General FAQs
Q: What is difference between Public,
Unlisted, and Private scans? Do they deliver different
results?
A: The scans all deliver the same results. The
difference between the scan type is their visibility in
the search results.
Private and
Unlisted scans do not appear on the frontpage or
in the public search-results or aggregations.
Private scans can only be opened if you know their unique ID. If you
submitted a private scan while logged in, you will be able to find your own
private scans in your search. We don't share private scan information with
third parties (including our sponsors and commercial customers), ever.
Unlisted scans can be found by vetted security researchers and
companies which are subscribers to our urlscan Pro platform.
Make sure you understand the differences as
outline in our API documentation.
Q: When should I choose Public,
Unlisted, or Private when scanning?
A: These are some guidelines to decide when to use which visibility:
Public: There is no PII or
confidential data in the URL and you want it to be discoverable by other
researchers.
Unlisted: There might be PII or
mildly sensitive data on the site, but you want security vendors and
reputable researches to be able to pick up this data to improve their
products and take action (for example takedown requests).
Private: Nobody but you should be able to see the results of the scan.
Q: How can I request the content of a scan to be removed from your website?
A: Please use the orange
Report button on the result page of the scan.
Q: Can you prevent my domain from being scanned? Can you bulk-delete existing scans?
A:
Yes, please send us a email at
info@urlscan.io with the domains or URL
patterns you'd like us to add to our blocking list and/or would like us to
remove from historical scans.
Q: Does urlscan.io show whether a website contains malware or phishing attempts?
A:
Yes, we have some basic mechanisms for determining whether a website contains malicious content.
Our proprietary phishing detection mechanism tracks 500 popular brands and can identify phishing or impersonation attempts of these brands.
We do record file downloads, but we do
not detect whether a downloaded file is malicious, e.g. a malicious executable.
Q: Does urlscan.io detect when a malicious site is no longer active, e.g. cleaned up?
A:
No, our website scans only provide point-in-time snapshots of the website content, we do not re-crawl existing scans.
Q: Can I use the "malicious" verdicts on urlscan.io as a blocking feed?
A:
We don't recommend using the
"malicious" verdict as an unattended blocking signal since our detection
can ocassionally return false positive verdicts. The best way to make use
of the verdicts is to feed them into a manual review process. Furthermore,
we only return phishing and impersonation verdicts for the brands that we
are tracking.
Q: Can I search urlscan.io for pages which have been detected as malicious?
A: This feature is available as part of the commercial
urlscan Pro subscription and not available through the community search.
Q: How does urlscan.io work?
A: We use the Google Chrome browser in
Headless
Mode to browse to the URLs submitted by users. We record the
interaction of the page with the Internet and after the page has finished
loading, we annotate the results with additional data sources.
Q: What is your relationship to your corporate sponsors?
A: Our corporate sponsors are services that we
believe complement urlscan.io very well and that are catering to the same
audience as urlscan.io is. The support from our corporate sponsors allows us to keep
the community service as freely available as it is today. In return
we will point to their services and promote their content. We do
not share any data with our sponsors that wouldn't otherwise
be available to regular customers, that includes data on registered
users as well as Private scans. We are also not in a reseller
relationship with our sponsors.
Commercial Use
Q: Can our company use the service and data on it commercially?
A:
Yes in general, using urlscan.io as part
of your daily workflow (for things like SOC processes, investigations, reports)
is totally fine. If you want to do a large volume of queries, submit a lot
of scans or be able to integrate our data into one of your commercial
offerings we'd ask you to contact us first to work out what is acceptable
use under our free usage tier and what kind of use requires a commercial agreement.
Q: How does the commercial subscription process work?
A: Typically our sales process starts with a short introductory sales call and a
time-limited free trial run for the product you are interested in. We will
also send you a formal quote for the products and subscription period you are interested
in. After you accept the quote (for example with a Purchase Order), we will send monthly or annual invoices
which can be paid via SWIFT wire transfer or major credit card.
Technical Questions
Q: Which HTTP response do you store?
A: We store responses with MIME types JavaScript, HTML and Text.
Q: Why is the screenshot and DOM snapshot empty
for some scans?
A: We don't store the
screenshot and DOM snapshot if we determine the page to be
empty,
i.e. not containing any visible content or not loading any subresources.
Q: Do you support other browsers besides Google Chrome?
A:
No, but you can set a custom User Agent during submission.
Q: Do you store results indefinitely?
A:
No, we will delete private scans after
a certain age and we don't make any guarantees about the retention of any
type of scan in the future. If you need the results of a scan make sure to
download it.
Q: Do you offer different browser locations/countries?
A: Yes, you can choose a location from the scan dialog.
