urlscan.io
A sandbox for the web

urlscan.io is a free service to scan and analyse websites. When a URL is submitted to urlscan.io, an automated process will browse to the URL like a regular user and record the activity that this page navigation creates. This includes the domains and IPs contacted, the resources (JavaScript, CSS, etc) requested from those domains, as well as additional information about the page itself. urlscan.io will take a screenshot of the page, record the DOM content, JavaScript global variables, cookies created by the page, and a myriad of other observations. If the site is targeting the users one of the more than 900 brands tracked by urlscan.io, it will be highlighted as potentially malicious in the scan results.

urlscan.io itself is a free service, but we also offer commercial products for heavy users and organisations that need additional insight.

Our Mission

Corporate Sponsors

Thanks to our corporate sponsors for helping us keep the community service up and running!

• SecurityTrails (a Recorded Future company) - Security Data and APIs
  We Offer Paid API and Data Services for Top Security Companies. Tap into a treasure-trove of cyber security gold and get the info you can’t find anywhere else.
• Tines - Security Automation and Orchestration (SOAR) Platform
  The Tines security automation platform helps the world's leading security teams automate any manual task. Making them more effective and efficient.
• Hatching Triage - Sandbox for High-Volume Automated Malware Analysis
  Hatching Triage is our state-of-the-art malware analysis sandbox designed for cross-platform support (Windows, Android, Linux, and macOS), high-volume malware analysis capabilities, and malware configuration extraction for dozens of malware families.
• CTM360 - Cyber Threat Management | Digital Risk Protection
  CTM360® is a Cyber Security subscription service offering 24 x 7 x 365 Cyber Threat Management for detecting and responding to cyber threats. CTM360 specializes in offensive defense and strives to strengthen a subscribed member’s security posture by making them a harder target in cyberspace.
• ThreatHunter.ai - Managed Detection, Threat Correlation & Incident Response services.
  Expert Threat Hunting 24 hrs a day, 7 days a week, 365 days a year.
  Your brand deserves more than just Managed Detection & Response.
• Cyble - Cybersecurity Threat Intelligence Platform & Solutions
  Experience next-level cybersecurity with our unified platform – the pinnacle of AI-powered threat management. Detect, analyze, and neutralize cyber threats seamlessly. Empower your organization with unmatched efficiency in identifying and countering a spectrum of cyber risks. Elevate your defense strategy with the future of cybersecurity.
• Pentest-Tools.com - The essential penetration testing tools
  Instantly available setup for vulnerability assessment & penetration testing. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun.
• ipinfo.io - IP Address API and Data Solutions
  We're the trusted source for IP address data, handling 12 billion API requests per month for over 1,000 businesses and 100,000+ developers.

Media Coverage

urlscan.io was covered by these posts, articles and screencasts:

• Backblaze Case Study - Threat Analysis Firm Taps Backblaze in the Fight Against Cybercrime (December 15, 2022)
• Tines Podcast - Future of Security Operations - How automation can free up resources and streamline security investigation (May 10, 2022)
• Tines Webinar - Box, urlscan, Tines: URL analysis & phishing automation (February 24, 2022)
• Heise Newsticker - Sony bestätigt PS5-Betrug durch Fake-Shop "playstation-sony.eu" (April 9, 2021)
• Heise Magazine - Website-Inspektor (February 1, 2021)
• Reuters - 'Mercenary' hacker group runs rampant in Middle East, cybersecurity research shows (October 7, 2020)
• securitytrails.com Blog - It's never been easier to make a great product: A chat with Johannes Gilger from urlscan.io (May 2, 2019)
• tines.io - Automating abuse inbox management and phishing response (July 27, 2018)
• The Daily Beast - Russian Hackers’ New Target: a Vulnerable Democratic Senator (July 26, 2018)
• securitytrails.com Blog - URLScan.io: the best way to scan any website (July 16, 2018)

Reports referencing urlscan.io

These are industry reports that leverage urlscan.io or its data in some way.

• 2024-08-14 - Orange Cyberdefense - Emmenhtal: a little-known loader distributing commodity infostealers worldwide
• 2024-04-25 - Trend Micro - Trend Micro Collaborated with Interpol in Cracking Down Grandoreiro Banking Trojan
• 2024-03-27 - Obsidian - Detecting & Blocking Tycoon’s latest AiTM Phishing Kit
• 2024-03-25 - Sekoia - Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit
• 2024-03-04 - Sucuri - Thousands of Sites with Popup Builder Compromised by Balada Injector
• 2024-01-23 - Infoblox - Cybercrime Central: VexTrio Operates Massive Criminal Affiliate Program
• 2023-12-03 - BushidoToken Threat Intel - Cybercriminals Leverage Hijacked Booking.com accounts for Phishing
• 2023-10-16 - Sekoia - ClearFake: a newcomer to the “fake updates” threats landscape
• 2023-10-09 - Krebs on Security - Phishers Spoof USPS, 12 Other Natl’ Postal Services
• 2023-06-15 - Vade - Phishing as a Service: Analyzing "Greatness"
• 2023-06-13 - Sygnia - Case Study: cracking a global Adversary-In-The-Middle campaign using a threat intelligence toolkit
• 2023-06-19 - Phish Report - Threat hunting for phishing sites with urlscan.io
• 2022-12-15 - Domaintools - Flying Phish
• 2022-09-19 - Recorded Future - Russia-Nexus UAC-0113 Emulating Telecommunication Providers in Ukraine
• 2022-06-20 - Malwarebytes - Client-side Magecart attacks still around, but more covert
• 2022-06-06 - Pixm - Phishing tactics: how a threat actor stole 1M credentials in 4 months
• 2022-06-04 - Cyberwarzone - URLscan threat hunting for beginners
• 2022-03-20 - Cymulate - Expanding on Existing IoCs to Leverage Immediate Threats Simulations
• 2022-02-03 - Krebs On Security - How Phishers Are Slinking Their Links Into LinkedIn
• 2022-04-19 - RiskIQ - Legitimate WordPress Site Hosts Malicious Content
• 2021-09-13 - Malwarebytes - The many tentacles of Magecart Group 8
• 2021-03-05 - SANS ISC - Spam Farm Spotted in the Wild
• 2020-08-20 - Krebs On Security - Voice Phishers Targeting Corporate VPNs
• 2020-07-12 - Group IB - The footprints of Raccoon: a story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer
• 2020-07-06 - Malwarebytes - Credit card skimmer targets ASP.NET sites
• 2020-07-06 - Sansec - North Korean hackers are skimming US and European shoppers
• 2020-07-01 - Maltego - Using Maltego to Hunt for Phishing Subdomains
• 2020-05-12 - Max Kersten - Pivoting on the skimmer’s domain name (MageCart Hunting)
• 2020-03-12 - Recorded Future - Swallowing the Snake’s Tail: Tracking Turla Infrastructure
• 2020-01-31 - Reversing Labs - RATs in the Library
• 2019-12-18 - Trustwave - Anyone Can Check for Magecart with Just the Browser
• 2019-12-04 - AT&T Alien Labs - The “Great Cannon” has been deployed again
• 2019-08-21 - Anomali - Suspected North Korean Cyber Espionage Campaign Targets Multiple Foreign Ministries and Think Tanks
• 2019-08-19 - Anomali - Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations
• 2019-04-26 - BleepingComputer - GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores
• 2019-03-19 - Anomali - “Bad Tidings” Phishing Campaign Impersonates Saudi Government Agencies and a Saudi Financial Institution
• 2019-02-25 - Anomali - Online Bidding-Themed Phishing Campaigns Aims to Trick U.S. Federal Government Contractors
• 2019-02-19 - Geekflare - Detecting Security Threats on the Web through API
• 2019-02-19 - Anomali - Phishing Campaign Spoofs United Nations and Multiple Other Organizations
• 2019-02-15 - Anomali - Phishers Target Texas Department of Transportation Contractors with Online Bidding Scheme

Similar services & software

urlscan.io is not the only service that can be used to browse and analyse a website. These are some similar services, some provided invaluable inspiration for this very service!

Lists of similar & related services

• Investigate & report phishing pages by SwiftOnSecurity
• Blocklists of Suspected Malicious IPs and URLs by Lenny Zeltser

Services

• urlquery.net - Scans sites and looks up domains/IPs on various blacklists. This service inspired us to build urscan.io.
• keycdn speed test - Website speed test, employs similar techniques and inspired some features on this site
• WebPagetest - Exhaustive speed-testing service with different locations, browser and options
• pingdom Website speed test
• Trackography - Find out who is tracking you when you are reading your favourite news online.
• Web Cookies Scanner - HTTP cookies, Flash, HTML5 localStorage, sessionStorage, CANVAS, supercookies, evercookies as well as SSL/TLS and HTTP security
• Hardenize - Helping you deploy the latest security standards
• Browserless - A headless browser in the cloud

Software

• browserless - Chrome as a service in docker. Run on our cloud, or bring your own.
• Puppeteer - Headless Chrome Node API, maintained by the Google Chrome Team
• Lighthouse - analyzes web apps and web pages, collecting modern performance metrics and insights on developer best practices.
• Awesome chrome-devtools - Awesome tooling and resources in the Chrome DevTools ecosystem

Acknowledgements

• The IP geo-location is courtesy of the MaxMind GeoIP Lite database.
• ASN information is thanks to Team Cymru's IP-to-ASN mapping service.
• We detect technologies on a website using the definitions from the Wappalyzer Project.
• The country flags are part of the flag-icon-css library.

Affiliation

urlscan.io is not affiliated with any of the services we link to on our results pages. Linking to any site does not constitute an endorsement or guarantee of fitness of the data.