urlscan.io is an incredible tool for taking a snapshot of a phishing website.
It doesn't just take a screenshot of the page, but also captures all the resources loaded and requests made by the page.
This data is then accessible through the search feature.
This is a companion discussion topic for the original entry at https://phish.report/blog/urlscanio-threat-hunting
Interesting. I’ll pass this through to our team.
That’s gonna be a pain to do if theres multiple sub-domains on a website.
Really enjoyed this article - have started using urlscan to find the majority of phishing sites now.
Finding phishing kits and have started looking into the zips to get a better understanding of inner workings.
Wrote a small python urlscan wildcard keyword scanner that uses their API.
Just enter keyword, mygov for example and will return everything with mygov in the results.
Was a real pain to get working.
I’m not sure open urlscan can search for wildcard keywords without API? Could be wrong.
Bradley, if you want it for Phish Report, is it possible to integrate?
Just requires a urlscan API key and its good to go.
100 percent works as I got passing grade for Python class.
I believe it works as long as you’re signed in, but it may be restricted to the paid version I’m not certain