urlscan Pro
/
Use Cases
Last updated

urlscan Pro - Use Cases

Users of the urlscan Pro platform typically have very similar requirements and ways of working with the platform. On this page we explain some common use cases that we have observed from talking to users and from our own experience using the platform.

A good starting point is to look at Help Section on Data Sources which talk about the various data sources available on urlscan Pro and what purposes these could be used for.

Use Case: Suspicious website hunting

Our Website Scans database can be used to hunt for new and historical website scans of interest that might have been submitted by one of our customers or the community on urlscan.io. What is considered to be of interest depends on the position of the user, but these are common examples of things users might look for:

  • Use our brand and phishing detection to get a tailored feed of detections for their own brands.
  • Use hunting searches for their brand name in the title of websites or within the URL.
  • Use hunting searches that are looking for known malicious behavior based on existing historical scans.
  • Use Visual Search to find other scans based on the visual appearance of the screenshot.

urlscan.io detects thousands of phishing sites every day, but there are many more submissions that are either not yet detected by us or that would not be considered outright phishing yet still are behaviour that should tracked.

Use Case: Hunting for suspicious domains

Our Hostnames & Domains database is made for hunting for newly observed domains and hostnames matching certain patterns.

Commonly, users will ...

  • Use the database to search for newly seen registered domains (apex domains) containing their brand keyword.
  • Use Saved Searches to save interesting hunting rules on urlscan Pro.
  • Set up a Subscription to receive notifications for new domains and hostnames via email and webhook.
  • Use Incidents from urlscan Observe to automatically monitor new domains and hostnames that were observed as part of a subscription.

Use Case: Lightweight attack surface discovery

Our Hostnames & Domains database can also be used to look at specific known pieces of infrastructure.

You could ...

  • Search for all newly observed hostnames under a specific domain.
  • Search for all hostnames and domains that resolve to a specific IP address, IP subnet, or ASN.
  • Search for all domains that use a specific nameserver (NS) or mailserver (MX) record.

Use Case: Interactive phishing site investigation

Our Live Scanning feature is a unique tool that you can use to quickly investigate suspicious URLs using more granular controls about how and from where the URLs are analyzed.

You could use Live Scanning to ...

  • Scan a suspicious URL from multiple geographical locations simultaneously to check whether it behaves differently between these locations.
  • Scan suspicious URLs with both VPN-based scanners as well as proper residential IPs to check for potential differences.
  • Download files from the Internet through our Live Scanner instead of directly downloading it yourself.
  • Scan Onion websites on the TOR network.
Previous page
Next page