FAQ - Frequently Asked Questions

General FAQs

Q: What is difference between Public, Unlisted, and Private scans? Do they deliver different results?

A: The scans all deliver the same results. The difference between the scan type is their visibility in the search results.
Private and Unlisted scans do not appear on the frontpage or in the public search-results or aggregations.

Private scans can only be opened if you know their unique ID. If you submitted a private scan while logged in, you will be able to find your own private scans in your search. We don't share private scan information with third parties (including our sponsors and commercial customers), ever.

Unlisted scans can be found by vetted security researchers and companies which are subscribers to our urlscan Pro platform.

Make sure you understand the differences as outline in our API documentation.

Q: When should I choose Public, Unlisted, or Private when scanning?

A: These are some guidelines to decide when to use which visibility:
Public: There is no PII or confidential data in the URL and you want it to be discoverable by other researchers.
Unlisted: There might be PII or mildly sensitive data on the site, but you want security vendors and reputable researches to be able to pick up this data to improve their products and take action (for example takedown requests).
Private: Nobody but you should be able to see the results of the scan.

Q: How can I request the content of a scan to be removed from your website?

A: Please use the orange Report button on the result page of the scan.

Q: Can you prevent my domain from being scanned? Can you bulk-delete existing scans?

A: Yes, please send us a email at info@urlscan.io with the domains or URL patterns you'd like us to add to our blocking list and/or would like us to remove from historical scans.

Q: Does urlscan.io show whether a website contains malware or phishing attempts?

A: Yes, we have some basic mechanisms for determining whether a website contains malicious content. Our proprietary phishing detection mechanism tracks 500 popular brands and can identify phishing or impersonation attempts of these brands.
We do record file downloads, but we do not detect whether a downloaded file is malicious, e.g. a malicious executable.

Q: Does urlscan.io detect when a malicious site is no longer active, e.g. cleaned up?

A: No, our website scans only provide point-in-time snapshots of the website content, we do not re-crawl existing scans.

Q: Can I use the "malicious" verdicts on urlscan.io as a blocking feed?

A: We don't recommend using the "malicious" verdict as an unattended blocking signal since our detection can ocassionally return false positive verdicts. The best way to make use of the verdicts is to feed them into a manual review process. Furthermore, we only return phishing and impersonation verdicts for the brands that we are tracking.

Q: Can I search urlscan.io for pages which have been detected as malicious?

A: This feature is available as part of the commercial urlscan Pro subscription and not available through the community search.

Q: How does urlscan.io work?

A: We use the Google Chrome browser in Headless Mode to browse to the URLs submitted by users. We record the interaction of the page with the Internet and after the page has finished loading, we annotate the results with additional data sources.

Q: What is your relationship to your corporate sponsors?

A: Our corporate sponsors are services that we believe complement urlscan.io very well and that are catering to the same audience as urlscan.io is. The support from our corporate sponsors allows us to keep the community service as freely available as it is today. In return we will point to their services and promote their content. We do not share any data with our sponsors that wouldn't otherwise be available to regular customers, that includes data on registered users as well as Private scans. We are also not in a reseller relationship with our sponsors.

Commercial Use

Q: Can our company use the service and data on it commercially?

A: Yes in general, using urlscan.io as part of your daily workflow (for things like SOC processes, investigations, reports) is totally fine. If you want to do a large volume of queries, submit a lot of scans or be able to integrate our data into one of your commercial offerings we'd ask you to contact us first to work out what is acceptable use under our free usage tier and what kind of use requires a commercial agreement.

Q: How does the commercial subscription process work?

A: Typically our sales process starts with a short introductory sales call and a time-limited free trial run for the product you are interested in. We will also send you a formal quote for the products and subscription period you are interested in. After you accept the quote (for example with a Purchase Order), we will send monthly or annual invoices which can be paid via SWIFT wire transfer or major credit card.

Technical Questions

Q: Which HTTP response do you store?

A: We store responses with MIME types JavaScript, HTML and Text.

Q: Why is the screenshot and DOM snapshot empty for some scans?

A: We don't store the screenshot and DOM snapshot if we determine the page to be empty, i.e. not containing any visible content or not loading any subresources.

Q: Do you support other browsers besides Google Chrome?

A: No, but you can set a custom User Agent during submission.

Q: Do you store results indefinitely?

A: No, we will delete private scans after a certain age and we don't make any guarantees about the retention of any type of scan in the future. If you need the results of a scan make sure to download it.

Q: Do you offer different browser locations/countries?

A: Yes, you can choose a location from the scan dialog.