Detection Method: URL analysis

URL analysis scans links in emails, attachments, or embedded content to find malicious destinations aimed at stealing your credentials, delivering malware, or launching other types of attacks. This method looks at key factors like the structure of the URL, redirection paths, domain reputation, and what the link shows when clicked.
URL analysis can help you detect:
  • Phishing sites pretending to be trusted login pages
  • Malicious domains hidden through URL shorteners or redirects
  • Login forms on suspicious or newly registered domains
  • Brand impersonation using slight domain tweaks (typosquatting or homograph attacks)
  • Suspicious URLs with weird characters or unusual patterns
For example, attackers often use redirect chains to hide their final destination from security scanners. With URL analysis, we can follow these redirects to reveal the true destination and assess the potential threat.
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Attack Types (6):
Credential Phishing
Malware/Ransomware
BEC/Fraud
Spam
Callback Phishing
Extortion
Tactics & Techniques (27):
Impersonation: Brand
Evasion
PDF
Open redirect
Lookalike domain
Social engineering
Spoofing
Free email provider
Free subdomain host
Free file host
Image as content
QR code
Impersonation: Employee
ICS Phishing
Out of band pivot
Encryption
Service abuse
HTML smuggling
Scripting
OneNote
Credential Phishing
Impersonation: VIP
Exploit
IPFS
HTML injection
LNK
Punycode
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Attachment: Microsoft OAuth credential harvesting via EML with embedded malicious links
12h ago
Jun 1st, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Evasion
PDF
File analysis
URL analysis
Content analysis
Open redirect: Hakumonkai.org
13h ago
Jun 1st, 2026
Sublime Security
Credential Phishing
Open redirect
URL analysis
File analysis
Suspicious Office 365 app authorization (OAuth) link
15h ago
Jun 1st, 2026
Sublime Security
Credential Phishing
URL analysis
Brand impersonation: DocuSign
19h ago
Jun 1st, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Spoofing
Header analysis
Sender analysis
URL analysis
Credential phishing: Engaging language and other indicators (untrusted sender)
4d ago
May 29th, 2026
Sublime Security
Credential Phishing
Free email provider
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Impersonation Link: Cloud branding service with credential theft language
4d ago
May 29th, 2026
Sublime Security
Credential Phishing
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
URL analysis
Credential phishing: Suspicious e-sign agreement document notification
4d ago
May 29th, 2026
Sublime Security
Credential Phishing
Social engineering
Content analysis
Header analysis
HTML analysis
URL analysis
Sender analysis
Link: Numeric IP obfuscation in URL
5d ago
May 28th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
URL analysis
Credential phishing: AWS Lambda URL with recipient targeting
5d ago
May 28th, 2026
Sublime Security
Credential Phishing
Free subdomain host
Social engineering
URL analysis
Content analysis
Link: Self-sender credential theft with configuration placeholder
6d ago
May 27th, 2026
Sublime Security
Credential Phishing
Social engineering
Evasion
Natural Language Understanding
Content analysis
URL analysis
Header analysis
Service abuse: Google OAuth with suspicious redirect destination
6d ago
May 27th, 2026
Sublime Security
Credential Phishing
Evasion
Free file host
Free subdomain host
Open redirect
Social engineering
URL analysis
Threat intelligence
Brand impersonation: Figma with malicious document access overlay
6d ago
May 27th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Image as content
Sender analysis
HTML analysis
URL screenshot
Optical Character Recognition
URL analysis
Observed IOC: Malicious root domains in body links
6d ago
May 27th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Social engineering
URL analysis
Content analysis
Service abuse: Square marketing with suspicious QR code
7d ago
May 26th, 2026
Sublime Security
Credential Phishing
QR code
Free file host
Computer Vision
QR code analysis
Sender analysis
URL analysis
Image as content with a link to an open redirect
7d ago
May 26th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Image as content
Open redirect
Social engineering
Content analysis
HTML analysis
URL analysis
Link: Google Cloud Storage with suspicious URL pattern
7d ago
May 26th, 2026
Sublime Security
Credential Phishing
Free file host
Evasion
URL analysis
Link: Google Cloud Storage impersonating with googledrive in URL path
7d ago
May 26th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Free file host
URL analysis
Credential phishing: Onedrive impersonation
7d ago
May 26th, 2026
Sublime Security
Credential Phishing
Free subdomain host
Impersonation: Brand
Social engineering
Content analysis
Header analysis
Natural Language Understanding
URL analysis
Credential phishing: Generic document sharing
11d ago
May 22nd, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Social engineering
Evasion
Impersonation: Employee
Content analysis
Natural Language Understanding
URL analysis
Sender analysis
Brand Impersonation: Social Security Administration (SSA)
12d ago
May 21st, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
URL analysis
Page 1 of 23