineering
Content analysis
Header analysis
QR code analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/clickfunnels-link-infrastructure-abuse-9192fbe9
Credential phishing: Generic document sharing
9d ago
Nov 3rd, 2025
Sublime Security
Credential Phishing
BEC/Fraud
Social engineering
Evasion
Impersonation: Employee
Content analysis
Natural Language Understanding
URL analysis
Sender analysis
/feeds/core/detection-rules/credential-phishing-generic-document-sharing-9f0e1d2c
Xero infrastructure abuse
9d ago
Nov 3rd, 2025
Sublime Security
Credential Phishing
Evasion
Social engineering
Content analysis
Header analysis
Natural Language Understanding
URL analysis
/feeds/core/detection-rules/xero-infrastructure-abuse-918c4bd3
Spam/fraud: Predatory journal/research paper request
9d ago
Nov 3rd, 2025
Sublime Security
BEC/Fraud
Spam
Social engineering
Impersonation: Brand
Lookalike domain
Evasion
Natural Language Understanding
Content analysis
Sender analysis
URL analysis
Whois
/feeds/core/detection-rules/spamfraud-predatory-journalresearch-paper-request-263ca56b
Link: File sharing impersonation with suspicious language and sending patterns
12d ago
Oct 31st, 2025
Sublime Security
BEC/Fraud
Credential Phishing
Social engineering
Free subdomain host
Impersonation: Brand
Natural Language Understanding
URL analysis
Sender analysis
Header analysis
Content analysis
/feeds/core/detection-rules/link-file-sharing-impersonation-with-suspicious-language-and-sending-patterns-d3363041
Service abuse: FlipHTML5 with attachment deception and credential theft language
13d ago
Oct 30th, 2025
Sublime Security
Credential Phishing
Social engineering
Free file host
Evasion
Content analysis
Natural Language Understanding
URL analysis
/feeds/core/detection-rules/service-abuse-fliphtml5-with-attachment-deception-and-credential-theft-language-02464799
Link: Multiple HTTP protocols in single URL
13d ago
Oct 30th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Content analysis
URL analysis
/feeds/core/detection-rules/link-multiple-http-protocols-in-single-url-92f9d241
Brand impersonation: DocuSign PDF attachment with suspicious link
21d ago
Oct 22nd, 2025
Sublime Security
Credential Phishing
Impersonation: Brand
PDF
Social engineering
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
/feeds/core/detection-rules/brand-impersonation-docusign-pdf-attachment-with-suspicious-link-2601cbb7
Link: Apple TestFlight from free email provider
26d ago
Oct 17th, 2025
Sublime Security
Credential Phishing
Free email provider
Evasion
Sender analysis
URL analysis
/feeds/core/detection-rules/link-apple-testflight-from-free-email-provider-9b447f1f
Link: Apple App Store malicious ad manager themed apps from free email provider
26d ago
Oct 17th, 2025
Sublime Security
Credential Phishing
BEC/Fraud
Malware/Ransomware
Free email provider
Social engineering
Evasion
Content analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/link-apple-app-store-malicious-ad-manager-themed-apps-from-free-email-provider-9ce402c6
Brand impersonation: Sharepoint fake file share
26d ago
Oct 17th, 2025
Sublime Security
Credential Phishing
Malware/Ransomware
Impersonation: Brand
Social engineering
Content analysis
Header analysis
URL analysis
Computer Vision
/feeds/core/detection-rules/brand-impersonation-sharepoint-fake-file-share-ff8b296b
Fake scan-to-email message
26d ago
Oct 17th, 2025
Sublime Security
Credential Phishing
Free file host
Social engineering
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
/feeds/core/detection-rules/fake-scan-to-email-message-78851fbe
Page 1 of 17