urlscan Pro
/
urlscan Pro Changelog
Last updated

urlscan Pro Changelog

This changelog documents customer-facing changes to the urlscan Pro platform.

March 31, 2025 - March Changelog

In March we made the following user-visible improvements to the urlscan platform:

  • Pro: Add evalScript parameter to Quick Scanning to allow user-submitted JS to be executed on page load.
  • Scanner / Core: Truncate large postData values from results. These would often cause issues for consumers of those endpoints.
  • Pro: A new button to Clear Terms in the Triage section.
  • Pro: Fixes to quick searches in the Incidents search.
  • Core: Switch to time-based UUIDv7 scan IDs.

We also made a truly enormous amount of improvements to the stability of the backend of the service.

February 10, 2025 - Incidents General Availability

The Incidents feature which is part of urlscan Observe is now generally available. Since we launched the beta version of the incidents in mid-2023, we were able to collect a lot of feedback about how our customers are using this feature. With the release today we are announcing the following changes and improvements:

  • Introduction of perpetual incidents which do not expire.
  • The ability to select one (or multiple) scanner countries and user-agents for scanning.
  • Custom stop-conditions which will automatically close an incident after a certain condition.
  • The ability to specify a custom website scan interval.
  • The ability to control the observed attributes.
  • Full API support and documentation.
  • A simplified way incidents are accounted for against the team quota.
  • Support for pre-defined Incident Profiles which can be applied to new incidents.
  • An improved Incidents UI and common quick actions.
  • Private Incidents which now include own private scan results as well.

Please read the full blog-post for details on these improvements.

November 13, 2024 - ZIP-encrypted file downloads

The /downloads/ endpoint now supports delivering files as an encrypted ZIP-file. To make this endpoint return a ZIP file, you currently have to use the zip=true HTTP query parameter.

Important: The migration timeline for the /downloads/ is as follows:

  • November 13, 2024: The endpoint defaults to zip=false. The endpoint supports zip=true.
  • December 16, 2024: The endpoint defaults to zip=true. The endpoint supports zip=false.
  • January 6, 2025: The endpoint defaults to zip=true. The endpoint no longer supports zip=false.

Make sure to adjust your automated integrations accordingly!

For the ZIP files delivered by this endpoint, the default encryption password is urlscan! – including the trailing exclamation mark. The ZIP file contains a single file named after the SHA256 of the requested file. Going forward you must use a valid API-key to retrieve files from this endpoint.

The /downloads/ endpoint supports additional parameters, such as changing the ZIP encryption password. Make sure to check out the relevant Help Page.

October 7, 2024 - Bug in Saved Search matching

Up until October 7, 2024 there was a bug in the implementation of Saved Searches which meant that any Saved Search with a verdicts.malicious: expression would have failed to match. This would have affected a small percentage of our Saved Searches. This bug has been fixed and new scans will start generating notifications accordingly.

We apologise for any inconvenience this might have caused.

September 19, 2024 - CSV & plain-text export of search results

The CSV Export feature of the Search page now allows you to select which columns you would like to include in the resulting CSV file. Furthermore you can now download an export of a single column as a line-wise plain text file or export it to your clipboard!

July 8, 2024 - Live Browsing & Real Device Scanning

We are launching a new Beta feature called Live Browsing along with other major improvements to our scanning engine. Live Browsing lets you scan a website while interacting with it through a VNC-like remote video and keyboard session. The primary use-case of Live Browsing is lightweight interaction, like dismissing alerts, confirming captchas or following a single level of redirection to get to the web-content of interest.

Live Browsing can also be used for related tasks, such as:

  • Capturing evidence for take-down purposes.
  • Browsing through open directories.
  • Browsing through the Tor network via .onion address.
  • Quickly downloading files, DOM snapshots and screenshots from third-party websites.

To get started with Live Browsing please read the help section on Live Browsing. Also see our announcement blog-post for details on Real Device Scanning.

Live Browsing is still in Beta which means that you will encounter bugs while using it. Please reach out to support@urlscan.io with any questions, bugs or feature suggestions!

May 14, 2024 - Phish Report links

We have added a link to our partners at Phish Report to the scan result pages. You can use Phish Report to trigger takedown requests for malicious websites. This is not a service provided by urlscan or included with your {{proname}} subscription!

You can sign up for a trial account of Phish Report on their website.

Previous page
Next page