Urlscan

What is Urlscan?

Urlscan.io is a free web analysis service that safely browses submitted URLs in an isolated sandboxed environment and records everything that happens during the page load: all HTTP requests made, JavaScript executed, cookies set, redirects followed, and the final rendered DOM. The result is a detailed report showing the full behavior of a web page, including any malicious content loading, drive-by download attempts, phishing form submissions, or redirect chains designed to obscure the final destination. Urlscan also captures a screenshot of the rendered page and extracts all observed domains, IP addresses, and file hashes as indicators of compromise. Because it accesses URLs in an isolated environment, analysts can safely investigate suspicious links from phishing emails or threat intelligence feeds without risking their own browser or network.

How does Urlscan work with Qevlar?

Qevlar uses Urlscan to safely analyze suspicious URLs encountered during automated phishing and threat intelligence investigations. When an alert involves a URL of unknown safety, Qevlar can submit it to Urlscan and use the resulting behavioral report and extracted IOCs to determine whether the link is malicious and to identify related infrastructure.