Overview
urlscan.io is a free service to scan and analyze websites. When a URL is submitted to urlscan.io, an automated process will browse to the URL like a regular user and record the activity that this page navigation creates.
urlscan.io will take a screenshot of the page, record the DOM content, JavaScript global variables, server Ips, cookies created by the page, and many more details. If the site is targeting the users one of the more than 400 brands tracked by urlscan.io, it will be highlighted as potentially malicious in the scan results.
This includes the domains and IPs contacted, the resources (JavaScript, CSS, etc.) requested from those domains, as well as additional information about the page itself.
With urlscan.io Transforms for Maltego, investigators can retrieve information about a URL and all the details associated with the URL such as site content, relations to other sites and more.
You cna read more about urlscan.io Transforms for Maltego on our website here
Pricing and Access
urlscan.io Transforms are only available to Maltego users with a commercial license.
Malltego Commercial Hub Users with a Maltego One, Classic, or XL license have the following purchase options:
Click-and-Run (Pro)
Simply install and start using the Hub item with the following allowances:
- Search Requests: 5 Transform runs / day
- Results Request: 20 Transform runs / day
- Public Scans: 10 Transform runs / day
Click-and-Run (Enterprise)
Simply install and start using the Hub item with the following allowances:
- Search Requests: 50 Transform runs / day
- Results Requests: 200 Transform runs / day
- Public Scans: 100 Transform runs / day
Bring Your Own Key
For full solution access, plug in your existing API key or reach out to us using the purchase inquiry form on the Hub page.
Search in Other Scans [urlscan.io]
| API Key |
string |
|
true |
false |
false |
| Any SHA256 hash of any HTTP response |
string |
|
true |
true |
false |
| Any URL that was requested (Regex) |
string |
|
true |
true |
false |
| Any domain and subdomain that was contacted (Regex) |
string |
|
true |
true |
false |
| Any of the AS numbers that were contacted (e.g. AS123) |
string |
|
true |
true |
false |
| Append raw search filters (Example: AND page.apexDomain:“google.com”) |
string |
|
true |
true |
false |
| Filename of file downloaded by the website (Regex) |
string |
|
true |
true |
false |
| HTTP status code of primary request response |
string |
|
true |
true |
false |
| ISO 3166-1 2-letter country code of any country that was contacted |
string |
|
true |
true |
false |
| Issuer of the page TLS certificate (Example: Cloudflare Inc ECC CA-3) |
string |
|
true |
true |
false |
| MIME type description of file downloaded by the website |
string |
|
true |
true |
false |
| MIME type of the primary HTTP response |
string |
|
true |
true |
false |
| SHA256 of file downloaded by the website |
string |
|
true |
true |
false |
| Title of the page (Regex) |
string |
|
true |
true |
false |
| Display Name |
Search in Other Scans [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Output Entities |
maltego.urlscan.ScanResult |
Variants
| urlscan.ipv4AddressPerformSearch |
maltego.IPv4Address |
This Transform performs a search and returns the previous scans on which the given IOC was discovered |
| urlscan.ipv6AddressPerformSearch |
maltego.IPv6Address |
This Transform performs a search and returns the previous scans on which the given IOC was discovered |
| urlscan.urlscanFilePerformSearch |
maltego.urlscan.File |
This Transform performs a search and returns the previous scans on which the given IOC was discovered |
| urlscan.hashPerformSearch |
maltego.Hash |
This Transform performs a search and returns the previous scans on which the given IOC was discovered. |
| urlscan.phrasePerformSearch |
maltego.Phrase |
This Transform performs a raw search and returns matching previous scans |
To Transacted Domains [urlscan.io]
Description
This Transform returns the domain names that were transacted during the page navigation
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Transacted Domains [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToTransactedDomains |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.Domain |
| Short Description |
This Transform returns the domain names that were transacted during the page navigation |
Description
This Transform returns the IP addresses contacted during page navigation
| API Key |
string |
|
true |
false |
false |
| Display Name |
To IP Addresses Contacted [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToIpAddresses |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.IPv4Address, maltego.IPv6Address |
| Short Description |
This Transform returns the IP addresses contacted during page navigation |
To Reverse DNS Lookup [urlscan.io]
Description
This Transform returns the DNS PTR records for every hostname contacted during page navigation
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Reverse DNS Lookup [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToReverseDnsLookup |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.DNSName |
| Short Description |
This Transform returns the DNS PTR records for every hostname contacted during page navigation |
Description
This Transform extracts the submitted URL from the urlscan.io scan result
| Display Name |
Extract Submitted URL [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlScanResultToExtractTaskUrl |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.URL |
| Short Description |
This Transform extracts the submitted URL from the urlscan.io scan result |
To Web Page URLs [urlscan.io]
Description
This Transform returns the URLs and URL text contained on the fully loaded page
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Web Page URLs [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToWebPageUrls |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.URL |
| Short Description |
This Transform returns the URLs and URL text contained on the fully loaded page |
To Requests Made [urlscan.io]
Description
This Transform returns the details about individual HTTP transactions during page navigation
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Requests Made [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToRequestsMade |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.urlscan.Request |
| Short Description |
This Transform returns the details about individual HTTP transactions during page navigation |
Description
This Transform extracts the response of the HTTP transactions made during page navigation
| Display Name |
Extract Response [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanRequestToExtractResponse |
| Input Entities |
maltego.urlscan.Request |
| Output Entities |
maltego.urlscan.URLScanResponse |
| Short Description |
This Transform extracts the response of the HTTP transactions made during page navigation |
Search for Domain in Previously Scanned URLs [urlscan.io]
Description
This Transform returns the previous scans run on the input domain.
| API Key |
string |
|
true |
false |
false |
| Any IP that was contacted |
string |
|
true |
true |
false |
| Any SHA256 hash of any HTTP response |
string |
|
true |
true |
false |
| Any URL that was requested (Regex) |
string |
|
true |
true |
false |
| Any domain and subdomain that was contacted (Regex) |
string |
|
true |
true |
false |
| Any of the AS numbers that were contacted (e.g. AS123) |
string |
|
true |
true |
false |
| Append raw search filters (Example: AND page.apexDomain:“google.com”) |
string |
|
true |
true |
false |
| Filename of file downloaded by the website (Regex) |
string |
|
true |
true |
false |
| HTTP status code of primary request response |
string |
|
true |
true |
false |
| ISO 3166-1 2-letter country code of any country that was contacted |
string |
|
true |
true |
false |
| Issuer of the page TLS certificate (Example: Cloudflare Inc ECC CA-3) |
string |
|
true |
true |
false |
| MIME type description of file downloaded by the website |
string |
|
true |
true |
false |
| MIME type of the primary HTTP response |
string |
|
true |
true |
false |
| SHA256 of file downloaded by the website |
string |
|
true |
true |
false |
| Title of the page (Regex) |
string |
|
true |
true |
false |
| Display Name |
Search for Domain in Previously Scanned URLs [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.searchDomain |
| Input Entities |
maltego.Domain |
| Output Entities |
maltego.urlscan.ScanResult |
| Short Description |
This Transform returns the previous scans run on the input domain. |
Search URL in Previous Scans [urlscan.io]
Description
This Transform returns the previous scans run on the input URL
| API Key |
string |
|
true |
false |
false |
| Any IP that was contacted |
string |
|
true |
true |
false |
| Any SHA256 hash of any HTTP response |
string |
|
true |
true |
false |
| Any URL that was requested (Regex) |
string |
|
true |
true |
false |
| Any domain and subdomain that was contacted (Regex) |
string |
|
true |
true |
false |
| Any of the AS numbers that were contacted (e.g. AS123) |
string |
|
true |
true |
false |
| Append raw search filters (Example: AND page.apexDomain:“google.com”) |
string |
|
true |
true |
false |
| Filename of file downloaded by the website (Regex) |
string |
|
true |
true |
false |
| HTTP status code of primary request response |
string |
|
true |
true |
false |
| ISO 3166-1 2-letter country code of any country that was contacted |
string |
|
true |
true |
false |
| Issuer of the page TLS certificate (Example: Cloudflare Inc ECC CA-3) |
string |
|
true |
true |
false |
| MIME type description of file downloaded by the website |
string |
|
true |
true |
false |
| MIME type of the primary HTTP response |
string |
|
true |
true |
false |
| SHA256 of file downloaded by the website |
string |
|
true |
true |
false |
| Title of the page (Regex) |
string |
|
true |
true |
false |
| Display Name |
Search URL in Previous Scans [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlToSearchUrlInPreviousScan |
| Input Entities |
maltego.URL |
| Output Entities |
maltego.urlscan.ScanResult |
| Short Description |
This Transform returns the previous scans run on the input URL |
To Umbrella Inspection [urlscan.io]
Description
This Transform returns the Cisco Umbrella Top 1 Million annotation per hostname
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Umbrella Inspection [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToUmbrellaInspection |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.urlscan.Umbrella |
| Short Description |
This Transform returns the Cisco Umbrella Top 1 Million annotation per hostname |
To Servers [urlscan.io]
Description
This Transform returns the unique HTTP “Server” headers of responses
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Servers [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToServers |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.urlscan.Server |
| Short Description |
This Transform returns the unique HTTP “Server” headers of responses |
To Cookies Collected [urlscan.io]
Description
This Transform returns the cookies set by the page with associated metadata
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Cookies Collected [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToCookiesCollected |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.urlscan.Cookie |
| Short Description |
This Transform returns the cookies set by the page with associated metadata |
To Files [urlscan.io]
Description
This Transform returns the details about the files downloaded by the website
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Files [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToFiles |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.urlscan.File |
| Short Description |
This Transform returns the details about the files downloaded by the website |
To Screenshot [urlscan.io]
Description
This Transform returns the captured screenshot of the webpage
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Screenshot [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToScreenshot |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.Image |
| Short Description |
This Transform returns the captured screenshot of the webpage |
To Console Messages [urlscan.io]
Description
This Transform returns the console messages during page navigation
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Console Messages [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToConsoleMessages |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.Phrase |
| Short Description |
This Transform returns the console messages during page navigation |
To Wappalyzer Detection [urlscan.io]
Description
This Transform returns the Wappalyzer technology detection for fully loaded page
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Wappalyzer Detection [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToWappalyzerDetection |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.urlscan.Wappalyzer |
| Short Description |
This Transform returns the Wappalyzer technology detection for fully loaded page |
To AS Numbers [urlscan.io]
Description
This Transform returns the Autonomous System Number for every IP contacted during page navigation
| API Key |
string |
|
true |
false |
false |
| Display Name |
To AS Numbers [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToAsNumber |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.AS |
| Short Description |
This Transform returns the Autonomous System Number for every IP contacted during page navigation |
Search Domain [urlscan.io]
Description
This Transform returns the previous scans run on the host of input website
| API Key |
string |
|
true |
false |
false |
| Any IP that was contacted |
string |
|
true |
true |
false |
| Any SHA256 hash of any HTTP response |
string |
|
true |
true |
false |
| Any URL that was requested (Regex) |
string |
|
true |
true |
false |
| Any domain and subdomain that was contacted (Regex) |
string |
|
true |
true |
false |
| Any of the AS numbers that were contacted (e.g. AS123) |
string |
|
true |
true |
false |
| Append raw search filters (Example: AND page.apexDomain:“google.com”) |
string |
|
true |
true |
false |
| Filename of file downloaded by the website (Regex) |
string |
|
true |
true |
false |
| HTTP status code of primary request response |
string |
|
true |
true |
false |
| ISO 3166-1 2-letter country code of any country that was contacted |
string |
|
true |
true |
false |
| Issuer of the page TLS certificate (Example: Cloudflare Inc ECC CA-3) |
string |
|
true |
true |
false |
| MIME type description of file downloaded by the website |
string |
|
true |
true |
false |
| MIME type of the primary HTTP response |
string |
|
true |
true |
false |
| SHA256 of file downloaded by the website |
string |
|
true |
true |
false |
| Title of the page (Regex) |
string |
|
true |
true |
false |
| Display Name |
Search Domain [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.websiteSearchDomain |
| Input Entities |
maltego.Website |
| Output Entities |
maltego.urlscan.ScanResult |
| Short Description |
This Transform returns the previous scans run on the host of input website |
To DOM URL [urlscan.io]
Description
This Transform returns the URL to the raw DOM captured
| API Key |
string |
|
true |
false |
false |
| Display Name |
To DOM URL [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToDom |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.urlscan.DOMURL |
| Short Description |
This Transform returns the URL to the raw DOM captured |
To Non-Standard JavaScript Global Variables [urlscan.io]
Description
This Transform returns the JavaScript non-standard global variable names and types on the fully loaded page
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Non-Standard JavaScript Global Variables [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToNonstandardJavascriptGlobalVariables |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.Phrase |
| Short Description |
This Transform returns the JavaScript non-standard global variable names and types on the fully loaded page |
To Locations [urlscan.io]
Description
This Transform returns the locations of the IP addresses of the server from which the URL was served
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Locations [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToLocations |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.Location |
| Short Description |
This Transform returns the locations of the IP addresses of the server from which the URL was served |
To Requested URLs [urlscan.io]
Description
This Transform returns the URLs requested during the page navigation
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Requested URLs [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToRequestedUrls |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.URL |
| Short Description |
This Transform returns the URLs requested during the page navigation |
To Linked Domains [urlscan.io]
Description
This Transform return the domain names of the links found on the scanned page
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Linked Domains [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToLinkedDomains |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.Domain |
| Short Description |
This Transform return the domain names of the links found on the scanned page |
To All IOCs [urlscan.io]
Description
This Transform returns common potential IOCs encountered during page navigation
| API Key |
string |
|
true |
false |
false |
| Display Name |
To All IOCs [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToAllIocs |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.IPv4Address, maltego.IPv6Address, maltego.Hash, maltego.urlscan.File, maltego.Website, maltego.URL |
| Short Description |
This Transform returns common potential IOCs encountered during page navigation |
Description
This Transform extracts the hash from the input Entity
| Display Name |
Extract Hash [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlScanFileToExtractHash |
| Input Entities |
maltego.urlscan.File |
| Output Entities |
maltego.Hash |
| Short Description |
This Transform extracts the hash from the input Entity |
Submit Scan [urlscan.io]
Description
This Transform submits the URL to be scanned
| API Key |
string |
|
true |
false |
false |
| Scan Tags (CSV) |
string |
|
true |
true |
false |
| Scan Visibility (Example: Public, Unlisted, Private) |
string |
|
true |
true |
false |
| Display Name |
Submit Scan [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlSubmitScan |
| Input Entities |
maltego.URL |
| Output Entities |
maltego.urlscan.ScanResult |
| Short Description |
This Transform submits the URL to be scanned |
To Hashes [urlscan.io]
Description
This Transform returns the SHA256 hashes of HTTP response bodies
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Hashes [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToHashes |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.Hash |
| Short Description |
This Transform returns the SHA256 hashes of HTTP response bodies |
To Certificates [urlscan.io]
Description
This Transform returns the TLS certificate details of the responses
| API Key |
string |
|
true |
false |
false |
| Display Name |
To Certificates [urlscan.io] |
| Owner |
|
| Author |
Maltego |
| Data Source |
urlscan.io |
| Transform Name |
urlscan.urlscanUrlToCertificates |
| Input Entities |
maltego.urlscan.ScanResult |
| Output Entities |
maltego.X509Certificate |
| Short Description |
This Transform returns the TLS certificate details of the responses |