Why Voretix exists
Most of the damage done by malicious links happens in a narrow window: a phishing page goes live, harvests credentials for a few hours, and disappears before it ever reaches a blocklist. Reputation feeds are essential, but they are records of yesterday's attacks. The gap between "this URL just arrived" and "this URL is on a list" is exactly where people get hurt.
Voretix exists to close that gap. Instead of asking whether a link has already been reported, we open it — in an isolated browser sandbox, away from your machine — and judge the page by what it actually is: where its redirects really lead, what its certificate says, how its layout compares to known phishing kits, how old its domain is, and what the page tries to do. Anyone should be able to get that answer before clicking, whether they run a SOC or just received a text message that feels off.
What we do
The platform has four pillars, and they feed each other: every public scan makes Search and Hunt more useful, and everything you can do in the browser you can automate through the API.
How verdicts are produced
No single signal is trustworthy on its own, so every scan is judged by three independent families of evidence:
- Heuristic rules — patterns in the page content, redirect behaviour and hosting setup that analysts recognise in malicious campaigns, encoded as deterministic checks;
- AI analysis — a model reviews what the page shows and asks for, catching lures that no fixed rule anticipated;
- Infrastructure signals — how recently the domain was registered, what the TLS certificate reveals, and whether the page is structurally similar to known-bad pages already in the corpus, even when the domain is brand new.
The result is a verdict and risk score backed by named findings, so you can see why a page was flagged rather than take our word for it. And because no scanner is perfect, every report can be challenged: if you believe a verdict is wrong, use the report option on the scan page and a human will take another look.
What we believe
Who uses Voretix
Voretix is built by and for people who look at suspicious URLs all day — and for everyone else who just wants to know if a link is safe:
- SOC analysts enrich alerts and quarantine decisions with sandbox verdicts, from the site or straight from their SOAR playbooks via the API;
- Threat researchers use Hunt to track phishing kits as they rotate across domains, pivoting on redirect chains, technologies and structural fingerprints;
- Red and blue teams check their infrastructure's footprint and study real campaigns in the public corpus;
- Everyone else pastes in the link from that suspicious email or text message and gets an answer — with the evidence to back it up.
Get in touch
Every route to the team is on the Contact & Support page — these are the ones people need most:
- Product support — [email protected] for accounts, quotas, plans and the API;
- Privacy questions or data requests — [email protected] (see the Privacy Policy);
- Legal and abuse matters — [email protected] (see the Terms of Service);
- A verdict you disagree with — use the report option on the scan result page, so the review lands next to the evidence;
- What we're working on — the blog covers new features, detection research and analyst guides, and the API documentation is the fastest way to see what the platform can do.