Advertisement

Advertisement

WordPress

Not All URL Scanners Are Created Equal – CheckPhish Vs. UrlScan.io Vs. ScamAdviser

Advertisement

Not all URL scanners are created equal - CheckPhish vs. UrlScan.io vs. ScamAdviser

Bought a Phishy Trying URL?

Phishing, spear phishing and enterprise e mail compromise (BEC)…nonetheless you determine the risk, the concern is all the time the identical. As a safety analyst how have you learnt for sure that the hyperlink or hyperlinks in a suspected phishing e mail are certainly malicious?

Advertisement

There are a number of techniques you may make use of. Typical methods embrace reviewing the MIME header of the e-mail, decoding encoded URLs, or hovering over the hyperlink within the URL. All these, nonetheless, require some stage of knowledgeable information to be efficient. Not solely that, it’s time consuming. Relying on the variety of emails you are analyzing, this might take hours of your time daily.

There’s a less complicated various, the place you copy the URL hyperlink out of the e-mail (with out clicking it!) and paste it right into a URL scanner. On this weblog we are going to take a look at three widespread URL scanning instruments that’ll examine a URL and decide whether it is protected:

  • CheckPhish.ai
  • Urlscan.io
  • ScamAdviser.com
  • We’ll evaluation the professionals and cons of those instruments to evaluate their accuracy and usefulness. And alongside the best way, we’ll study two totally different approaches for inspecting a suspicious URL: 1) A easy scan to know whether or not it’s malicious or not and a pair of) A evaluation of associated risk intelligence to know the context of a rendered verdict

    Advertisement

    For the comparability, we’ll use a hypothetical state of affairs to stroll by way of the 2 use circumstances. Within the state of affairs a person has reported an e mail that was delivered by Replit.com (a web-based, browser-primarily based IDE). The person experiences they don’t normally get emails like this and once they hover over the hyperlinks, issues look phishy. (see beneath).

    Not all URL scanners are created equal - CheckPhish vs. UrlScan.io vs. ScamAdviser


    Not all URL scanners are created equal - CheckPhish vs. UrlScan.io vs. ScamAdviser

    Advertisement

    Determine 1. Instance of suspicious URL delivered by way of Replit.

    Actual-Time URL Scanning

    CheckPhish.ai

    Advertisement

    Whereas I agree, this URL seems odd and the person mentioned it is uncommon to get an e mail from them, it is laborious to make certain. By copying out the hyperlink (proper click on > copy hyperlink deal with) and pasting it into CheckPhish.ai we get a verdict in seconds. It is clear!

    However how does CheckPhish.ai know it is clear? In contrast to different URL scanners, the instrument truly goes out and analyzes the URL in actual time. The backend of CheckPhish.ai is identical because the award-profitable Bolster enterprise platform utilized by corporations like Zoom, LinkedIn, and Dropbox. When scanning a URL, the instrument launches a headless browser to view the location. From there, it makes use of pc imaginative and prescient to determine logos and emblems after which combines it with pure language processing to know whether or not the intent of the location is malicious or not. What’s distinctive about CheckPhish is that it’s not simply an aggregation of open supply risk feeds that are freely out there. It’s an actual-time knowledgeable evaluation of the location with a false optimistic price of 1/100,000.

    Not all URL scanners are created equal - CheckPhish vs. UrlScan.io vs. ScamAdviser

    Advertisement

    Determine 2. CheckPhish output

    CheckPhish additionally is ready to deal with situations that different scanners appear unable to course of. For instance, right here, we will see a “source” and a “Redirected” URL on the left facet, close to the highest. The redirected URL is the official replit.com area and the trail seems to result in a careers web page. On this occasion, the reported e mail is reputable and poses no risk. CheckPhish.ai is ready to go to the redirected URL and full the evaluation. Not all of the scanners I examined had been in a position to do that.

    Scamadviser.com

    Performing the identical collection of steps on ScamAdviser.com seems to result in failure. It’s apparently unable to deal with redirected URLs, which is what we are working with on this case. Due to this, ScamAdviser.com is unable to help on this investigation.

    Not all URL scanners are created equal - CheckPhish vs. UrlScan.io vs. ScamAdviser

    Determine 3. ScamAdviser output

    Urlscan.io

    Utilizing urlscan.io, we will execute a profitable scan on the URL, nonetheless we get inaccurate outcomes as reported by the Google protected shopping check (Malicious). Urlscan.io aggregates a big amount of risk feeds, and it seems that Google Protected Shopping had at one level labeled Repl.it as a malicious website. Urlscan seems to not have up to date their information for the reason that website is now not labeled as malicious by Google Protected Shopping.

    Not all URL scanners are created equal - CheckPhish vs. UrlScan.io vs. ScamAdviser

    Determine 4. Urlscan.io output

    Risk Intelligence Gathering

    Checkphish.ai

    Due to the dynamic nature of URLs and domains, it is necessary to collect as a lot contextual info as you may, which provides you (the analyst) higher info to make choices about the very best remediation technique. CheckPhish.ai gives risk intelligence that critiques historic information to determine tendencies or patterns. Utilizing this risk intelligence we will see that the IP deal with at the moment hosting replit.com has at one level been concerned in a phishing marketing campaign.

    You’re additionally offered all the related info wanted if you wish to take motion in opposition to the location, for instance initiating a website takedown. CheckPhish.ai gives you with the hosting supplier, the IP deal with, and even the variety of previous phishing websites which have used that very same IP deal with.

    Not all URL scanners are created equal - CheckPhish vs. UrlScan.io vs. ScamAdviser

    Determine 5. CheckPhish risk intelligence

    Scamadviser.com

    As a result of ScamAdviser has did not convert the shortened URL on this demo, I’ve entered the “Redirected” URL (replit.com/website/careers) obtained from Checkphish.ai for this portion of the investigation.

    As we will see right here, ScamAdviser gives little or no risk intelligence for an analyst to make use of of their choice making course of. It does render a easy verdict, which is correct, nonetheless, they did have the problem the place they had been unable to deal with a redirected URL. Past the easy verdict, ScamAdviser doesn’t seem like designed for critical risk researchers or SOC analysts attempting to evaluate a risk and decide a remediation technique.

    Not all URL scanners are created equal - CheckPhish vs. UrlScan.io vs. ScamAdviser

    Determine 6. ScamAdviser risk intelligence

    Urlscan.io

    Urlscan.io gives an abundance of risk intelligence, however the technique by which it’s delivered makes it consumable solely by extra senior safety analysts. For instance, figuring out the risk posed by Javascript World Variables is a really difficult activity that many SOC analysts wouldn’t know the way to deal with. If the first goal of scanning a URL is to know whether or not it’s malicious or not, then urlscan.io misses the mark because it rendered an inaccurate verdict. The info it gathers and presents is complete, however it’s not all actionable. Most analysts wouldn’t discover it very helpful, and even perhaps deceptive for the reason that rendered verdict shouldn’t be correct.

    Not all URL scanners are created equal - CheckPhish vs. UrlScan.io vs. ScamAdviser

    Determine 7. Urlscan.io risk intelligence

    Abstract

    We could also be biased right here, however it seems CheckPhish stands out by way of each verdict accuracy and actionable risk intelligence. CheckPhish.ai is constructed on an enterprise platform utilized by among the largest corporations on this planet. It leverages pc imaginative and prescient and AI to rapidly decide the intent of an internet site in actual time reasonably than counting on risk feeds that may very well be days and even weeks outdated. This gives extremely correct, actionable, verdicts which in flip helps incident response groups to take swift motion. What’s extra it gives historic context that’s necessary for understanding previous phishing exercise serving to safety groups higher safe their enterprises. Test it out for your self!

    CheckPhish Actual-Time URL Scanning: checkphish.ai

    *** This can be a Safety Bloggers Community syndicated weblog from Bolster Blog authored by Jeff Baher. Learn the unique put up at: https://bolster.ai/blog/not-all-url-scanners-are-created-equal-checkphish-vs-urlscanio-vs-scamadviser/

    Advertisement

    Advertisement

    Travel Guides

    Travel Guides Buzz has breaking travel news, travel hotels, America travel guides, travel photos, latest travel news, Asia travel guides, Europe travel guides, Australia travel guides and all the trending buzz you’ll want to share with your friends. Copyright Travel Guides Buzz.

    Related Articles

    Advertisement

    Back to top button