Open navigation

urlscan.io

Modified on: Tue, 12 Jul, 2022 at 5:37 PM

Overview

urlscan.io is a free service to scan and analyze websites. When a URL is submitted to urlscan.io, an automated process will browse to the URL like a regular user and record the activity that this page navigation creates.


urlscan.io will take a screenshot of the page, record the DOM content, JavaScript global variables, server Ips, cookies created by the page, and many more details. If the site is targeting the users one of the more than 400 brands tracked by urlscan.io, it will be highlighted as potentially malicious in the scan results.


This includes the domains and IPs contacted, the resources (JavaScript, CSS, etc.) requested from those domains, as well as additional information about the page itself.


With urlscan.io Transforms for Maltego, investigators can retrieve information about a URL and all the details associated with the URL such as site content, relations to other sites and more.


You cna read more about urlscan.io Transforms for Maltego on our website here


Pricing and Access

urlscan.io Transforms are only available to Maltego users with a commercial license.


Malltego Commercial Hub Users with a Maltego One, Classic, or XL license have the following purchase options:


Click-and-Run (Pro)

Simply install and start using the Hub item with the following allowances:

  • Search Requests: 5 Transform runs / day
  • Results Request: 20 Transform runs / day
  • Public Scans: 10 Transform runs / day


Click-and-Run (Enterprise)

Simply install and start using the Hub item with the following allowances:

  • Search Requests: 50 Transform runs / day
  • Results Requests: 200 Transform runs / day
  • Public Scans: 100 Transform runs / day


Bring Your Own Key

For full solution access, plug in your existing API key or reach out to us using the purchase inquiry form on the Hub page.



urlscan.io Transforms

Search in Other Scans [urlscan.io]

Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false
Any SHA256 hash of any HTTP response string   true true false
Any URL that was requested (Regex) string   true true false
Any domain and subdomain that was contacted (Regex) string   true true false
Any of the AS numbers that were contacted (e.g. AS123) string   true true false
Append raw search filters (Example: AND page.apexDomain:“google.com”) string   true true false
Filename of file downloaded by the website (Regex) string   true true false
HTTP status code of primary request response string   true true false
ISO 3166-1 2-letter country code of any country that was contacted string   true true false
Issuer of the page TLS certificate (Example: Cloudflare Inc ECC CA-3) string   true true false
MIME type description of file downloaded by the website string   true true false
MIME type of the primary HTTP response string   true true false
SHA256 of file downloaded by the website string   true true false
Title of the page (Regex) string   true true false

Transform Meta Info

Information Value
Display Name Search in Other Scans [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Output Entities maltego.urlscan.ScanResult

Variants

Transform Name Input Entities Short Description
urlscan.ipv4AddressPerformSearch maltego.IPv4Address This Transform performs a search and returns the previous scans on which the given IOC was discovered
urlscan.ipv6AddressPerformSearch maltego.IPv6Address This Transform performs a search and returns the previous scans on which the given IOC was discovered
urlscan.urlscanFilePerformSearch maltego.urlscan.File This Transform performs a search and returns the previous scans on which the given IOC was discovered
urlscan.hashPerformSearch maltego.Hash This Transform performs a search and returns the previous scans on which the given IOC was discovered.
urlscan.phrasePerformSearch maltego.Phrase This Transform performs a raw search and returns matching previous scans

To Transacted Domains [urlscan.io]

Description

This Transform returns the domain names that were transacted during the page navigation


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Transacted Domains [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToTransactedDomains
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.Domain
Short Description This Transform returns the domain names that were transacted during the page navigation

To IP Addresses Contacted [urlscan.io]

Description

This Transform returns the IP addresses contacted during page navigation


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To IP Addresses Contacted [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToIpAddresses
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.IPv4Address, maltego.IPv6Address
Short Description This Transform returns the IP addresses contacted during page navigation

To Reverse DNS Lookup [urlscan.io]

Description

This Transform returns the DNS PTR records for every hostname contacted during page navigation


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Reverse DNS Lookup [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToReverseDnsLookup
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.DNSName
Short Description This Transform returns the DNS PTR records for every hostname contacted during page navigation

Extract Submitted URL [urlscan.io]

Description

This Transform extracts the submitted URL from the urlscan.io scan result


Transform Meta Info

Information Value
Display Name Extract Submitted URL [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlScanResultToExtractTaskUrl
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.URL
Short Description This Transform extracts the submitted URL from the urlscan.io scan result

To Web Page URLs [urlscan.io]

Description

This Transform returns the URLs and URL text contained on the fully loaded page


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Web Page URLs [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToWebPageUrls
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.URL
Short Description This Transform returns the URLs and URL text contained on the fully loaded page

To Requests Made [urlscan.io]

Description

This Transform returns the details about individual HTTP transactions during page navigation


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Requests Made [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToRequestsMade
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.urlscan.Request
Short Description This Transform returns the details about individual HTTP transactions during page navigation

Extract Response [urlscan.io]

Description

This Transform extracts the response of the HTTP transactions made during page navigation


Transform Meta Info

Information Value
Display Name Extract Response [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanRequestToExtractResponse
Input Entities maltego.urlscan.Request
Output Entities maltego.urlscan.URLScanResponse
Short Description This Transform extracts the response of the HTTP transactions made during page navigation

Search for Domain in Previously Scanned URLs [urlscan.io]

Description

This Transform returns the previous scans run on the input domain.


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false
Any IP that was contacted string   true true false
Any SHA256 hash of any HTTP response string   true true false
Any URL that was requested (Regex) string   true true false
Any domain and subdomain that was contacted (Regex) string   true true false
Any of the AS numbers that were contacted (e.g. AS123) string   true true false
Append raw search filters (Example: AND page.apexDomain:“google.com”) string   true true false
Filename of file downloaded by the website (Regex) string   true true false
HTTP status code of primary request response string   true true false
ISO 3166-1 2-letter country code of any country that was contacted string   true true false
Issuer of the page TLS certificate (Example: Cloudflare Inc ECC CA-3) string   true true false
MIME type description of file downloaded by the website string   true true false
MIME type of the primary HTTP response string   true true false
SHA256 of file downloaded by the website string   true true false
Title of the page (Regex) string   true true false

Transform Meta Info

Information Value
Display Name Search for Domain in Previously Scanned URLs [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.searchDomain
Input Entities maltego.Domain
Output Entities maltego.urlscan.ScanResult
Short Description This Transform returns the previous scans run on the input domain.

Search URL in Previous Scans [urlscan.io]

Description

This Transform returns the previous scans run on the input URL


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false
Any IP that was contacted string   true true false
Any SHA256 hash of any HTTP response string   true true false
Any URL that was requested (Regex) string   true true false
Any domain and subdomain that was contacted (Regex) string   true true false
Any of the AS numbers that were contacted (e.g. AS123) string   true true false
Append raw search filters (Example: AND page.apexDomain:“google.com”) string   true true false
Filename of file downloaded by the website (Regex) string   true true false
HTTP status code of primary request response string   true true false
ISO 3166-1 2-letter country code of any country that was contacted string   true true false
Issuer of the page TLS certificate (Example: Cloudflare Inc ECC CA-3) string   true true false
MIME type description of file downloaded by the website string   true true false
MIME type of the primary HTTP response string   true true false
SHA256 of file downloaded by the website string   true true false
Title of the page (Regex) string   true true false

Transform Meta Info

Information Value
Display Name Search URL in Previous Scans [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlToSearchUrlInPreviousScan
Input Entities maltego.URL
Output Entities maltego.urlscan.ScanResult
Short Description This Transform returns the previous scans run on the input URL

To Umbrella Inspection [urlscan.io]

Description

This Transform returns the Cisco Umbrella Top 1 Million annotation per hostname


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Umbrella Inspection [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToUmbrellaInspection
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.urlscan.Umbrella
Short Description This Transform returns the Cisco Umbrella Top 1 Million annotation per hostname

To Servers [urlscan.io]

Description

This Transform returns the unique HTTP “Server” headers of responses


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Servers [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToServers
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.urlscan.Server
Short Description This Transform returns the unique HTTP “Server” headers of responses

To Cookies Collected [urlscan.io]

Description

This Transform returns the cookies set by the page with associated metadata


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Cookies Collected [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToCookiesCollected
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.urlscan.Cookie
Short Description This Transform returns the cookies set by the page with associated metadata

To Files [urlscan.io]

Description

This Transform returns the details about the files downloaded by the website


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Files [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToFiles
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.urlscan.File
Short Description This Transform returns the details about the files downloaded by the website

To Screenshot [urlscan.io]

Description

This Transform returns the captured screenshot of the webpage


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Screenshot [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToScreenshot
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.Image
Short Description This Transform returns the captured screenshot of the webpage

To Console Messages [urlscan.io]

Description

This Transform returns the console messages during page navigation


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Console Messages [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToConsoleMessages
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.Phrase
Short Description This Transform returns the console messages during page navigation

To Wappalyzer Detection [urlscan.io]

Description

This Transform returns the Wappalyzer technology detection for fully loaded page


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Wappalyzer Detection [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToWappalyzerDetection
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.urlscan.Wappalyzer
Short Description This Transform returns the Wappalyzer technology detection for fully loaded page

To AS Numbers [urlscan.io]

Description

This Transform returns the Autonomous System Number for every IP contacted during page navigation


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To AS Numbers [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToAsNumber
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.AS
Short Description This Transform returns the Autonomous System Number for every IP contacted during page navigation

Search Domain [urlscan.io]

Description

This Transform returns the previous scans run on the host of input website


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false
Any IP that was contacted string   true true false
Any SHA256 hash of any HTTP response string   true true false
Any URL that was requested (Regex) string   true true false
Any domain and subdomain that was contacted (Regex) string   true true false
Any of the AS numbers that were contacted (e.g. AS123) string   true true false
Append raw search filters (Example: AND page.apexDomain:“google.com”) string   true true false
Filename of file downloaded by the website (Regex) string   true true false
HTTP status code of primary request response string   true true false
ISO 3166-1 2-letter country code of any country that was contacted string   true true false
Issuer of the page TLS certificate (Example: Cloudflare Inc ECC CA-3) string   true true false
MIME type description of file downloaded by the website string   true true false
MIME type of the primary HTTP response string   true true false
SHA256 of file downloaded by the website string   true true false
Title of the page (Regex) string   true true false

Transform Meta Info

Information Value
Display Name Search Domain [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.websiteSearchDomain
Input Entities maltego.Website
Output Entities maltego.urlscan.ScanResult
Short Description This Transform returns the previous scans run on the host of input website

To DOM URL [urlscan.io]

Description

This Transform returns the URL to the raw DOM captured


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To DOM URL [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToDom
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.urlscan.DOMURL
Short Description This Transform returns the URL to the raw DOM captured

To Non-Standard JavaScript Global Variables [urlscan.io]

Description

This Transform returns the JavaScript non-standard global variable names and types on the fully loaded page


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Non-Standard JavaScript Global Variables [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToNonstandardJavascriptGlobalVariables
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.Phrase
Short Description This Transform returns the JavaScript non-standard global variable names and types on the fully loaded page

To Locations [urlscan.io]

Description

This Transform returns the locations of the IP addresses of the server from which the URL was served


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Locations [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToLocations
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.Location
Short Description This Transform returns the locations of the IP addresses of the server from which the URL was served

To Requested URLs [urlscan.io]

Description

This Transform returns the URLs requested during the page navigation


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Requested URLs [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToRequestedUrls
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.URL
Short Description This Transform returns the URLs requested during the page navigation

To Linked Domains [urlscan.io]

Description

This Transform return the domain names of the links found on the scanned page


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Linked Domains [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToLinkedDomains
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.Domain
Short Description This Transform return the domain names of the links found on the scanned page

To All IOCs [urlscan.io]

Description

This Transform returns common potential IOCs encountered during page navigation


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To All IOCs [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToAllIocs
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.IPv4Address, maltego.IPv6Address, maltego.Hash, maltego.urlscan.File, maltego.Website, maltego.URL
Short Description This Transform returns common potential IOCs encountered during page navigation

Extract Hash [urlscan.io]

Description

This Transform extracts the hash from the input Entity


Transform Meta Info

Information Value
Display Name Extract Hash [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlScanFileToExtractHash
Input Entities maltego.urlscan.File
Output Entities maltego.Hash
Short Description This Transform extracts the hash from the input Entity

Submit Scan [urlscan.io]

Description

This Transform submits the URL to be scanned


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false
Scan Tags (CSV) string   true true false
Scan Visibility (Example: Public, Unlisted, Private) string   true true false

Transform Meta Info

Information Value
Display Name Submit Scan [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlSubmitScan
Input Entities maltego.URL
Output Entities maltego.urlscan.ScanResult
Short Description This Transform submits the URL to be scanned

To Hashes [urlscan.io]

Description

This Transform returns the SHA256 hashes of HTTP response bodies


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Hashes [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToHashes
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.Hash
Short Description This Transform returns the SHA256 hashes of HTTP response bodies

To Certificates [urlscan.io]

Description

This Transform returns the TLS certificate details of the responses


Transform Settings

Display Name Setting Type Default Value Optional Popup Authentication
API Key string   true false false

Transform Meta Info

Information Value
Display Name To Certificates [urlscan.io]
Owner  
Author Maltego
Data Source urlscan.io
Transform Name urlscan.urlscanUrlToCertificates
Input Entities maltego.urlscan.ScanResult
Output Entities maltego.X509Certificate
Short Description This Transform returns the TLS certificate details of the responses

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.