Detection Method: URL screenshot

URL screenshot captures and analyzes the visual elements of web pages linked in emails to help you spot phishing attempts or suspicious content that might slip past regular URL analysis. By rendering these web pages in a safe, isolated environment, it gives you a sneak peek at the content—without putting you at risk.
URL screenshot can help you detect:
  • Fake login pages pretending to be from trusted services
  • Brand impersonation using logos or design that don’t belong
  • Malicious forms trying to steal your credentials
  • Content that’s designed to trick you but can’t be caught by regular text analysis
  • CAPTCHA forms or other elements trying to bypass automated detection
For example, attackers often create exact replicas of login pages from banks or email providers. URL screenshots make it easier to spot these deceptive pages, whether you're reviewing them manually or relying on automated systems.
This method is crucial for spotting phishing attempts that rely on visual tricks, helping you prevent falling for malicious links that look convincing at first glance.
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Link: Credential harvesting with excess padding evasion
1mo ago
Jun 15th, 2026
Sublime Security
Credential phishing link (unknown sender)
1mo ago
Jun 5th, 2026
Sublime Security
Brand impersonation: Figma with malicious document access overlay
1mo ago
May 27th, 2026
Sublime Security
Attachment: PDF with suspicious link and action-oriented language
1mo ago
May 18th, 2026
Sublime Security
Link: Microsoft device code authentication with suspicious indicators
4mo ago
Mar 12th, 2026
Sublime Security
Link: Unsolicited email contains link to page containing Tycoon URI structure
4mo ago
Mar 10th, 2026
Sublime Security
Link: Figma design deck with credential theft language
4mo ago
Mar 4th, 2026
Sublime Security
Link: Credential theft with invisible Unicode character in page title from unsolicited sender
5mo ago
Feb 13th, 2026
Sublime Security
Link: Microsoft Dynamics 365 form phishing
5mo ago
Jan 27th, 2026
Sublime Security
Free subdomain link with login or captcha (untrusted sender)
6mo ago
Jan 12th, 2026
Sublime Security
Link: Multistage landing - Scribd document
6mo ago
Jan 12th, 2026
Sublime Security
Suspicious recipients pattern with no Compauth pass and suspicious content
6mo ago
Jan 12th, 2026
Sublime Security
Suspicious recipient pattern and language with low reputation link to login
6mo ago
Jan 12th, 2026
Sublime Security
Attachment: HTML smuggling - QR Code with suspicious links
6mo ago
Jan 12th, 2026
Sublime Security
Issuu document with suspicious embedded link
6mo ago
Jan 12th, 2026
Sublime Security
Attachment: QR code with credential phishing indicators
6mo ago
Jan 12th, 2026
Sublime Security
Link: Adobe share with suspicious indicators
6mo ago
Jan 12th, 2026
Sublime Security
Google Accelerated Mobile Pages (AMP) abuse
6mo ago
Jan 12th, 2026
Sublime Security
Link to auto-downloaded file with Google Drive branding
6mo ago
Jan 12th, 2026
Sublime Security
Service abuse: Formester with suspicious link behavior
6mo ago
Dec 19th, 2025
Sublime Security