Search - urlscan.io

Search for domains, IPs, filenames, hashes, ASNs

Search - Domains, IPs, etc.

Help & Examples

The query field uses the Elasticsearch Query String to search for results. This means that you can either search for terms without specifying a field, or you can narrow the search to the field that should match. Refer to the documentation to learn how to do boosting, boolean operators, fuzzy searches, etc.

Example queries

domain:urlscan.io: Domain (or a subdomain of it) is contacted in one of the requests
page.domain:urlscan.io: Domain (or a subdomain of it) is the first domain to be contacted
ip:"148.251.45.170": This IP is contacted in one request
ip:"148.251.45.0/16": IPs from this subnet are contacted
ip:"2400:cb00:2048:1::681b:9cb9": This IPv6 is contacted in one request
asn:AS24940: This AS was contacted (Note: Search with 'AS' prefix!)
asnname:hetzner: An AS with this name was contacted
filename:jquery.min.js: Resource jquery.min.js was requested
hash:d699f303...: A resource with this SHA256 was downloaded
server:nginx: Page contacted a host running nginx

The fields ip, domain, url, asn, asnname, country and server can also be prefixed with page. to only match the value for the first request/response page.server:nginx AND page.domain:de.

task.method:manual OR task.method:api: Show manual (user) and API submissions. Other option is "automatic"
page.asnname:digitalocean AND page.country:de: Pages with .de TLD, hosted at Digital Ocean
page.domain:ch AND !page.country:ch: Domain has .ch TLD, but primary GeoIP is not in CH
filename:jquery AND filename:wp-content: Page uses WordPress and jquery
asnname:cloudflare,akamai,fastly AND server:keycdn-engine: Page uses content from CloudFlare, Akamai, Fastly and KeyCDN

Furthermore, you can concatenate search-terms with AND, OR, etc.