Sublime Security

Sublime Core Feed
Whois
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: Whois
Whois analysis retrieves and examines domain registration information from global Whois databases to spot suspicious or recently created domains that could indicate phishing attempts. This method helps you understand key domain details like the age, ownership, and registration patterns, which can be red flags for malicious activity.
Whois analysis can detect:
Newly registered domains that might have been set up just for phishing campaigns
Domains with suspicious registration patterns or incomplete Whois records
Mismatched registration details that don’t align with the claimed organization
Domains registered via privacy services to conceal true ownership
Domains with upcoming expiration dates, which could indicate temporary use
For example, established organizations often use domains that have been registered for long periods. So, if you get an email from a financial institution using a domain that was registered only a few days ago, that’s a huge red flag.
Blog Post
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Sublime Security Attack Spotlight: Credential phishing attempt using Docusign service to deliver multi-stage malicious links via fake PDF.
Attack Types (6):
Credential Phishing
Spam
Malware/Ransomware
Extortion
BEC/Fraud
Callback Phishing
Tactics & Techniques (14):
Free file host
Free subdomain host
Social engineering
Open redirect
Evasion
PDF
Lookalike domain
Spoofing
Impersonation: Brand
Free email provider
Impersonation: VIP
Scripting
Out of band pivot
IPFS
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Link: Financial account issue with suspicious indicators
6d ago
Mar 24th, 2026
Sublime Security
Credential Phishing
Free file host
Free subdomain host
Social engineering
Content analysis
Natural Language Understanding
URL analysis
Whois
Credential Phishing
Free file host
Free subdomain host
Social engineering
Content analysis
Natural Language Understanding
URL analysis
Whois
Service abuse: Google Firebase sender address with suspicious content
18d ago
Mar 12th, 2026
Sublime Security
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Link: Commonly Abused Web Service redirecting to ZIP file
20d ago
Mar 10th, 2026
Sublime Security
Malware/Ransomware
Free file host
Free subdomain host
Open redirect
Evasion
URL analysis
Whois
Archive analysis
Malware/Ransomware
Free file host
Free subdomain host
Open redirect
Evasion
URL analysis
Whois
Archive analysis
Link: Multistage landing - ClickUp abuse
1mo ago
Feb 27th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Free subdomain host
Open redirect
URL analysis
Whois
Content analysis
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Free subdomain host
Open redirect
URL analysis
Whois
Content analysis
Attachment: PDF with multistage landing - ClickUp abuse
1mo ago
Feb 27th, 2026
Sublime Security
Credential Phishing
Evasion
Free file host
Free subdomain host
PDF
Social engineering
File analysis
URL analysis
Whois
Credential Phishing
Evasion
Free file host
Free subdomain host
PDF
Social engineering
File analysis
URL analysis
Whois
New link domain (<=10d) from untrusted sender
1mo ago
Feb 6th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Sender analysis
URL analysis
Whois
Credential Phishing
Malware/Ransomware
Sender analysis
URL analysis
Whois
Attachment: Legal themed message or PDF with suspicious indicators
1mo ago
Feb 5th, 2026
Sublime Security
Credential Phishing
Extortion
BEC/Fraud
Evasion
PDF
Social engineering
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Whois
Header analysis
Exif analysis
Credential Phishing
Extortion
BEC/Fraud
Evasion
PDF
Social engineering
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Whois
Header analysis
Exif analysis
Vendor impersonation: Thread hijacking with typosquat domain
2mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Lookalike domain
Social engineering
Spoofing
Content analysis
Natural Language Understanding
Sender analysis
Whois
BEC/Fraud
Lookalike domain
Social engineering
Spoofing
Content analysis
Natural Language Understanding
Sender analysis
Whois
Attachment: DocuSign impersonation via PDF linking to new domain
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
PDF
Social engineering
Header analysis
Sender analysis
URL analysis
File analysis
Computer Vision
Whois
Credential Phishing
Impersonation: Brand
PDF
Social engineering
Header analysis
Sender analysis
URL analysis
File analysis
Computer Vision
Whois
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns
2mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Spam
Impersonation: Brand
Social engineering
Free email provider
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Callback Phishing
Spam
Impersonation: Brand
Social engineering
Free email provider
Content analysis
Header analysis
Sender analysis
Whois
Suspicious newly registered reply-to domain with engaging financial or urgent language
2mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Brand impersonation: Microsoft fake sign-in alert
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Sender analysis
Whois
Credential Phishing
Impersonation: Brand
Social engineering
Computer Vision
Content analysis
File analysis
Header analysis
Sender analysis
Whois
Link: Google Firebase dynamic link that redirects to new domain (<7 days old)
2mo ago
Jan 12th, 2026
Credential Phishing
Malware/Ransomware
Evasion
URL analysis
Whois
Credential Phishing
Malware/Ransomware
Evasion
URL analysis
Whois
Suspected lookalike domain with suspicious language
2mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Evasion
Lookalike domain
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Whois
BEC/Fraud
Evasion
Lookalike domain
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Whois
VIP impersonation: Fake thread with display name match, email mismatch
2mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
Fraudulent order confirmation/shipping notification from Chinese sender domain
2mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Whois
BEC/Fraud
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Whois
Brand impersonation: Silicon Valley Bank
2mo ago
Jan 12th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Sender analysis
Whois
Credential Phishing
Impersonation: Brand
Lookalike domain
Social engineering
Sender analysis
Whois
Link: Cryptocurrency fraud with suspicious links
3mo ago
Dec 1st, 2025
Sublime Security
BEC/Fraud
Social engineering
Evasion
Free subdomain host
Scripting
Content analysis
Header analysis
Javascript analysis
Natural Language Understanding
Sender analysis
URL analysis
URL screenshot
Whois
BEC/Fraud
Social engineering
Evasion
Free subdomain host
Scripting
Content analysis
Header analysis
Javascript analysis
Natural Language Understanding
Sender analysis
URL analysis
URL screenshot
Whois
Service abuse: Google Drive share from new reply-to domain
4mo ago
Nov 13th, 2025
Sublime Security
BEC/Fraud
Callback Phishing
Credential Phishing
Free email provider
Social engineering
Free file host
Header analysis
Sender analysis
Whois
BEC/Fraud
Callback Phishing
Credential Phishing
Free email provider
Social engineering
Free file host
Header analysis
Sender analysis
Whois
Spam: Fake photo share
4mo ago
Nov 8th, 2025
Sublime Security
Spam
Evasion
Social engineering
Content analysis
Sender analysis
URL analysis
Whois
Spam
Evasion
Social engineering
Content analysis
Sender analysis
URL analysis
Whois
Page 1 of 2

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Link: Financial account issue with suspicious indicators	6d ago Mar 24th, 2026	Sublime Security	Credential Phishing Free file host Free subdomain host Social engineering Content analysis Natural Language Understanding URL analysis Whois
Service abuse: Google Firebase sender address with suspicious content	18d ago Mar 12th, 2026	Sublime Security	Spam Credential Phishing Free subdomain host Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis URL analysis Whois
Link: Commonly Abused Web Service redirecting to ZIP file	20d ago Mar 10th, 2026	Sublime Security	Malware/Ransomware Free file host Free subdomain host Open redirect Evasion URL analysis Whois Archive analysis
Link: Multistage landing - ClickUp abuse	1mo ago Feb 27th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion Free file host Free subdomain host Open redirect URL analysis Whois Content analysis
Attachment: PDF with multistage landing - ClickUp abuse	1mo ago Feb 27th, 2026	Sublime Security	Credential Phishing Evasion Free file host Free subdomain host PDF Social engineering File analysis URL analysis Whois
New link domain (<=10d) from untrusted sender	1mo ago Feb 6th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Sender analysis URL analysis Whois
Attachment: Legal themed message or PDF with suspicious indicators	1mo ago Feb 5th, 2026	Sublime Security	Credential Phishing Extortion BEC/Fraud Evasion PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition URL analysis Whois Header analysis Exif analysis
Vendor impersonation: Thread hijacking with typosquat domain	2mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Lookalike domain Social engineering Spoofing Content analysis Natural Language Understanding Sender analysis Whois
Attachment: DocuSign impersonation via PDF linking to new domain	2mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Impersonation: Brand PDF Social engineering Header analysis Sender analysis URL analysis File analysis Computer Vision Whois
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns	2mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Callback Phishing Spam Impersonation: Brand Social engineering Free email provider Content analysis Header analysis Sender analysis Whois
Suspicious newly registered reply-to domain with engaging financial or urgent language	2mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis Whois
Brand impersonation: Microsoft fake sign-in alert	2mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering Computer Vision Content analysis File analysis Header analysis Sender analysis Whois
Link: Google Firebase dynamic link that redirects to new domain (<7 days old)	2mo ago Jan 12th, 2026	@ajpc500	Credential Phishing Malware/Ransomware Evasion URL analysis Whois
Suspected lookalike domain with suspicious language	2mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Evasion Lookalike domain Social engineering Content analysis Natural Language Understanding Sender analysis Whois
VIP impersonation: Fake thread with display name match, email mismatch	2mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Evasion Impersonation: VIP Social engineering Spoofing Content analysis Header analysis Sender analysis Whois
Fraudulent order confirmation/shipping notification from Chinese sender domain	2mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Social engineering Content analysis Natural Language Understanding Sender analysis Whois
Brand impersonation: Silicon Valley Bank	2mo ago Jan 12th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Lookalike domain Social engineering Sender analysis Whois
Link: Cryptocurrency fraud with suspicious links	3mo ago Dec 1st, 2025	Sublime Security	BEC/Fraud Social engineering Evasion Free subdomain host Scripting Content analysis Header analysis Javascript analysis Natural Language Understanding Sender analysis URL analysis URL screenshot Whois
Service abuse: Google Drive share from new reply-to domain	4mo ago Nov 13th, 2025	Sublime Security	BEC/Fraud Callback Phishing Credential Phishing Free email provider Social engineering Free file host Header analysis Sender analysis Whois
Spam: Fake photo share	4mo ago Nov 8th, 2025	Sublime Security	Spam Evasion Social engineering Content analysis Sender analysis URL analysis Whois