During routine monitoring of malicious web activity on the urlscan platform, the urlscan Threat Research Team identified a phishing campaign abusing the Ultraviolet (UV) client-side proxy framework. This framework was being leveraged to obscure attacker infrastructure, evade traditional detection methods, and deliver high-fidelity credential harvesting content.
We are excited to be heading to PIVOTcon, where we will host a hands-on workshop focused on hunting phishing pages and infrastructure. If you are attending the conference, this is a great opportunity to connect with us and learn how to take make full use of our community and urlscan Pro platforms.
In this interactive workshop, we will show how analysts can transform a single suspicious URL into a deep investigation - uncovering entire phishing campaigns and the infrastructure behind them. Whether you’re new to urlscan.io or already using it in your workflow, this session is designed to give you practical techniques you can apply immediately.
Over the last couple of years, the urlscan Threat Research Team have observed repeated, near-identical “live support” webpages used to socially-engineer victims into installing legitimate remote access tools (AnyDesk, ConnectWise/ScreenConnect, TeamViewer, etc.). Threat actors pair these pages with cold calls impersonating banks, telcos, or crypto services and attempt to install screen sharing software. Once connected they take control of sessions and facilitate fraudulent transfers.
Today we are announcing a new API endpoint for looking up observables on urlscan.io: The Malicious Lookup API. This new endpoint enables fast checks against our database of malicious websites and is meant to answer a simple question:
Has this hostname/domain/IP/URL been observed hosting malicious content?
The API answers this question efficiently with predictable performance.
We have made significant improvements to our core AI features on the urlscan Pro platform: Brand AI allows users search for brand abuse using the visual representation of a website, ML verdicts deliver a score for the trustworthiness of a website and the new AI summaries help users understand the content of a website in a foreign language.
Starting May 4th, 2026 some of the publicly accessible API endpoints on urlscan.io will only respond to authenticated requests. An authenticated request is a request with a valid API key or by a signed-in user. The API endpoints affected are:
GET /api/v1/result/{scanId}/GET /dom/{scanId}/GET /responses/{fileHash}/Make sure all of your API integrations are sending the
urlscan API key via the appropriate api-key HTTP request header today.
Make sure to send API key headers for all requests against urlscan.io, even for API paths that do not require authentication today.
This is what an authenticated API call looks like:
curl -i -X GET \
'https://urlscan.io/api/v1/result/{scanId}/' \
-H 'api-key: YOUR_API_KEY_HERE'
For more details please check the API docs.
These changes are necessary to curb abuse of our platform and ensure its stability and availability for legitimate users.
We are excited to announce the launch of Data Dumps, a new feature that allows customers to bulk-download scan data from urlscan.io without making individual API calls for each result.
We are excited to announce new releases of our official CLI and Python library. These updates bring new features and improvements to help you integrate urlscan.io into your workflows more effectively.
Today we are announcing detailed activity insights for teams and API keys. The activity insights show users the quota consumption of each API key, and whether any of these API keys are generating errors when calling our APIs.
urlscan API key activity tracking
urlscan is excited to be a sponsor of CYBERWARCON for the third year in a row. We will be attending the conference and you are invited to meet up with us.
Like in the previous years, urlscan will be attending CYBERWARCON 2025 in Arlington, Virginia. We are proud to be sponsoring the conference for the third year in a row.
CYBERWARCON is the premier conference covering state-sponsored cyber threats. Each year it brings together hundreds of professionals from military and government, academia, the media, and the private sector. The conference takes place as a one-day event packed with talks and speakers of the highest caliber.
Our executive team is attending the conference to get in touch with our customer base and get an opportunity to sit down face to face. Whether you are a customer already or just curious about our platform, we invite you to reach out and schedule a meeting with us around the date of the conference itself. Please reach out to info@urlscan.io to get this set up.
Subscribe via RSS