Getting The Most Out Of URLscan.io

Getting The Most Out Of URLscan.io

Written by

— in

ThreatIntelligenceLab.com

Oh, we always get happy when we think and work with URLscan.io. This platform is a great threat hunting platform, and you must know them.

They actually call themselves ‘A sandbox for the web’.

On the platform, phishing attacks (webpages and URLs) are being indexed after they have been scanned by the URLscan service1.

Major security players like Recorded Future, Tines, Joe Security, Hatching and EDX labs support the platform.

To show our gratitude, and to bring some attention to this great platform, we are going to dive into the reasons why you should have URLscan.io as one of your Threat Intelligence feeds.

Is it Paid?

Well, they offer multiple packages, ranging from Free to a fully ultimate package that can cost you up to $4166 USD per month.

The current tiers they have are:

TierPricePhishing URL Feed
Tier 1FreeNo
Tier 2$5000 USDYes
Tier 3$10,000 USDYes
Tier 4$25,000 USDYes
Tier 5$50,000 USDYes
URLscan.io Tiers as of 19-DEC-2023

You can also contact the sales department of URLscan.io, and see if they can help you forward. It is always good to ask and try…

What can you expect

Looking at the amount of data, and the coverage it can provide in specific cases (as with regional feeds), we qualify URLscan.io as a great feed to have.

Here are the reasons why it is great:

  • Wide range of supported scanning technologies
  • Detailed reports that support threat detection
  • Friendly user-interface and free access
  • You can search for ASNs, domains, IPs, filenames, hashes and more
Bulk URL submission form (for registered users - Free plan)
Bulk URL submission form (for registered users – Free plan)

Uhh.. Are there False Positives?

As with any other feed, it is important to remember that it can contain RAW data, which if used without caution, can cause false positives and complications in your cybersecurity posture.

Just do this when you get started:

  • Collect the data
  • Store it and parse it with your signatures
  • Act on the signatures that have alerted you

Can’t wait to get started? We will help you forward

So yes, URLscan.io has API access, and they have documentation that you can read. It is worth mentioning, that if you can spare some minutes, consider signing up for their free account2.

The free account allows you to use functions that cannot be seen while using the URLscan website without an account.

  1. URL and website scanner – urlscan.io ↩︎
  2. Signup – urlscan.io ↩︎

Written by