Detection Method: URL analysis

URL analysis scans links in emails, attachments, or embedded content to find malicious destinations aimed at stealing your credentials, delivering malware, or launching other types of attacks. This method looks at key factors like the structure of the URL, redirection paths, domain reputation, and what the link shows when clicked.
URL analysis can help you detect:
  • Phishing sites pretending to be trusted login pages
  • Malicious domains hidden through URL shorteners or redirects
  • Login forms on suspicious or newly registered domains
  • Brand impersonation using slight domain tweaks (typosquatting or homograph attacks)
  • Suspicious URLs with weird characters or unusual patterns
For example, attackers often use redirect chains to hide their final destination from security scanners. With URL analysis, we can follow these redirects to reveal the true destination and assess the potential threat.
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Attack Types (6):
Credential Phishing
BEC/Fraud
Malware/Ransomware
Extortion
Spam
Callback Phishing
Tactics & Techniques (25):
QR code
Social engineering
Evasion
Impersonation: Brand
Lookalike domain
Spoofing
Open redirect
Free file host
Free subdomain host
PDF
Image as content
Scripting
Free email provider
Encryption
OneNote
Impersonation: Employee
Credential Phishing
Out of band pivot
HTML smuggling
Impersonation: VIP
Exploit
IPFS
HTML injection
LNK
Punycode
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Attachment: ICS calendar file with QR code containing recipient email address
2d ago
Apr 20th, 2026
Sublime Security
Credential Phishing
QR code
Social engineering
Evasion
File analysis
QR code analysis
URL analysis
Content analysis
Attachment: ICS file with links to newly registered domains
2d ago
Apr 20th, 2026
Sublime Security
Credential Phishing
Social engineering
File analysis
URL analysis
Whois
Brand impersonation: DocuSign
5d ago
Apr 17th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Spoofing
Header analysis
Sender analysis
URL analysis
Link: WordPress admin targeting with recipient identifier in URL fragment
6d ago
Apr 16th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
URL analysis
Content analysis
Service abuse: Meetup.com redirect with brand impersonation
7d ago
Apr 15th, 2026
Sublime Security
Credential Phishing
Open redirect
Impersonation: Brand
Evasion
URL analysis
HTML analysis
Content analysis
Sender analysis
Link: Tax document lure Portuguese/Spanish with suspicious domains
8d ago
Apr 14th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Content analysis
URL analysis
Whois
Attachment: Fake voicemail via PDF
8d ago
Apr 14th, 2026
Sublime Security
Credential Phishing
PDF
QR code
Social engineering
Computer Vision
Content analysis
File analysis
Optical Character Recognition
QR code analysis
URL analysis
Attachment: PDF with a suspicious string and single URL
12d ago
Apr 10th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
URL analysis
Exif analysis
Link: Shortened URL with fragment matching subject
13d ago
Apr 9th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Evasion
Social engineering
Content analysis
URL analysis
Header analysis
Cloud storage impersonation with credential theft indicators
13d ago
Apr 9th, 2026
Sublime Security
Credential Phishing
Free file host
Image as content
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Attachment: Calendar invite with Google redirect and invoice request
14d ago
Apr 8th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Open redirect
Social engineering
File analysis
Natural Language Understanding
URL analysis
Service abuse: Mimecast URL with excessive path length
14d ago
Apr 8th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Open redirect
URL analysis
Service abuse: GitHub notification with excessive mentions and suspicious links
15d ago
Apr 7th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Header analysis
URL analysis
Sender analysis
Whois
Link: Landing page with search-ms protocol redirect
15d ago
Apr 7th, 2026
Sublime Security
Malware/Ransomware
Evasion
Scripting
URL analysis
Threat intelligence
Link: Job recruitment lure from unsolicited sender with suspicious hosting
15d ago
Apr 7th, 2026
Sublime Security
Credential Phishing
Social engineering
Content analysis
Sender analysis
URL analysis
Brand impersonation: Zoom via lookalike domain
15d ago
Apr 7th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Free email provider
Social engineering
URL analysis
Sender analysis
Abuse: Cloudflare Workers Hosted EvilTokens Domain Structure
16d ago
Apr 6th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Evasion
Social engineering
URL analysis
QR Code with suspicious indicators
16d ago
Apr 6th, 2026
Sublime Security
Credential Phishing
QR code
Social engineering
Content analysis
Header analysis
Computer Vision
Natural Language Understanding
QR code analysis
Sender analysis
URL analysis
Attachment: Legal themed message or PDF with suspicious indicators
19d ago
Apr 3rd, 2026
Sublime Security
Credential Phishing
Extortion
BEC/Fraud
Evasion
PDF
Social engineering
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Whois
Header analysis
Exif analysis
Service abuse: Google Firebase sender address with suspicious content
20d ago
Apr 2nd, 2026
Sublime Security
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Page 1 of 22