I love clicking links, hunt for fake website using urlscan
Let’s dive right in! There’s a powerful tool called urlscan.io, which has been around for quite some time. It’s a great resource for discovering newly emerging phishing, scam, fraud, or malware-dropping websites.
I won’t be covering the basics here — you can easily find plenty of guides online if you’re just starting out with urlscan.io. But if you’re interested in serious hunting, I’m going to share some effective queries you can leverage to find these malicious sites.
Step 1: First, you’ll need to create an account on urlscan.io to unlock its full potential for hunting.
Step 2: Once your account is set up, head over to the search section and start experimenting with different query combinations. There’s no spoon-feeding here — you’ll need to get hands-on to truly master it.
We’ll begin by searching for URLs that specifically use the TLD gov.in. This is useful to identify any suspicious or fraudulent activities targeting official Indian government domains.
page.domain:(/.*.gov.in.*/)The query we used is designed to find domains containing gov.in, even if there are additional subdomains or paths after it (using *.gov.in.*).
And after scrolling i got a fake website which is impersonating Indian government solar panel scheme.
With the festive season approaching, scammers are likely to create fake websites impersonating major e-commerce brands like Flipkart, Amazon, and others to trick people into sharing their personal and payment information.
The below query searches for URLs containing the word “fllipkart”. The page.url filter specifically looks for the keyword within the entire URL, allowing you to spot malicious sites that try to mimic legitimate e-commerce domains.
page.url:(/.*fllipkart.*/)
Mix and match different keywords to widen your search results
Try adding TLDs to filter specific domains.
After identifying a suspicious website, use the “Similar Websites” option on urlscan.io to discover other domains that might be part of the same scam campaign.
Additionally, you can enhance your search by using WOFF hashes, favicon hashes, or filenames found in the HTTP section of a scan.
Look for variations that scammers might use:
page.url:”flipkart-offers”
page.url:”amazon-giveaway”
page.url:”flipkart-discount”
This is just scratching the surface! To truly excel at hunting down these malicious websites, you need to build your own hypotheses and expand beyond the basics. Use the help section on urlscan.io, dive into other researcher blogs, and explore advanced techniques.
Don’t just rely on what’s spoon-fed. Experiment, explore, and develop your own strategies — you’ll uncover patterns and threats that others miss.
