Sublime Security

Sublime Core Feed
URL analysis
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: URL analysis
URL analysis scans links in emails, attachments, or embedded content to find malicious destinations aimed at stealing your credentials, delivering malware, or launching other types of attacks. This method looks at key factors like the structure of the URL, redirection paths, domain reputation, and what the link shows when clicked.
URL analysis can help you detect:
Phishing sites pretending to be trusted login pages
Malicious domains hidden through URL shorteners or redirects
Login forms on suspicious or newly registered domains
Brand impersonation using slight domain tweaks (typosquatting or homograph attacks)
Suspicious URLs with weird characters or unusual patterns
For example, attackers often use redirect chains to hide their final destination from security scanners. With URL analysis, we can follow these redirects to reveal the true destination and assess the potential threat.
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits · Blog · Sublime Security
Hiding a $50,000 BEC financial fraud in a fake email thread · Blog · Sublime Security
Talking phish over turkey · Blog · Sublime Security
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Living Off the Land: Callback Phishing via Docusign comment · Blog · Sublime Security
Abusing Discord to deliver Agent Tesla malware · Blog · Sublime Security
Gotta Catch 'Em All: Detecting PikaBot Delivery Techniques · Blog · Sublime Security
QR Code Phishing: Decoding Hidden Threats · Blog · Sublime Security
Detecting Credential Phishing using Deep Learning + MQL · Blog · Sublime Security
Attack Types (6):
Credential Phishing
Spam
BEC/Fraud
Malware/Ransomware
Callback Phishing
Extortion
Tactics & Techniques (27):
Impersonation: Brand
Free email provider
Social engineering
Evasion
Spoofing
Free subdomain host
PDF
Image as content
Free file host
Impersonation: Employee
QR code
Encryption
Open redirect
Lookalike domain
ICS Phishing
Out of band pivot
Service abuse
HTML smuggling
Scripting
OneNote
Credential Phishing
Impersonation: VIP
Exploit
IPFS
HTML injection
LNK
Punycode
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Brand impersonation: Zoom via lookalike domain
11h ago
Jun 22nd, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Free email provider
Social engineering
URL analysis
Sender analysis
Credential Phishing
Impersonation: Brand
Free email provider
Social engineering
URL analysis
Sender analysis
Body: Fake secure email portal with HTML obfuscation
5d ago
Jun 18th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
Spoofing
Content analysis
HTML analysis
URL analysis
Sender analysis
Threat intelligence
Credential Phishing
Evasion
Social engineering
Spoofing
Content analysis
HTML analysis
URL analysis
Sender analysis
Threat intelligence
Link: Mamba 2FA phishing kit
5d ago
Jun 18th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
URL analysis
Credential Phishing
Evasion
Social engineering
URL analysis
Brand impersonation: Cloud services with credential theft intent
5d ago
Jun 18th, 2026
Sublime Security
Credential Phishing
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
URL analysis
Credential Phishing
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
URL analysis
Service abuse: Google Firebase sender address with suspicious content
5d ago
Jun 18th, 2026
Sublime Security
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Brand impersonation: Bids & Tenders
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Spoofing
Social engineering
Sender analysis
URL analysis
Content analysis
Credential Phishing
Impersonation: Brand
Spoofing
Social engineering
Sender analysis
URL analysis
Content analysis
Service abuse: Outlook Groups with Google Sites link and evasion tag
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
Evasion
Free subdomain host
Social engineering
Content analysis
Header analysis
URL analysis
Sender analysis
Credential Phishing
Evasion
Free subdomain host
Social engineering
Content analysis
Header analysis
URL analysis
Sender analysis
Attachment: PDF with a suspicious string and single URL
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
URL analysis
Exif analysis
Credential Phishing
PDF
Social engineering
Evasion
Content analysis
File analysis
URL analysis
Exif analysis
Link: Romance/Sexual Language With Suspicious Link
6d ago
Jun 17th, 2026
Sublime Security
Spam
Social engineering
Content analysis
Header analysis
URL analysis
Whois
Spam
Social engineering
Content analysis
Header analysis
URL analysis
Whois
Brand impersonation: Fake Fax
6d ago
Jun 17th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Image as content
Free file host
Free subdomain host
Social engineering
Computer Vision
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
Credential Phishing
Impersonation: Brand
Image as content
Free file host
Free subdomain host
Social engineering
Computer Vision
Content analysis
Optical Character Recognition
Sender analysis
URL analysis
Suspicious Office 365 app authorization (OAuth) link
7d ago
Jun 16th, 2026
Sublime Security
Credential Phishing
URL analysis
Credential Phishing
URL analysis
Impersonation: Fake product discount promotion
7d ago
Jun 16th, 2026
Sublime Security
BEC/Fraud
Social engineering
Free file host
Content analysis
HTML analysis
URL analysis
BEC/Fraud
Social engineering
Free file host
Content analysis
HTML analysis
URL analysis
Fake Zoom meeting invite with suspicious link
7d ago
Jun 16th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Evasion
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Credential Phishing
Impersonation: Brand
Evasion
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Credential phishing: Generic document sharing
8d ago
Jun 15th, 2026
Sublime Security
Credential Phishing
BEC/Fraud
Social engineering
Evasion
Impersonation: Employee
Content analysis
Natural Language Understanding
URL analysis
Sender analysis
Credential Phishing
BEC/Fraud
Social engineering
Evasion
Impersonation: Employee
Content analysis
Natural Language Understanding
URL analysis
Sender analysis
Link: Concatenated display text concealing duplicate URLs with PDF reference
11d ago
Jun 12th, 2026
Sublime Security
Credential Phishing
Evasion
Social engineering
Content analysis
URL analysis
Credential Phishing
Evasion
Social engineering
Content analysis
URL analysis
Link: SVG with embedded recipient data
11d ago
Jun 12th, 2026
Sublime Security
Credential Phishing
Evasion
URL analysis
Content analysis
Credential Phishing
Evasion
URL analysis
Content analysis
Link: Suspicious file retrieval with recipient targeting
11d ago
Jun 12th, 2026
Sublime Security
Credential Phishing
Social engineering
URL analysis
Credential Phishing
Social engineering
URL analysis
Link: Flare-branded credential harvesting via Cloudflare tunnels
11d ago
Jun 12th, 2026
Sublime Security
Credential Phishing
Free subdomain host
Social engineering
Content analysis
URL analysis
Credential Phishing
Free subdomain host
Social engineering
Content analysis
URL analysis
Link: Observed URL pattern with specific domain registrar
11d ago
Jun 12th, 2026
Sublime Security
Spam
Free email provider
URL analysis
Sender analysis
Whois
Spam
Free email provider
URL analysis
Sender analysis
Whois
Brand impersonation: Social Security Administration
12d ago
Jun 11th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
URL analysis
BEC/Fraud
Credential Phishing
Impersonation: Brand
Social engineering
Content analysis
Sender analysis
URL analysis
Page 1 of 24

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Brand impersonation: Zoom via lookalike domain	11h ago Jun 22nd, 2026	Sublime Security	Credential Phishing Impersonation: Brand Free email provider Social engineering URL analysis Sender analysis
Body: Fake secure email portal with HTML obfuscation	5d ago Jun 18th, 2026	Sublime Security	Credential Phishing Evasion Social engineering Spoofing Content analysis HTML analysis URL analysis Sender analysis Threat intelligence
Link: Mamba 2FA phishing kit	5d ago Jun 18th, 2026	Sublime Security	Credential Phishing Evasion Social engineering URL analysis
Brand impersonation: Cloud services with credential theft intent	5d ago Jun 18th, 2026	Sublime Security	Credential Phishing Social engineering Content analysis Natural Language Understanding Sender analysis URL analysis
Service abuse: Google Firebase sender address with suspicious content	5d ago Jun 18th, 2026	Sublime Security	Spam Credential Phishing Free subdomain host Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis URL analysis Whois
Brand impersonation: Bids & Tenders	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Spoofing Social engineering Sender analysis URL analysis Content analysis
Service abuse: Outlook Groups with Google Sites link and evasion tag	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing Evasion Free subdomain host Social engineering Content analysis Header analysis URL analysis Sender analysis
Attachment: PDF with a suspicious string and single URL	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing PDF Social engineering Evasion Content analysis File analysis URL analysis Exif analysis
Link: Romance/Sexual Language With Suspicious Link	6d ago Jun 17th, 2026	Sublime Security	Spam Social engineering Content analysis Header analysis URL analysis Whois
Brand impersonation: Fake Fax	6d ago Jun 17th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Image as content Free file host Free subdomain host Social engineering Computer Vision Content analysis Optical Character Recognition Sender analysis URL analysis
Suspicious Office 365 app authorization (OAuth) link	7d ago Jun 16th, 2026	Sublime Security	Credential Phishing URL analysis
Impersonation: Fake product discount promotion	7d ago Jun 16th, 2026	Sublime Security	BEC/Fraud Social engineering Free file host Content analysis HTML analysis URL analysis
Fake Zoom meeting invite with suspicious link	7d ago Jun 16th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Evasion Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis
Credential phishing: Generic document sharing	8d ago Jun 15th, 2026	Sublime Security	Credential Phishing BEC/Fraud Social engineering Evasion Impersonation: Employee Content analysis Natural Language Understanding URL analysis Sender analysis
Link: Concatenated display text concealing duplicate URLs with PDF reference	11d ago Jun 12th, 2026	Sublime Security	Credential Phishing Evasion Social engineering Content analysis URL analysis
Link: SVG with embedded recipient data	11d ago Jun 12th, 2026	Sublime Security	Credential Phishing Evasion URL analysis Content analysis
Link: Suspicious file retrieval with recipient targeting	11d ago Jun 12th, 2026	Sublime Security	Credential Phishing Social engineering URL analysis
Link: Flare-branded credential harvesting via Cloudflare tunnels	11d ago Jun 12th, 2026	Sublime Security	Credential Phishing Free subdomain host Social engineering Content analysis URL analysis
Link: Observed URL pattern with specific domain registrar	11d ago Jun 12th, 2026	Sublime Security	Spam Free email provider URL analysis Sender analysis Whois
Brand impersonation: Social Security Administration	12d ago Jun 11th, 2026	Sublime Security	BEC/Fraud Credential Phishing Impersonation: Brand Social engineering Content analysis Sender analysis URL analysis