urlscan.io
@urlscanio
Followers
12,899
Following
135
Media
494
Statuses
1,896
A sandbox for websites - Find malicious websites and phishing - - - #threatintel #cybercrime #infosec #web #phishing
The Cloud
Joined October 2016
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Eminem
• 226238 Tweets
River
• 205789 Tweets
Celtics
• 155562 Tweets
LeBron
• 137315 Tweets
Lakers
• 116837 Tweets
Deyverson
• 81236 Tweets
Fernando Valenzuela
• 81204 Tweets
Tulsi
• 81094 Tweets
John Kelly
• 72563 Tweets
Mineiro
• 69862 Tweets
Tatum
• 66189 Tweets
Gallardo
• 53012 Tweets
KARIME X MONTSE Y JOE
• 47269 Tweets
GALA X MOJOE
• 40419 Tweets
Nacho
• 40205 Tweets
GARIME X MOJOE
• 38094 Tweets
#じゃがりこの日
• 34092 Tweets
Fonseca
• 31513 Tweets
Timberwolves
• 29046 Tweets
The Next Prince Q13
• 27675 Tweets
Borja
• 21136 Tweets
東京メトロ
• 16095 Tweets
Daisuke
• 15868 Tweets
Randle
• 14742 Tweets
Anthony Davis
• 14554 Tweets
Gobert
• 13067 Tweets
Hayes
• 12600 Tweets
#LakeShow
• 11895 Tweets
Paulo Diaz
• 11080 Tweets
Pinned Tweet
We're launching major upgrades to our scanning engine! 🌐 Live Browsing: Interact with websites in real-time, dismiss alerts, solve CAPTCHAs, and more. Real Device Scanning: High-fidelity scans with actual mobile devices. Blog:
4
103
347
Today we are launching a major addition to our urlscan Pro - Threat Hunting platform: Newly observed domains & hostnames. Use it to find interesting (new) domains and hostnames, even if they haven't been scanned on urlscan yet. Read the details here:
10
69
258
Apparently the tech support scam centre in India that was making the news was raided, if you haven't watched the story yet please do, tech support scam is a huge issue and it's immensely satisfying to see shops like this one taken down:
5
93
237
We just launched the Beta version of urlscan Observe, our automated monitoring and alerting system. With Observe you can monitor a hostname, domain, or URL, see changes to it over time and be notified about these changes via email or webhook.
4
54
222
Don't be a dickhead and scrape our result pages... There's an API for a good reason. Yes, I'm talking to you, Brazilian IPs at Toolsnet and Netcel...
4
25
136
You might know us because we analyse millions of suspicious URLs every day and generate detections for more than a thousand major online brands. But did you know that we also track millions of newly created hostnames and domains as part of our urlscan Pro platform?
3
25
130
This is a pretty scary technique for faking the address bar on mobile devices, this will definitely be used by phishers unless addressed by mobile vendors:
@PhishingAi
6
87
127
Good morning everyone. Just realised is in the Alexa Top 35k websites worldwide: 🤯 Never thought this would be possible when I started this project three years ago. Thanks to all our faithful users!
6
15
128
Cool, so Google is monetising Safe Browsing as the Web Risk API. Even though I'm running a local mirror of the database which handles most of my lookups, the new service would cost me $8350 per month at my current volume. lol nope. Guess I'll have to do without.
13
37
118
Big thread about what's new: urlscan (the company) was incorporated in February. Our mission is to offer the most comprehensive and easy-to-use platform for analysing websites and finding related infrastructure. Also see our news page for updates:
3
35
120
@GossiTheDog
@apettinen
Thanks for reporting, we have put a blocklist rule in place for teams[.]microsoft[.]com and are deleting all historical scans for those invite links.
2
4
110
Our generous sponsors over at
@securitytrails
are letting us give away a one-year license to their SurfaceBrowser product (list price: $10k). To win it:
• Follow both
@urlscanio
and
@securitytrails
• RT this Tweet
The winner will be announced tomorrow (Friday, April 8th)
8
162
102
So satisfying once you have your Grafana dashboards all set up and can sit back in your command-chair and relax... Just kidding, still a shit-ton of things to do, back to work!
6
12
101
@Namecheap
, you don't seem to be having any kind of handle on the abuse on your platform. This is verified phishing / brand impersonation on Namecheap impersonating
@RoyalMail
in the past 24 hours alone. There's dozens of more brands being targeted the same way every day...
5
30
96
Today we are launching Visual Search, a new and powerful search feature which finds related scanned websites on by their visual appearance. Available to customers on urlscan Pro today, have fun using it! -
2
26
91
Our urlscan Observe feature is already surfacing a lot of obviously bad domains. Our active monitoring approach means we can track the domains from inception to weaponisation to eventual takedown without user intervention. Blog-post here:
0
16
77
We just deployed a major overhaul to urlscan Pro. It starts with a clean front-page and includes improvements to the Search page and the Results page. This is a work in progress, many new features will land in the coming weeks!
5
18
77
Just ran some back-of-the-envelope numbers and it looks like for phishing using new and dedicated domains (not compromised legitimate websites), Namecheap makes up about 30-40% of the volume. If that is not a case of a company finding product-market-fit I don't know what is...
4
11
69
urlscan Pro now contains graphical reporting and aggregation features. Sometimes the only way to understand data and notice trends is by simply looking at it in a visual way.
4
17
72
Are you a customer of urlscan Pro? Or maybe just a huge fan of what we do? Either way, we're getting a new sticker shipment and would be happy to send some your way. Just reach out to us via DM or email at info
@urlscan
.io!
2
7
67
This just happened folks. 10 million websites scanned by 🥳🎉🍾 This is since December of 2016, by now we're up to ~80k websites scanned per day. Capacity is still looking good, but the ElasticSearch node is starting to have a bad time 😮
4
11
63
It gets better. You can only request a review if you check "All issues are fixed". And they warn that you are going to be penalized if the issues haven't really been fixed. Thanks Google, I know exactly why I'm never going to rely on Google Cloud...
1
4
60
We finally launched user comments and verdicts for scans. Users can classify a scan as suspicious, malicious or legitimate and leave a comment, all of which will be visible to other users. The "Report" button is only for requesting takedowns!
1
8
62
When I started 2yrs ago I thought Phishing was a solved problem. Now I see stuff like this,
@PayPal
phishing active for at least a few hours, no Google Safe Browsing, no VT detects. Reaffirms me:
@PhishingAi
@Bank_Security
6
19
58
We're still here, working on things in the background, working with our great customers and partners. We don't blog and we don't do marketing, we build the features you need, no more and no less. To all of our community members: Thanks for your continued support!
1
7
57
Yes I am a little bit pissed. If Google is charging 5 figures a *month* for 200k glorified key-value lookups (per month) why am I providing 200k scans per *day* for free to the community. Oh well, guess I'll just go screaming into a pillow.
2
12
55
GoDaddy injecting sites hosted on their service with JavaScript content, story is making the rounds on HackerNews right now: You can find occurrences of this injection with urlscan, obviously:
2
42
52
We launched a couple of new scanning locations in urlscan Pro Live Scanning - These are using residential IPs. Feedback is appreciated as always!
3
12
51
Having some time to nerd out on the UI side of things is probably the biggest luxury I have right now 🤗
3
6
51
Woohoo, we finally have a proper blog: We will use it to send out more frequent updates instead of just posting things here on Twitter. Eventually we might write tutorials as well. RSS is available, feedback is always appreciated!
2
14
49
Is your first reaction to a unknown URL in your inbox to throw it into ? Are you a master automator? Help us spread the word and show your love with our new stickers. Share how you're using via DM and we'll send some your way!
1
14
42
Our new Live Scanning feature was just deployed and is available to customer of urlscan Pro. You will find it on the urlscan Pro dashboard. Give it a spin and let us know if anything feels wonky. Expect small improvements here and there over the coming weeks.
1
9
47
PSA: Please submit URLs as public scans if at all possible. Have racked up millions of private scans that neither we nor the community benefit from. If you have a legit use-case for this many private scans please DM us or send an email to info
@urlscan
.io.
5
15
45
It's Christmas Eve, so I wanted to wish all of you a Merry Christmas (if that's your cup of tea) and a Happy New Year! Thanks to the great community around , people hunting phish, building integrations, and taking time to talk to me. 2020 is gonna be lit!
4
4
45
Site is back, sorry everyone! This was a half-botched deploy with a file missing which only became apparent once the service was restarted this night while I was sound asleep. Thanks for the many mails and private messages!
2
9
46
Still going strong, just haven't had much time recently to hunt for phishing campaigns or do any development, luckily there's plenty of other folks who remain as vigilant as ever like
@PhishingAi
,
@nullcookies
,
@ninoseki
,
@Bank_Security
,
@dave_daves
,
@malwrhunterteam
❤️
4
8
46
Me: "Mom, can I buy a cool phishkit on the darkweb?"
Mom: "We have a cool phishkit at home!"
Phishkit at home:
3
10
43
Just crossed 270 brands tracked by for phishing detection. Almost 2 million phishing URLs detected across public and private submissions. Yay!
1
10
43
It's live: Country Selection starts with a handful of countries, we will add more over the next weeks. If you use "Auto", we will pick a country based on a number of rules: Domain regex, hostname GeoIP country, visitor GeoIP country. API support available too. Happy hunting!
0
8
44
Small milestone: We've had > 10600 public URL submissions which identified as phishing pages over the last seven days. That's more than 1500 every single day. Thanks to the community for your dutiful (and public) URL submissions!
4
11
43
Established point of presence in Tokyo, Japan. Expect Live Scanning from Japan, Taiwan and South Korea to perform better now. Next up: South America and Australia 🥳
1
10
42
Good news everyone! We finally managed to deploy local user accounts on . You can now sign up, login and bulk-submit URLs via the UI. Also manage your own API keys. Legacy API key holders please use "Forgot Password" with your original mail-address.
3
16
36
Huge thanks to
@securitytrails
for sponsoring , they are keeping the lights on! If you haven't done so, check out their services and products, SurfaceBrowser is just one example of the awesome things they built:
7
7
36
Not a lot of updates from us recently, we've been working behind the scenes to move a lot of things into place. Lots of very un-sexy work that needs to be done. 2020 is gonna be awesome. If you want to get in touch use DM or info
@urlscan
.io.
7
2
39
It's becoming increasingly apparent that we will have to introduce daily quotas as well as by-minute/by-hour rate limits for all API calls and DOM/screenshot/response retrieval. People hammering our service (and in some cases full knowingly so). Stay tuned 😰
3
4
39
Happy to say that we had no problem handling more than 100k scans per day for at least seven days in a row. That's all, enjoy your Sunday! 😁
1
3
39
Bear with us for a few more days while we finish the API and UI for our upcoming Live Scanning capability. It will be available exclusively to customers of our "urlscan Pro" platform and will allow you to investigate websites from different locations and with different options.
2
7
38
One of those days I'm gonna offer a $$$ training on how to make your corporate brand harder to be impersonated / phished, so many small tips that amount to a much better posture, and so many large brands completely failing at them right now. Le sigh.
1
4
36
Here's what I don't understand: This is super obvious site phishing for Google credentials, up and active for at least 45 minutes right now, came through Certificate Transparency. Google Safe Browsing: Zilch, VT: 0 detects. Why?
3
22
37
It's hard to gauge your own progress over a long period of time because you will only release tiny incremental changes on any given day. But, looking back you can usually appreciate what you've done with all that time. Case in point: in December 2016 🥳
2
1
36
Nothing big to announce just yet unfortunately, but I'm delighted that is ranked in the Alexa Top 20k most visited websites worldwide. Never thought I'd see that, thanks to the great community!
1
4
37
Our first automatic datasource for interesting URLs: The feed from OpenPhish. Check it out here:
0
25
36
Now this is the fun part: Spinning up scanners around the world. Stay tuned, next week should be lit 🤗
#urlscan
1
3
36
The value of Certstream, I rest my case, not detected by Google Safe Browsing yet. Props to the balls on this guy, hosting an Outlook 365 phishing site on Microsoft infrastructure. Scan here:
3
14
35
We completed phase one of improving the search index. Searches are much faster now, and you can search additional attributes (status code, MIME type, tags). The "offset" parameter is gone, please use "search_after":
1
7
35
Google has noticed that it takes too long for a URL to be included in their Safe Browsing dataset. Modern phishing is so fast and easy to stand up that a few hours or minutes already pay off. Also it helps if Safe Browsing actually works on your device, but that's another story.
1
12
34
We just deployed a small improvement on how we show main page redirects, both for HTTP (301/302/307) redirects as well as for non-HTTP redirects (e.g. JavaScript, meta refresh). We'll still tweak this over the coming days, let us know if something seems off to you.
0
7
35
Sounds like we should set up our own free Pastebin site. Can't be harder to store a few thousands pastes a day and handle abuse than it is storing hundreds of thousands of website scans + screenshots + DOM + responses + downloads every day (and handling abuse)... Sad
2
4
34
Everyone, please use "Public" or "Unlisted" scans if you are submitting URLs that you suspect to be malicious. A full 50% of URLs that we detect as malicious are submitted as private scans which means neither the community nor our partners can leverage them!
4
8
32
LOL, wat? The country of Germany has been blocked and an alert will be investigated? Thanks the abuse ticket with my hosting ISP btw, greatly appreciated. Anyone know these jokers? If so: Stop sending abuse because someone visits your Google-indexed website...
3
10
30
Thanks to our sponsor
@securitytrails
for the awesome (and frighteningly comfortable) swag that was sent our way. With no conferences to go to, and summer still not on the horizon yet, this hoodie arrived just in time 😉
0
3
30
Happy weekend everyone, we've crossed 300 tracked brands today mostly thanks to the ML classifier which keeps finding phishing pages of brands I hadn't heard of before. Talk about a gift that keeps on giving 😁
1
6
30
We're currently unable to process scans due to issues with our storage provider. We have escalated the issue and are waiting for resolution. In the meantime none of your scan attempts will be lost. Stay tuned.
1
8
30
Check out , a joint effort between
@tines_io
and us. Automate those extract-URLs-from-email-and-submit workflows that you might have and let us know what you think!
We're excited to introduce , a free email analyzer built in partnership with our friends at
@urlscanio
. Send a suspicious email to scan
@phish
.ly, we'll automatically analyze it and send you a report.
Read about it at:
#secops
#soar
5
28
42
2
16
32
Just implemented filters, limits, and pagination for our brand list page since the performance wasn't that great with almost 600 brands now. I guess this is a good problem to have 😊 Coming to urlscan Pro soon
2
7
32
commercial and Open Source integrations barely fit on one page anymore. If your product integrates with us and you'd like to have it included please send us an email or Twitter DM. We also have opportunities to advertise your product or open positions.
2
7
32
We have stopped querying the Google Safe Browsing API for new scans. We are working on getting a replacement up if we can make the Google Web Risk API work in a cost-efficient manner.
1
5
29
New on our urlscan Pro platform: Hostname history shows the historical information we have collected for each of the 1.7 billion hostnames we have observed. Unified Visual Search brings the power of similar-screenshot-search to the regular search dialog. Happy hunting!
0
2
29
"Which free TLDs should we use to set up our DHL phishing kit" - "All of them!"
@DHLUS
(all detected by urlscan)
2
4
29
Sometimes you just need that raw data 😋 We are now offering Internet-wide HTTP/HTTPS scans of the IPv4 address space on ports tcp/80 and tcp/443 as raw data downloads to interested customers. Announcement here:
0
6
31
If anyone has been wondering why we have been so quiet, this is what we're still working on: Quotas & ratelimits, user settings, team management, self-serve subscription management, unlisted scans, and countless other improvements.
2
4
29
A small improvement you might have noticed: We are now showing the Cisco Umbrella Top 1 Million rank next to domains and hostnames on the result page. This might help to quickly identify legitimate infrastructure.
0
0
29
We've been quiet, we're working on a new, more versatile scanning engine which will be ready in Q1/2021. In the meantime I'm happy to say that our certstream hunter keeps catching a lot of previously unscanned URLs. If you still have 2020 budget you have to spend, hit us up 😉
0
5
30
Building out a function to automatically classify URLs whether they contain PII. Besides plain email address and base64-encoded email address, what else have you guys seen often that could be automatically detected?
9
2
27
Taking a first stab at creating a versatile API for returning maliciousness-verdicts for scanned pages. This probably won't be the final form, so maybe don't rush to using the API in production on your side yet. Example:
1
2
29
Thanks for everyone's feedback to my last tweets. To clear up:
- I don't mind paying for Safe Browsing, just think it's too expensive.
- Some aspects of are / will be for-profit too.
- Lack of commercial offerings is my own damn fault.
1
1
27
Rare (but not rare enough) phishing page just caught by certstream and our organic phishing detection, targeting Google users. As of right now it's undetected by Google Safe Browsing and the other 78 engines on VirusTotal. Scan here:
1
3
28
Heads up - You can now share your Saved Searches on urlscan Pro with your team and with the whole userbase of urlscan Pro. Saved Searches and Subscriptions also support the newly-observed hostnames database now. Happy hunting!
0
6
27
This week we started publishing tips in our "Hunting Guide" on urlscan Pro to help users get the most out of our Pro search capabilities. While we're sure everyone is watching other dashboards this week, make sure to check it out once the dust settles 🙃
0
5
28
It feels good to be working on features again which will have an immediate user-visible benefit. Country selection is coming soon, via UI and API. For Private Scans you will have to get on a commercial plan:
2
5
27
We're really happy to welcome
@IntezerLabs
as a corporate sponsor of our community platform. Intezer detects code reuse between threats based on DNA-like similarities technology. Quickly classify malware and get a deeper understanding of threats with Intezer Analyze.
0
6
27
Phishers don't go on vacation. Good to test some searches though.
2
2
26
@Namecheap
No offense to you manning the Twitter feed, but that is just nonsense. There are hundreds of very obvious phishing attempts coming in every week, more than any one person can report. Our organic CT tailer alone caught > 400 in the past 7 days. We offer a very affordable feed...
3
6
25
Now that I have everyones attention I wanted to thank our awesome sponsors
@securitytrails
and
@tines_io
who allow us to provide as a free service. If you want to get your brand in front of 75k security professionals every day just send us a DM/email.
1
5
27
We've improved our "similar pages" search feature and show it by default on the scan page. This is what it looks like for a common phishing kit targeting
@cibc
@TDBank_US
@INTERAC
et al.
4
8
25
Now I know what all these Emoji IDNs were about: It's a service called "linkmoji" which creates an Emoji subdomain which redirects to the URL you supply: - Beats me why they chose a Pizza and a pile of poo, but you learn something new every day :P
6
10
25
We track Tech Support Scam in urlscan Pro and it's pervasive. If you're Law Enforcement or working on taking these scammers down, shoot us a note and we'll hook you up with urlscan Pro access if it helps.
0
6
23
@sshell_
There were 7 submission for that domain on July 8: 2 from US Residential IPs, one from Spain (Commercial), 3 from the UK (Residential). The other 6 were Private Scans, hence won't show up in your search results.
0
2
24
Blast from the past, was just going through my Google Drive and found a presentation about that I gave in late 2016 shortly before making it publicly available. Ahh, those were simple times 😀
4
4
25
Make sure your spam-trap is able to scan QR codes. Received this phishing email twice today, targeting German bank
@sparkasse
, hosted on
@alibaba_cloud
, scans here: and
#phishing
@Bank_Security
2
12
25
So many things in flight that need to be tackled. Storage for screenshots/DOM/JS running out, scanning boxes near capacity, reindexing the 23 million (!) scans takes two days, 150k new scans every day. Guess that's what it feels like if your service is popular. 🥴
2
1
25
Dear $vendor, we appreciate you reaching out to inquire about our commercial options, however we will not trade our paid products in exchange for a link from your service to ours when ours is vastly more popular and already used by 100% of your customers. I should pin this one...
0
3
22
Working on improved documentation for today, first and foremost a comprehensive reference for the Search API and the searchable fields. Anything else you guys would like to see in terms of docs?
1
5
25
Love it when I get a phishing email to my company email address, submit the URL and realize that it's already been submitted multiple times in the past 30 minutes. Go community! Scan in question was
@SendGrid
2
0
25
The last three days (Wednesday to Friday) saw more than 80k unique visitors per day to , and that is without the folks using it just via API, so just website visitors 🥳 On that note: Happy weekend everyone!
1
3
24
Well crap, anything I can / should do about this?
@cleanmx
@ValkyrieComodo
I get the irony of this 😀
4
3
24