ZoxrimZoxrim
Features

URL Scanner

How to use the Zoxrim URL scanner to analyze websites and detect threats in real-time.

The URL Scanner is Zoxrim's core feature. It analyzes any URL against 15+ threat intelligence sources in parallel, returning a comprehensive risk assessment in under three seconds.

How to Scan a URL

  1. Open Zoxrim and navigate to URL Scanner in the left sidebar
  2. Paste or type the URL you want to analyze into the input field
  3. Click Scan or press Enter
  4. The scanner shows a live progress indicator as it queries each data source
  5. Results appear automatically when all sources have responded

You can scan URLs in several formats: full URLs with scheme (https://example.com), bare domains (example.com), and shortened URLs (bit.ly/abc123) — the scanner will follow the redirect chain and analyze the final destination.

What the Scanner Analyzes

Threat Intelligence Sources

The scanner queries all of the following simultaneously:

  • Google Safe Browsing: Phishing and malware URL lists maintained by Google
  • URLHaus: Community-driven database of active malware distribution URLs
  • PhishTank: Verified phishing URLs from community reporting
  • AlienVault OTX: Open threat exchange with named campaign association
  • VirusTotal: Aggregated results from 90+ antivirus engines and URL scanners
  • AbuseIPDB: IP reputation based on community abuse reports
  • Shodan: Internet-wide scanning data and exposed service information
  • Feodo Tracker: Botnet command-and-control infrastructure

Domain and Infrastructure Analysis

Beyond reputation databases, the scanner performs active infrastructure analysis:

  • DNS resolution: Full A, AAAA, MX, and NS record lookup
  • WHOIS lookup: Domain registration date, registrar, and registration country
  • SSL/TLS certificate inspection: Certificate authority, issuance date, and validity
  • Redirect chain following: Traces all HTTP redirects to the final destination
  • Homograph detection: Identifies Unicode lookalike attacks in domain names

Understanding the Risk Score

The risk score ranges from 0 to 100:

| Score | Classification | Recommended Action | |-------|---------------|-------------------| | 0–19 | Safe | Proceed normally | | 20–59 | Suspicious | Exercise caution | | 60–100 | Dangerous | Do not visit |

The score is computed by a machine learning model trained on millions of confirmed malicious and benign URLs. It weighs both the number of sources flagging the URL and the confidence level of each source.

Reviewing Findings

Below the risk score, the Findings panel shows a detailed breakdown:

  • Each threat intelligence source and its verdict (Clean / Flagged / No data)
  • Detection counts from VirusTotal (e.g., "14 of 90 engines flagged")
  • The domain's registration age and registrar
  • The SSL certificate authority and expiry date
  • Any named threat campaign associations from OTX

The AI Explanation section (available on Starter and Pro plans) provides a plain-language summary of why the URL was scored as it was, and what specific risk factors contributed most.

Exporting Results

To save or share a scan result:

  • Click Copy Link to generate a shareable result URL
  • Click Export to download the result as JSON (Pro and Enterprise plans) or CSV (all paid plans)
  • Results are also saved automatically to your Scan History, accessible from the sidebar

Scan History and Re-scanning

All scans are stored in your account history (30 days on Free, 90 days on Starter, 365 days on Pro and Enterprise). You can return to any past result and click Re-scan to run a fresh analysis against current threat intelligence data. This is useful for URLs that were clean when first scanned but may have been flagged since.

Previous

Getting Started with Zoxrim

Next

Email Monitor

Need help? Contact support or visit our security blog.