urlscan Pro
/
urlscan Pro Changelog
Last updated

urlscan Pro Changelog

This changelog documents customer-facing changes to the urlscan Pro platform.

July 30, 2025 - urlscan Brand AI

As part of our mission to detect and combat phishing and brand impersonation, we are introducing a new experimental tool to the urlscan Pro platform: urlscan Brand AI. This new feature will visually examine the screenshots of scans to determine which brand or company the website is claiming to represent.

Using a visual approach to determining the brand is often more robust than text-based approaches. For an imaginary brand called ACME Bank, one might write hunting searches by focusing on the text.content, page.title, and page.domain fields. These are solid filtering options, but they don't work in the following scenarios:

  • If the brand name (ACME) was a common or English word, since a lot of the text-based results would be unrelated to this brand.
  • If the ACME brand name is not part of the domain name.
  • If a page refers to the ACME brand for legitimate reasons, e.g., a news article.
  • If the ACME name is only included on the website as an image or SVG.

urlscan Brand AI covers these blind spots by asking a simple visual question: Which brand does this website claim to represent?

Technical Details

Any scan processed by urlscan Brand AI will receive the system label labels:visual.brandai – If a scan was processed this way, the brand name is stored in the new visible.brandname Search API field. An example search looks like this: visible.brandname:microsoft.

July 14, 2025 - QR Code processing

Starting today, we will automatically detect QR codes in screenshots of website scans. If the QR codes detected this way contain any links to third-party websites these links will be added to the list of regular links on the page.

Additionally, the system label visual.qrcode will be applied to any scan containing a QR code in its screenshot. Scans that contain a QR code which encodes a URL will also receive the visual.qrcode.url label.

July 10, 2025 - Experimental ML verdicts

New scans performed on urlscan are now classified using our experimental Machine Learning (ML) verdict engine. The engine tries to determine the likelihood of a specific scan result being Benign or Malicious.

The ML verdicts can be used by customers to filter for bad or good results or as an additional query term for their hunting searches. The urlscan team will use these verdicts to improve our own static and dynamic detection abilities.

The verdicts are shown on the scan result pages and in the search results. The following fields can be used to filter for ML engine verdicts via the Search API:

  • verdicts.engines.score: An integer between -100 (Benign) and 100 (Malicious).
  • verdicts.engines.malicious: Either true for score > 0 or false otherwise.
  • verdicts.engines.tags: A list of tags. If this contains urlscan-ml then the scan was run against the ML engine.

Warning! – We fully expect the ML verdicts to contain misclassifications, false negatives (FNs) as well as false positives (FPs). You should not rely on the ML score for any unattended blocking use-case.

June 24, 2025 - Website scans NSFW filter

New scans performed on urlscan are now annotated with the new visual.nsfw label, based on the classification of our NSFW AI system. In this context, NSFW refers to nudity or pornography.

The Website Scans Search has gained an option to automatically blur screenshots of scans labeled with the visual.nsfw or content.mature label. This option can be controlled via the new Display Options dropdown.

June 17, 2025 - urlscan Documentation Hub

We have migrated our documentation from urlscan.io and urlscan Pro to the new urlscan Documentation Hub.

The New Documentation Hub contains information about the data sources and features of urlscan Pro. It also features an OpenAPI file for download.

June 17, 2025 - urlscan Python Library

We have launched the official urlscan Python library, encoding some best practices around error handling and retries and making it easy for newcomers to get started. Read our blog post for more details.

March 31, 2025 - March Changelog

In March we made the following user-visible improvements to the urlscan platform:

  • Pro: Add evalScript parameter to Quick Scanning to allow user-submitted JS to be executed on page load.
  • Scanner / Core: Truncate large postData values from results. These would often cause issues for consumers of those endpoints.
  • Pro: A new button to Clear Terms in the Triage section.
  • Pro: Fixes to quick searches in the Incidents search.
  • Core: Switch to time-based UUIDv7 scan IDs.

We also made a truly enormous amount of improvements to the stability of the backend of the service.

February 10, 2025 - Incidents General Availability

The Incidents feature which is part of urlscan Observe is now generally available. Since we launched the beta version of the incidents in mid-2023, we were able to collect a lot of feedback about how our customers are using this feature. With the release today we are announcing the following changes and improvements:

  • Introduction of perpetual incidents which do not expire.
  • The ability to select one (or multiple) scanner countries and user-agents for scanning.
  • Custom stop-conditions which will automatically close an incident after a certain condition.
  • The ability to specify a custom website scan interval.
  • The ability to control the observed attributes.
  • Full API support and documentation.
  • A simplified way incidents are accounted for against the team quota.
  • Support for pre-defined Incident Profiles which can be applied to new incidents.
  • An improved Incidents UI and common quick actions.
  • Private Incidents which now include own private scan results as well.

Please read the full blog-post for details on these improvements.

November 13, 2024 - ZIP-encrypted file downloads

The /downloads/ endpoint now supports delivering files as an encrypted ZIP-file. To make this endpoint return a ZIP file, you currently have to use the zip=true HTTP query parameter.

Important: The migration timeline for the /downloads/ is as follows:

  • November 13, 2024: The endpoint defaults to zip=false. The endpoint supports zip=true.
  • December 16, 2024: The endpoint defaults to zip=true. The endpoint supports zip=false.
  • January 6, 2025: The endpoint defaults to zip=true. The endpoint no longer supports zip=false.

Make sure to adjust your automated integrations accordingly!

For the ZIP files delivered by this endpoint, the default encryption password is urlscan! – including the trailing exclamation mark. The ZIP file contains a single file named after the SHA256 of the requested file. Going forward you must use a valid API-key to retrieve files from this endpoint.

The /downloads/ endpoint supports additional parameters, such as changing the ZIP encryption password. Make sure to check out the relevant Help Page.

October 7, 2024 - Bug in Saved Search matching

Up until October 7, 2024 there was a bug in the implementation of Saved Searches which meant that any Saved Search with a verdicts.malicious: expression would have failed to match. This would have affected a small percentage of our Saved Searches. This bug has been fixed and new scans will start generating notifications accordingly.

We apologise for any inconvenience this might have caused.

September 19, 2024 - CSV & plain-text export of search results

The CSV Export feature of the Search page now allows you to select which columns you would like to include in the resulting CSV file. Furthermore you can now download an export of a single column as a line-wise plain text file or export it to your clipboard!

July 8, 2024 - Live Browsing & Real Device Scanning

We are launching a new Beta feature called Live Browsing along with other major improvements to our scanning engine. Live Browsing lets you scan a website while interacting with it through a VNC-like remote video and keyboard session. The primary use-case of Live Browsing is lightweight interaction, like dismissing alerts, confirming captchas or following a single level of redirection to get to the web-content of interest.

Live Browsing can also be used for related tasks, such as:

  • Capturing evidence for take-down purposes.
  • Browsing through open directories.
  • Browsing through the Tor network via .onion address.
  • Quickly downloading files, DOM snapshots and screenshots from third-party websites.

To get started with Live Browsing please read the help section on Live Browsing. Also see our announcement blog-post for details on Real Device Scanning.

Live Browsing is still in Beta which means that you will encounter bugs while using it. Please reach out to support@urlscan.io with any questions, bugs or feature suggestions!

May 14, 2024 - Phish Report links

We have added a link to our partners at Phish Report to the scan result pages. You can use Phish Report to trigger takedown requests for malicious websites. This is not a service provided by urlscan or included with your {{proname}} subscription!

You can sign up for a trial account of Phish Report on their website.

Previous page
Next page