Search Scans

Help & Examples
Please also see the Search API Reference: Search API Reference

  • Search requests (either through the UI or API) are subject to your individual API Quotas.
  • The query field uses the ElasticSearch Query String to search for results.
  • All queries are run in filter mode, sorted by date descending. There is no scoring of search results.
  • Refer to the documentation for advanced queries such as wildcard, regex, boolean operators, fuzzy searches, etc.
  • You can group and concatenate search-terms with brackets
    ( )
    ,
    AND
    ,
    OR
    , and
    NOT
    . The default operator is
    AND
    .
  • You can concatenate terms within a group, e.g.
    page.domain:(foo.com OR bar.com)
    .
  • Always use the field names of the fields you want to search. Wildcards for the field-name are not supported!
  • Always escape reserved characters with backslash:
    + - = && || > < ! ( ) { } [ ] ^ " ~ * ? : \ /
  • Always limit the time-range if possible using
    date
    , e.g.
    date:>now-7d
    or
    date:>now-1y
    .
  • You can use wildcard (leading wildcard only on urlscan Pro) and regex search on almost any field.
  • Regexes are always anchored to beginning/end of the tokens (implicit ^ and $).
  • The
    date
    allows relative queries like
    date:>now-7d
    or range-queries like
    date:[2020-01-01 TO 2020-02-01]
    or both combined.
  • Domain fields contain the whole domain and each smaller domain component, i.e.
    domain
    can be searched by google.com which will include www.google.com

Examples - Common searches and multiple query terms combined