Oh, we always get happy when we think and work with URLscan.io. This platform is a great threat hunting platform, and you must know them.
They actually call themselves ‘A sandbox for the web’.
On the platform, phishing attacks (webpages and URLs) are being indexed after they have been scanned by the URLscan service1.
Major security players like Recorded Future, Tines, Joe Security, Hatching and EDX labs support the platform.
To show our gratitude, and to bring some attention to this great platform, we are going to dive into the reasons why you should have URLscan.io as one of your Threat Intelligence feeds.
Is it Paid?
Well, they offer multiple packages, ranging from Free to a fully ultimate package that can cost you up to $4166 USD per month.
The current tiers they have are:
Tier | Price | Phishing URL Feed |
---|---|---|
Tier 1 | Free | No |
Tier 2 | $5000 USD | Yes |
Tier 3 | $10,000 USD | Yes |
Tier 4 | $25,000 USD | Yes |
Tier 5 | $50,000 USD | Yes |
You can also contact the sales department of URLscan.io, and see if they can help you forward. It is always good to ask and try…
What can you expect
Looking at the amount of data, and the coverage it can provide in specific cases (as with regional feeds), we qualify URLscan.io as a great feed to have.
Here are the reasons why it is great:
- Wide range of supported scanning technologies
- Detailed reports that support threat detection
- Friendly user-interface and free access
- You can search for ASNs, domains, IPs, filenames, hashes and more
Uhh.. Are there False Positives?
As with any other feed, it is important to remember that it can contain RAW data, which if used without caution, can cause false positives and complications in your cybersecurity posture.
Just do this when you get started:
- Collect the data
- Store it and parse it with your signatures
- Act on the signatures that have alerted you
Can’t wait to get started? We will help you forward
So yes, URLscan.io has API access, and they have documentation that you can read. It is worth mentioning, that if you can spare some minutes, consider signing up for their free account2.
The free account allows you to use functions that cannot be seen while using the URLscan website without an account.