Detection Method: URL analysis

URL analysis scans links in emails, attachments, or embedded content to find malicious destinations aimed at stealing your credentials, delivering malware, or launching other types of attacks. This method looks at key factors like the structure of the URL, redirection paths, domain reputation, and what the link shows when clicked.
URL analysis can help you detect:
  • Phishing sites pretending to be trusted login pages
  • Malicious domains hidden through URL shorteners or redirects
  • Login forms on suspicious or newly registered domains
  • Brand impersonation using slight domain tweaks (typosquatting or homograph attacks)
  • Suspicious URLs with weird characters or unusual patterns
For example, attackers often use redirect chains to hide their final destination from security scanners. With URL analysis, we can follow these redirects to reveal the true destination and assess the potential threat.
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Attack Types (6):
Credential Phishing
Malware/Ransomware
BEC/Fraud
Spam
Callback Phishing
Extortion
Tactics & Techniques (27):
Social engineering
Evasion
Free file host
Impersonation: Brand
Free email provider
Lookalike domain
PDF
Out of band pivot
Spoofing
QR code
Free subdomain host
Image as content
Open redirect
ICS Phishing
Encryption
Service abuse
HTML smuggling
Scripting
OneNote
Impersonation: Employee
Credential Phishing
Impersonation: VIP
Exploit
IPFS
HTML injection
LNK
Punycode
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Link: Google Forms link with credential theft language
20h ago
May 11th, 2026
Sublime Security
Credential Phishing
Social engineering
Natural Language Understanding
Sender analysis
URL analysis
Observed IOC: Malicious domains in body links
5d ago
May 7th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Social engineering
URL analysis
Content analysis
Service abuse: Dropbox Paper with copy-paste instructions
5d ago
May 7th, 2026
Sublime Security
Credential Phishing
Social engineering
Free file host
Evasion
Content analysis
URL analysis
Link: Suspicious Loom HTML file path
6d ago
May 6th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
HTML analysis
URL analysis
Suspicious newly registered reply-to domain with engaging financial or urgent language
6d ago
May 6th, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Link: Cloud service with credential theft language
6d ago
May 6th, 2026
Sublime Security
Credential Phishing
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
URL analysis
Link: Romance/Sexual Language With Suspicious Link
7d ago
May 5th, 2026
Sublime Security
Spam
Social engineering
Content analysis
Header analysis
URL analysis
Whois
Impersonation: Suspected supplier impersonation with suspicious content
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Evasion
Free email provider
Lookalike domain
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Brand impersonation: SharePoint PDF attachment with credential theft language
8d ago
May 4th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
PDF
Evasion
Computer Vision
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Header analysis
Whois
Callback phishing via Adobe Sign comment
8d ago
May 4th, 2026
Sublime Security
Callback Phishing
Evasion
Impersonation: Brand
Out of band pivot
Social engineering
Content analysis
Computer Vision
Header analysis
Sender analysis
URL analysis
Link: BEC with newly registered domains and financial keywords
11d ago
May 1st, 2026
Sublime Security
BEC/Fraud
Social engineering
Evasion
Spoofing
Header analysis
Sender analysis
URL analysis
Attachment: Fake voicemail via PDF
12d ago
Apr 30th, 2026
Sublime Security
Credential Phishing
PDF
QR code
Social engineering
Computer Vision
Content analysis
File analysis
Optical Character Recognition
QR code analysis
URL analysis
Link: File sharing impersonation with suspicious language and sending patterns
12d ago
Apr 30th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Social engineering
Free subdomain host
Impersonation: Brand
Natural Language Understanding
URL analysis
Sender analysis
Header analysis
Content analysis
Brand impersonation: Fake Fax
12d ago
Apr 30th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Image as content
Free file host
Free subdomain host
Social engineering
Computer Vision
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
Attachment: Link to Doubleclick.net open redirect
13d ago
Apr 29th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Evasion
Open redirect
Social engineering
Content analysis
File analysis
URL analysis
Brand impersonation: Microsoft logo or suspicious language with open redirect
13d ago
Apr 29th, 2026
Sublime Security
BEC/Fraud
Impersonation: Brand
Open redirect
Social engineering
Computer Vision
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Attachment: ICS file with AWS Lambda URL
14d ago
Apr 28th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Free file host
ICS Phishing
Content analysis
File analysis
URL analysis
Attachment: Calendar invite with suspicious link leading to an open redirect
14d ago
Apr 28th, 2026
Sublime Security
Spam
Free email provider
Free file host
Free subdomain host
ICS Phishing
Open redirect
Content analysis
URL analysis
Link: Google Calendar invite linking to an open redirect from an untrusted freemail sender
14d ago
Apr 28th, 2026
Sublime Security
Spam
Free email provider
Free file host
ICS Phishing
Open redirect
Social engineering
Content analysis
Sender analysis
URL analysis
Attachment: Calendar invite with Google redirect and invoice request
14d ago
Apr 28th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
ICS Phishing
Open redirect
Social engineering
File analysis
Natural Language Understanding
URL analysis
Page 1 of 23