Documentation Home Maltego Training Maltego Blog Contact Us
Welcome
Login
Open navigation

urlscan.io

Modified on: Mon, 12 Feb, 2024 at 8:00 AM

Overview

urlscan.io is a free service to scan and analyze websites. When a URL is submitted to urlscan.io, an automated process will browse to the URL like a regular user and record the activity that this page navigation creates.


urlscan.io will take a screenshot of the page, record the DOM content, JavaScript global variables, server Ips, cookies created by the page, and many more details. If the site is targeting the users one of the more than 400 brands tracked by urlscan.io, it will be highlighted as potentially malicious in the scan results.


This includes the domains and IPs contacted, the resources (JavaScript, CSS, etc.) requested from those domains, as well as additional information about the page itself.


With urlscan.io Transforms for Maltego, investigators can retrieve information about a URL and all the details associated with the URL such as site content, relations to other sites and more.


You can read more about urlscan.io Transforms for Maltego on our website here


Pricing and Access

urlscan.io Transforms are only available to Maltego users with a commercial license.


Malltego Commercial Hub Users with a Maltego One, Classic, or XL license have the following purchase options:


Click-and-Run (Pro)

Simply install and start using the Hub item with the following allowances:

  • Search Requests: 5 Transform runs / day
  • Results Request: 20 Transform runs / day
  • Public Scans: 10 Transform runs / day


Click-and-Run (Enterprise)

Simply install and start using the Hub item with the following allowances:

  • Search Requests: 50 Transform runs / day
  • Results Requests: 200 Transform runs / day
  • Public Scans: 100 Transform runs / day


Bring Your Own Key

For full solution access, plug in your existing API key or reach out to us using the purchase inquiry form on the Hub page.


urlscan.io Transforms

Search in Other Scans [urlscan.io]

Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse
Any SHA256 hash of any HTTP responsestring truetruefalse
Any URL that was requested (Regex)string truetruefalse
Any domain and subdomain that was contacted (Regex)string truetruefalse
Any of the AS numbers that were contacted (e.g. AS123)string truetruefalse
Append raw search filters (Example: AND page.apexDomain:“google.com”)string truetruefalse
Filename of file downloaded by the website (Regex)string truetruefalse
HTTP status code of primary request responsestring truetruefalse
ISO 3166-1 2-letter country code of any country that was contactedstring truetruefalse
Issuer of the page TLS certificate (Example: Cloudflare Inc ECC CA-3)string truetruefalse
MIME type description of file downloaded by the websitestring truetruefalse
MIME type of the primary HTTP responsestring truetruefalse
SHA256 of file downloaded by the websitestring truetruefalse
Title of the page (Regex)string truetruefalse

Transform Meta Info

InformationValue
Display NameSearch in Other Scans [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Output Entitiesmaltego.urlscan.ScanResult

Variants

Transform NameInput EntitiesShort Description
urlscan.ipv4AddressPerformSearchmaltego.IPv4AddressThis Transform performs a search and returns the previous scans on which the given IOC was discovered
urlscan.ipv6AddressPerformSearchmaltego.IPv6AddressThis Transform performs a search and returns the previous scans on which the given IOC was discovered
urlscan.urlscanFilePerformSearchmaltego.urlscan.FileThis Transform performs a search and returns the previous scans on which the given IOC was discovered
urlscan.hashPerformSearchmaltego.HashThis Transform performs a search and returns the previous scans on which the given IOC was discovered.
urlscan.phrasePerformSearchmaltego.PhraseThis Transform performs a raw search and returns matching previous scans

To Transacted Domains [urlscan.io]

Description

This Transform returns the domain names that were transacted during the page navigation


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Transacted Domains [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToTransactedDomains
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.Domain
Short DescriptionThis Transform returns the domain names that were transacted during the page navigation

To IP Addresses Contacted [urlscan.io]

Description

This Transform returns the IP addresses contacted during page navigation


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo IP Addresses Contacted [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToIpAddresses
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.IPv4Address, maltego.IPv6Address
Short DescriptionThis Transform returns the IP addresses contacted during page navigation

To Reverse DNS Lookup [urlscan.io]

Description

This Transform returns the DNS PTR records for every hostname contacted during page navigation


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Reverse DNS Lookup [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToReverseDnsLookup
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.DNSName
Short DescriptionThis Transform returns the DNS PTR records for every hostname contacted during page navigation

Extract Submitted URL [urlscan.io]

Description

This Transform extracts the submitted URL from the urlscan.io scan result


Transform Meta Info

InformationValue
Display NameExtract Submitted URL [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlScanResultToExtractTaskUrl
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.URL
Short DescriptionThis Transform extracts the submitted URL from the urlscan.io scan result

To Web Page URLs [urlscan.io]

Description

This Transform returns the URLs and URL text contained on the fully loaded page


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Web Page URLs [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToWebPageUrls
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.URL
Short DescriptionThis Transform returns the URLs and URL text contained on the fully loaded page

To Requests Made [urlscan.io]

Description

This Transform returns the details about individual HTTP transactions during page navigation


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Requests Made [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToRequestsMade
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.urlscan.Request
Short DescriptionThis Transform returns the details about individual HTTP transactions during page navigation

Extract Response [urlscan.io]

Description

This Transform extracts the response of the HTTP transactions made during page navigation


Transform Meta Info

InformationValue
Display NameExtract Response [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanRequestToExtractResponse
Input Entitiesmaltego.urlscan.Request
Output Entitiesmaltego.urlscan.URLScanResponse
Short DescriptionThis Transform extracts the response of the HTTP transactions made during page navigation

Search for Domain in Previously Scanned URLs [urlscan.io]

Description

This Transform returns the previous scans run on the input domain.


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse
Any IP that was contactedstring truetruefalse
Any SHA256 hash of any HTTP responsestring truetruefalse
Any URL that was requested (Regex)string truetruefalse
Any domain and subdomain that was contacted (Regex)string truetruefalse
Any of the AS numbers that were contacted (e.g. AS123)string truetruefalse
Append raw search filters (Example: AND page.apexDomain:“google.com”)string truetruefalse
Filename of file downloaded by the website (Regex)string truetruefalse
HTTP status code of primary request responsestring truetruefalse
ISO 3166-1 2-letter country code of any country that was contactedstring truetruefalse
Issuer of the page TLS certificate (Example: Cloudflare Inc ECC CA-3)string truetruefalse
MIME type description of file downloaded by the websitestring truetruefalse
MIME type of the primary HTTP responsestring truetruefalse
SHA256 of file downloaded by the websitestring truetruefalse
Title of the page (Regex)string truetruefalse

Transform Meta Info

InformationValue
Display NameSearch for Domain in Previously Scanned URLs [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.searchDomain
Input Entitiesmaltego.Domain
Output Entitiesmaltego.urlscan.ScanResult
Short DescriptionThis Transform returns the previous scans run on the input domain.

Search URL in Previous Scans [urlscan.io]

Description

This Transform returns the previous scans run on the input URL


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse
Any IP that was contactedstring truetruefalse
Any SHA256 hash of any HTTP responsestring truetruefalse
Any URL that was requested (Regex)string truetruefalse
Any domain and subdomain that was contacted (Regex)string truetruefalse
Any of the AS numbers that were contacted (e.g. AS123)string truetruefalse
Append raw search filters (Example: AND page.apexDomain:“google.com”)string truetruefalse
Filename of file downloaded by the website (Regex)string truetruefalse
HTTP status code of primary request responsestring truetruefalse
ISO 3166-1 2-letter country code of any country that was contactedstring truetruefalse
Issuer of the page TLS certificate (Example: Cloudflare Inc ECC CA-3)string truetruefalse
MIME type description of file downloaded by the websitestring truetruefalse
MIME type of the primary HTTP responsestring truetruefalse
SHA256 of file downloaded by the websitestring truetruefalse
Title of the page (Regex)string truetruefalse

Transform Meta Info

InformationValue
Display NameSearch URL in Previous Scans [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlToSearchUrlInPreviousScan
Input Entitiesmaltego.URL
Output Entitiesmaltego.urlscan.ScanResult
Short DescriptionThis Transform returns the previous scans run on the input URL

To Umbrella Inspection [urlscan.io]

Description

This Transform returns the Cisco Umbrella Top 1 Million annotation per hostname


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Umbrella Inspection [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToUmbrellaInspection
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.urlscan.Umbrella
Short DescriptionThis Transform returns the Cisco Umbrella Top 1 Million annotation per hostname

To Servers [urlscan.io]

Description

This Transform returns the unique HTTP “Server” headers of responses


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Servers [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToServers
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.urlscan.Server
Short DescriptionThis Transform returns the unique HTTP “Server” headers of responses

To Cookies Collected [urlscan.io]

Description

This Transform returns the cookies set by the page with associated metadata


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Cookies Collected [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToCookiesCollected
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.urlscan.Cookie
Short DescriptionThis Transform returns the cookies set by the page with associated metadata

To Files [urlscan.io]

Description

This Transform returns the details about the files downloaded by the website


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Files [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToFiles
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.urlscan.File
Short DescriptionThis Transform returns the details about the files downloaded by the website

To Screenshot [urlscan.io]

Description

This Transform returns the captured screenshot of the webpage


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Screenshot [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToScreenshot
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.Image
Short DescriptionThis Transform returns the captured screenshot of the webpage

To Console Messages [urlscan.io]

Description

This Transform returns the console messages during page navigation


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Console Messages [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToConsoleMessages
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.Phrase
Short DescriptionThis Transform returns the console messages during page navigation

To Wappalyzer Detection [urlscan.io]

Description

This Transform returns the Wappalyzer technology detection for fully loaded page


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Wappalyzer Detection [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToWappalyzerDetection
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.urlscan.Wappalyzer
Short DescriptionThis Transform returns the Wappalyzer technology detection for fully loaded page

To AS Numbers [urlscan.io]

Description

This Transform returns the Autonomous System Number for every IP contacted during page navigation


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo AS Numbers [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToAsNumber
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.AS
Short DescriptionThis Transform returns the Autonomous System Number for every IP contacted during page navigation

Search Domain [urlscan.io]

Description

This Transform returns the previous scans run on the host of input website


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse
Any IP that was contactedstring truetruefalse
Any SHA256 hash of any HTTP responsestring truetruefalse
Any URL that was requested (Regex)string truetruefalse
Any domain and subdomain that was contacted (Regex)string truetruefalse
Any of the AS numbers that were contacted (e.g. AS123)string truetruefalse
Append raw search filters (Example: AND page.apexDomain:“google.com”)string truetruefalse
Filename of file downloaded by the website (Regex)string truetruefalse
HTTP status code of primary request responsestring truetruefalse
ISO 3166-1 2-letter country code of any country that was contactedstring truetruefalse
Issuer of the page TLS certificate (Example: Cloudflare Inc ECC CA-3)string truetruefalse
MIME type description of file downloaded by the websitestring truetruefalse
MIME type of the primary HTTP responsestring truetruefalse
SHA256 of file downloaded by the websitestring truetruefalse
Title of the page (Regex)string truetruefalse

Transform Meta Info

InformationValue
Display NameSearch Domain [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.websiteSearchDomain
Input Entitiesmaltego.Website
Output Entitiesmaltego.urlscan.ScanResult
Short DescriptionThis Transform returns the previous scans run on the host of input website

To DOM URL [urlscan.io]

Description

This Transform returns the URL to the raw DOM captured


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo DOM URL [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToDom
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.urlscan.DOMURL
Short DescriptionThis Transform returns the URL to the raw DOM captured

To Non-Standard JavaScript Global Variables [urlscan.io]

Description

This Transform returns the JavaScript non-standard global variable names and types on the fully loaded page


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Non-Standard JavaScript Global Variables [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToNonstandardJavascriptGlobalVariables
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.Phrase
Short DescriptionThis Transform returns the JavaScript non-standard global variable names and types on the fully loaded page

To Locations [urlscan.io]

Description

This Transform returns the locations of the IP addresses of the server from which the URL was served


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Locations [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToLocations
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.Location
Short DescriptionThis Transform returns the locations of the IP addresses of the server from which the URL was served

To Requested URLs [urlscan.io]

Description

This Transform returns the URLs requested during the page navigation


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Requested URLs [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToRequestedUrls
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.URL
Short DescriptionThis Transform returns the URLs requested during the page navigation

To Linked Domains [urlscan.io]

Description

This Transform return the domain names of the links found on the scanned page


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Linked Domains [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToLinkedDomains
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.Domain
Short DescriptionThis Transform return the domain names of the links found on the scanned page

To All IOCs [urlscan.io]

Description

This Transform returns common potential IOCs encountered during page navigation


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo All IOCs [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToAllIocs
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.IPv4Address, maltego.IPv6Address, maltego.Hash, maltego.urlscan.File, maltego.Website, maltego.URL
Short DescriptionThis Transform returns common potential IOCs encountered during page navigation

Extract Hash [urlscan.io]

Description

This Transform extracts the hash from the input Entity


Transform Meta Info

InformationValue
Display NameExtract Hash [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlScanFileToExtractHash
Input Entitiesmaltego.urlscan.File
Output Entitiesmaltego.Hash
Short DescriptionThis Transform extracts the hash from the input Entity

Submit Scan [urlscan.io]

Description

This Transform submits the URL to be scanned


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse
Scan Tags (CSV)string truetruefalse
Scan Visibility (Example: Public, Unlisted, Private)string truetruefalse

Transform Meta Info

InformationValue
Display NameSubmit Scan [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlSubmitScan
Input Entitiesmaltego.URL
Output Entitiesmaltego.urlscan.ScanResult
Short DescriptionThis Transform submits the URL to be scanned

To Hashes [urlscan.io]

Description

This Transform returns the SHA256 hashes of HTTP response bodies


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Hashes [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToHashes
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.Hash
Short DescriptionThis Transform returns the SHA256 hashes of HTTP response bodies

To Certificates [urlscan.io]

Description

This Transform returns the TLS certificate details of the responses


Transform Settings

Display NameSetting TypeDefault ValueOptionalPopupAuthentication
API Keystring truefalsefalse

Transform Meta Info

InformationValue
Display NameTo Certificates [urlscan.io]
Owner 
AuthorMaltego
Data Sourceurlscan.io
Transform Nameurlscan.urlscanUrlToCertificates
Input Entitiesmaltego.urlscan.ScanResult
Output Entitiesmaltego.X509Certificate
Short DescriptionThis Transform returns the TLS certificate details of the responses

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Search all Maltego Guides:

Interested? Get your free demo
Questions? Contact us

© 2021 by Maltego Technologies.