Sublime Security

Sublime Core Feed
Whois
Learn More
Login to Sublime
Attack Types
BEC/Fraud
Callback Phishing
Credential Phishing
Extortion
Malware/Ransomware
Reconnaissance
Spam
Tactics and Techniques
Encryption
Evasion
Exploit
Free email provider
Free file host
Free subdomain host
HTML smuggling
ICS Phishing
Image as content
Impersonation: Brand
Impersonation: Employee
Impersonation: VIP
IPFS
ISO
LNK
Lookalike domain
Macros
OneNote
Open redirect
Out of band pivot
PDF
Punycode
QR code
Scripting
Social engineering
Spoofing
Detection Methods
Archive analysis
Content analysis
Computer Vision
Exif analysis
File analysis
Header analysis
HTML analysis
Javascript analysis
Macro analysis
Natural Language Understanding
Optical Character Recognition
OLE analysis
PDF analysis
QR code analysis
Sender analysis
Threat intelligence
URL analysis
URL screenshot
Whois
XML analysis
YARA
Detection Method: Whois
Whois analysis retrieves and examines domain registration information from global Whois databases to spot suspicious or recently created domains that could indicate phishing attempts. This method helps you understand key domain details like the age, ownership, and registration patterns, which can be red flags for malicious activity.
Whois analysis can detect:
Newly registered domains that might have been set up just for phishing campaigns
Domains with suspicious registration patterns or incomplete Whois records
Mismatched registration details that don’t align with the claimed organization
Domains registered via privacy services to conceal true ownership
Domains with upcoming expiration dates, which could indicate temporary use
For example, established organizations often use domains that have been registered for long periods. So, if you get an email from a financial institution using a domain that was registered only a few days ago, that’s a huge red flag.
Blog Post
Living Off the Land: Credential Phishing via Docusign abuse · Blog · Sublime Security
Sublime Security Attack Spotlight: Credential phishing attempt using Docusign service to deliver multi-stage malicious links via fake PDF.
Attack Types (6):
BEC/Fraud
Spam
Credential Phishing
Callback Phishing
Malware/Ransomware
Extortion
Tactics & Techniques (15):
Social engineering
Evasion
Impersonation: Brand
PDF
Free email provider
Lookalike domain
ICS Phishing
Free file host
Free subdomain host
Impersonation: VIP
Spoofing
Open redirect
Scripting
Out of band pivot
IPFS
Rule Name & Severity
Last Updated
Types, Tactics & Capabilities
Suspicious newly registered reply-to domain with engaging financial or urgent language
6d ago
May 6th, 2026
Sublime Security
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
BEC/Fraud
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Link: Romance/Sexual Language With Suspicious Link
7d ago
May 5th, 2026
Sublime Security
Spam
Social engineering
Content analysis
Header analysis
URL analysis
Whois
Spam
Social engineering
Content analysis
Header analysis
URL analysis
Whois
Service abuse: Zoom with newly registered reply-to domain
8d ago
May 4th, 2026
Sublime Security
Spam
Social engineering
Evasion
Sender analysis
Header analysis
Whois
Spam
Social engineering
Evasion
Sender analysis
Header analysis
Whois
Brand impersonation: SharePoint PDF attachment with credential theft language
8d ago
May 4th, 2026
Sublime Security
Credential Phishing
Impersonation: Brand
Social engineering
PDF
Evasion
Computer Vision
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Header analysis
Whois
Credential Phishing
Impersonation: Brand
Social engineering
PDF
Evasion
Computer Vision
File analysis
Natural Language Understanding
Optical Character Recognition
Sender analysis
URL analysis
Header analysis
Whois
Impersonation: Suspected supplier impersonation with suspicious content
8d ago
May 4th, 2026
Sublime Security
BEC/Fraud
Evasion
Free email provider
Lookalike domain
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
BEC/Fraud
Evasion
Free email provider
Lookalike domain
Social engineering
Content analysis
Header analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Attachment: Calendar invite from recently registered domain
14d ago
Apr 28th, 2026
Sublime Security
Callback Phishing
Evasion
ICS Phishing
Social engineering
File analysis
Whois
Callback Phishing
Evasion
ICS Phishing
Social engineering
File analysis
Whois
Attachment: ICS file with links to newly registered domains
22d ago
Apr 20th, 2026
Sublime Security
Credential Phishing
Social engineering
File analysis
URL analysis
Whois
Credential Phishing
Social engineering
File analysis
URL analysis
Whois
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns
25d ago
Apr 17th, 2026
Sublime Security
BEC/Fraud
Callback Phishing
Spam
Impersonation: Brand
Social engineering
Free email provider
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Callback Phishing
Spam
Impersonation: Brand
Social engineering
Free email provider
Content analysis
Header analysis
Sender analysis
Whois
Link: Tax document lure Portuguese/Spanish with suspicious domains
28d ago
Apr 14th, 2026
Sublime Security
BEC/Fraud
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Content analysis
URL analysis
Whois
BEC/Fraud
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Content analysis
URL analysis
Whois
Service abuse: GitHub notification with excessive mentions and suspicious links
1mo ago
Apr 7th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Header analysis
URL analysis
Sender analysis
Whois
Credential Phishing
Malware/Ransomware
Free file host
Free subdomain host
Social engineering
Header analysis
URL analysis
Sender analysis
Whois
VIP impersonation: Fake thread with display name match, email mismatch
1mo ago
Apr 3rd, 2026
Sublime Security
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
BEC/Fraud
Evasion
Impersonation: VIP
Social engineering
Spoofing
Content analysis
Header analysis
Sender analysis
Whois
Attachment: Legal themed message or PDF with suspicious indicators
1mo ago
Apr 3rd, 2026
Sublime Security
Credential Phishing
Extortion
BEC/Fraud
Evasion
PDF
Social engineering
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Whois
Header analysis
Exif analysis
Credential Phishing
Extortion
BEC/Fraud
Evasion
PDF
Social engineering
Content analysis
File analysis
Natural Language Understanding
Optical Character Recognition
URL analysis
Whois
Header analysis
Exif analysis
Service abuse: Google Firebase sender address with suspicious content
1mo ago
Apr 2nd, 2026
Sublime Security
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Spam
Credential Phishing
Free subdomain host
Social engineering
Content analysis
Header analysis
HTML analysis
Natural Language Understanding
Sender analysis
URL analysis
Whois
Link: Financial account issue with suspicious indicators
1mo ago
Mar 24th, 2026
Sublime Security
Credential Phishing
Free file host
Free subdomain host
Social engineering
Content analysis
Natural Language Understanding
URL analysis
Whois
Credential Phishing
Free file host
Free subdomain host
Social engineering
Content analysis
Natural Language Understanding
URL analysis
Whois
Link: Commonly Abused Web Service redirecting to ZIP file
2mo ago
Mar 10th, 2026
Sublime Security
Malware/Ransomware
Free file host
Free subdomain host
Open redirect
Evasion
URL analysis
Whois
Archive analysis
Malware/Ransomware
Free file host
Free subdomain host
Open redirect
Evasion
URL analysis
Whois
Archive analysis
Link: Multistage landing - ClickUp abuse
2mo ago
Feb 27th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Free subdomain host
Open redirect
URL analysis
Whois
Content analysis
Credential Phishing
Malware/Ransomware
Evasion
Free file host
Free subdomain host
Open redirect
URL analysis
Whois
Content analysis
Attachment: PDF with multistage landing - ClickUp abuse
2mo ago
Feb 27th, 2026
Sublime Security
Credential Phishing
Evasion
Free file host
Free subdomain host
PDF
Social engineering
File analysis
URL analysis
Whois
Credential Phishing
Evasion
Free file host
Free subdomain host
PDF
Social engineering
File analysis
URL analysis
Whois
New link domain (<=10d) from untrusted sender
3mo ago
Feb 6th, 2026
Sublime Security
Credential Phishing
Malware/Ransomware
Sender analysis
URL analysis
Whois
Credential Phishing
Malware/Ransomware
Sender analysis
URL analysis
Whois
Vendor impersonation: Thread hijacking with typosquat domain
3mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Lookalike domain
Social engineering
Spoofing
Content analysis
Natural Language Understanding
Sender analysis
Whois
BEC/Fraud
Lookalike domain
Social engineering
Spoofing
Content analysis
Natural Language Understanding
Sender analysis
Whois
Suspected lookalike domain with suspicious language
3mo ago
Jan 12th, 2026
Sublime Security
BEC/Fraud
Evasion
Lookalike domain
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Whois
BEC/Fraud
Evasion
Lookalike domain
Social engineering
Content analysis
Natural Language Understanding
Sender analysis
Whois
Page 1 of 3

Rule Name & Severity	Last Updated	Author	Types, Tactics & Capabilities
Suspicious newly registered reply-to domain with engaging financial or urgent language	6d ago May 6th, 2026	Sublime Security	BEC/Fraud Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis Whois
Link: Romance/Sexual Language With Suspicious Link	7d ago May 5th, 2026	Sublime Security	Spam Social engineering Content analysis Header analysis URL analysis Whois
Service abuse: Zoom with newly registered reply-to domain	8d ago May 4th, 2026	Sublime Security	Spam Social engineering Evasion Sender analysis Header analysis Whois
Brand impersonation: SharePoint PDF attachment with credential theft language	8d ago May 4th, 2026	Sublime Security	Credential Phishing Impersonation: Brand Social engineering PDF Evasion Computer Vision File analysis Natural Language Understanding Optical Character Recognition Sender analysis URL analysis Header analysis Whois
Impersonation: Suspected supplier impersonation with suspicious content	8d ago May 4th, 2026	Sublime Security	BEC/Fraud Evasion Free email provider Lookalike domain Social engineering Content analysis Header analysis Natural Language Understanding Sender analysis URL analysis Whois
Attachment: Calendar invite from recently registered domain	14d ago Apr 28th, 2026	Sublime Security	Callback Phishing Evasion ICS Phishing Social engineering File analysis Whois
Attachment: ICS file with links to newly registered domains	22d ago Apr 20th, 2026	Sublime Security	Credential Phishing Social engineering File analysis URL analysis Whois
BEC/Fraud: Urgent language and suspicious sending/infrastructure patterns	25d ago Apr 17th, 2026	Sublime Security	BEC/Fraud Callback Phishing Spam Impersonation: Brand Social engineering Free email provider Content analysis Header analysis Sender analysis Whois
Link: Tax document lure Portuguese/Spanish with suspicious domains	28d ago Apr 14th, 2026	Sublime Security	BEC/Fraud Credential Phishing Malware/Ransomware Free file host Free subdomain host Social engineering Content analysis URL analysis Whois
Service abuse: GitHub notification with excessive mentions and suspicious links	1mo ago Apr 7th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Free file host Free subdomain host Social engineering Header analysis URL analysis Sender analysis Whois
VIP impersonation: Fake thread with display name match, email mismatch	1mo ago Apr 3rd, 2026	Sublime Security	BEC/Fraud Evasion Impersonation: VIP Social engineering Spoofing Content analysis Header analysis Sender analysis Whois
Attachment: Legal themed message or PDF with suspicious indicators	1mo ago Apr 3rd, 2026	Sublime Security	Credential Phishing Extortion BEC/Fraud Evasion PDF Social engineering Content analysis File analysis Natural Language Understanding Optical Character Recognition URL analysis Whois Header analysis Exif analysis
Service abuse: Google Firebase sender address with suspicious content	1mo ago Apr 2nd, 2026	Sublime Security	Spam Credential Phishing Free subdomain host Social engineering Content analysis Header analysis HTML analysis Natural Language Understanding Sender analysis URL analysis Whois
Link: Financial account issue with suspicious indicators	1mo ago Mar 24th, 2026	Sublime Security	Credential Phishing Free file host Free subdomain host Social engineering Content analysis Natural Language Understanding URL analysis Whois
Link: Commonly Abused Web Service redirecting to ZIP file	2mo ago Mar 10th, 2026	Sublime Security	Malware/Ransomware Free file host Free subdomain host Open redirect Evasion URL analysis Whois Archive analysis
Link: Multistage landing - ClickUp abuse	2mo ago Feb 27th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Evasion Free file host Free subdomain host Open redirect URL analysis Whois Content analysis
Attachment: PDF with multistage landing - ClickUp abuse	2mo ago Feb 27th, 2026	Sublime Security	Credential Phishing Evasion Free file host Free subdomain host PDF Social engineering File analysis URL analysis Whois
New link domain (<=10d) from untrusted sender	3mo ago Feb 6th, 2026	Sublime Security	Credential Phishing Malware/Ransomware Sender analysis URL analysis Whois
Vendor impersonation: Thread hijacking with typosquat domain	3mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Lookalike domain Social engineering Spoofing Content analysis Natural Language Understanding Sender analysis Whois
Suspected lookalike domain with suspicious language	3mo ago Jan 12th, 2026	Sublime Security	BEC/Fraud Evasion Lookalike domain Social engineering Content analysis Natural Language Understanding Sender analysis Whois