A sandbox for the web
urlscan.io itself is a free service, but we also offer commercial products for heavy users and organisations that need additional insight.
We created urlscan.io in late 2016 to solve these problems. Our focus has always been to break down the vast amount of data from a website page navigation into digestible chunks. We're analyst-first, we always strive to understand and anticipate the pieces of information that would be helpful during an investigation and the attributes that allow pivoting. Just like you would use a malware sandbox to analyse suspicious files, you can use urlscan.io to do the same thing but with URLs.
Johannes has been working in InfoSec since 2011. He spent the last six years in the CrowdStrike Threat Intelligence team. In late 2016 he created urlscan.io.
Thanks to our corporate sponsors for helping us keep the community service up and running!
- SecurityTrails (a Recorded Future company) - Security Data and APIs
We Offer Paid API and Data Services for Top Security Companies. Tap into a treasure-trove of cyber security gold and get the info you can’t find anywhere else.
- ipinfo.io - IP Address API and Data Solutions
We're the trusted source for IP address data, handling 12 billion API requests per month for over 1,000 businesses and 100,000+ developers.
- Tines - Security Automation and Orchestration (SOAR) Platform
The Tines security automation platform helps the world's leading security teams automate any manual task. Making them more effective and efficient.
- Joe Security - Automated Malware Analysis - Joe Sandbox
Analyse Malware in a Depth Previously Not Possible. Unleash the power of deep malware analysis to your CERT, CIRT, SOC or IR team! Fully automated or manual.
- Hatching Triage - Sandbox for High-Volume Automated Malware Analysis
Hatching Triage is our state-of-the-art malware analysis sandbox designed for cross-platform support (Windows, Android, Linux, and macOS), high-volume malware analysis capabilities, and malware configuration extraction for dozens of malware families.
- Intezer Analyze - Intezer Analyze- Malware Analysis Platform
Intezer Analyze quickly classifies malware and unknown files making it an indispensable analyst tool. By detecting code reuse and similarities between threats to get a much deeper understanding of any unknown or malicious file.
- CTM360 - Cyber Threat Management | Digital Risk Protection
CTM360® is a Cyber Security subscription service offering 24 x 7 x 365 Cyber Threat Management for detecting and responding to cyber threats. CTM360 specializes in offensive defense and strives to strengthen a subscribed member’s security posture by making them a harder target in cyberspace.
These projects utilize urlscan.io:
- Phish.ly - Analyze suspicious emails with Tines & urlscan
urlscan.io was covered by these posts, articles and screencasts:
- Tines Podcast - Future of Security Operations - How automation can free up resources and streamline security investigation (May 10, 2022)
- Tines Webinar - Box, urlscan, Tines: URL analysis & phishing automation (February 24, 2022)
- Heise Newsticker - Sony bestätigt PS5-Betrug durch Fake-Shop "playstation-sony.eu" (April 9, 2021)
- Heise Magazine - Website-Inspektor (February 1, 2021)
- Reuters - 'Mercenary' hacker group runs rampant in Middle East, cybersecurity research shows (October 7, 2020)
- securitytrails.com Blog - It's never been easier to make a great product: A chat with Johannes Gilger from urlscan.io (May 2, 2019)
- tines.io - Automating abuse inbox management and phishing response (July 27, 2018)
- The Daily Beast - Russian Hackers’ New Target: a Vulnerable Democratic Senator (July 26, 2018)
- securitytrails.com Blog - URLScan.io: the best way to scan any website (July 16, 2018)
These are industry reports that leverage urlscan.io or its data in some way.
- 2022-06-20 - Malwarebytes - Client-side Magecart attacks still around, but more covert
- 2022-06-06 - Pixm - Phishing tactics: how a threat actor stole 1M credentials in 4 months
- 2022-06-04 - Cyberwarzone - URLscan threat hunting for beginners
- 2022-03-20 - Cymulate - Expanding on Existing IoCs to Leverage Immediate Threats Simulations
- 2022-02-03 - Krebs On Security - How Phishers Are Slinking Their Links Into LinkedIn
- 2022-04-19 - RiskIQ - Legitimate WordPress Site Hosts Malicious Content
- 2021-09-13 - Malwarebytes - The many tentacles of Magecart Group 8
- 2021-03-05 - SANS ISC - Spam Farm Spotted in the Wild
- 2020-08-20 - Krebs On Security - Voice Phishers Targeting Corporate VPNs
- 2020-07-12 - Group IB - The footprints of Raccoon: a story about operators of JS-sniffer FakeSecurity distributing Raccoon stealer
- 2020-07-06 - Malwarebytes - Credit card skimmer targets ASP.NET sites
- 2020-07-06 - Sansec - North Korean hackers are skimming US and European shoppers
- 2020-07-01 - Maltego - Using Maltego to Hunt for Phishing Subdomains
- 2020-05-12 - Max Kersten - Pivoting on the skimmer’s domain name (MageCart Hunting)
- 2020-01-31 - Reversing Labs - RATs in the Library
- 2019-12-18 - Trustwave - Anyone Can Check for Magecart with Just the Browser
- 2019-12-04 - AT&T Alien Labs - The “Great Cannon” has been deployed again
- 2019-08-21 - Anomali - Suspected North Korean Cyber Espionage Campaign Targets Multiple Foreign Ministries and Think Tanks
- 2019-08-19 - Anomali - Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations
- 2019-04-26 - BleepingComputer - GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores
- 2019-03-19 - Anomali - “Bad Tidings” Phishing Campaign Impersonates Saudi Government Agencies and a Saudi Financial Institution
- 2019-02-25 - Anomali - Online Bidding-Themed Phishing Campaigns Aims to Trick U.S. Federal Government Contractors
- 2019-02-19 - Geekflare - Detecting Security Threats on the Web through API
- 2019-02-19 - Anomali - Phishing Campaign Spoofs United Nations and Multiple Other Organizations
- 2019-02-15 - Anomali - Phishers Target Texas Department of Transportation Contractors with Online Bidding Scheme
urlscan.io is not the only service that can be used to browse and analyse a website. These are some similar services, some provided invaluable inspiration for this very service!
Lists of similar & related services
- Investigate & report phishing pages by SwiftOnSecurity
- Blocklists of Suspected Malicious IPs and URLs by Lenny Zeltser
- urlquery.net - Scans sites and looks up domains/IPs on various blacklists. This service inspired us to build urscan.io.
- keycdn speed test - Website speed test, employs similar techniques and inspired some features on this site
- WebPagetest - Exhaustive speed-testing service with different locations, browser and options
- pingdom Website speed test
- Trackography - Find out who is tracking you when you are reading your favourite news online.
- Web Cookies Scanner - HTTP cookies, Flash, HTML5 localStorage, sessionStorage, CANVAS, supercookies, evercookies as well as SSL/TLS and HTTP security
- Hardenize - Helping you deploy the latest security standards
- Browserless - A headless browser in the cloud
- browserless - Chrome as a service in docker. Run on our cloud, or bring your own.
- Puppeteer - Headless Chrome Node API, maintained by the Google Chrome Team
- Lighthouse - analyzes web apps and web pages, collecting modern performance metrics and insights on developer best practices.
- Awesome chrome-devtools - Awesome tooling and resources in the Chrome DevTools ecosystem
- The IP geo-location is courtesy of the MaxMind GeoIP Lite database.
- ASN information is thanks to Team Cymru's IP-to-ASN mapping service.
- We detect technologies on a website using the definitions from the Wappalyzer Project.
- The country flags are part of the flag-icon-css library.
urlscan.io is not affiliated with any of the services we link to on our results pages. Linking to any site does not constitute an endorsement or guarantee of fitness of the data.