Company

About Voretix

Voretix is a free URL scanner that detonates suspicious links in an isolated browser sandbox — and turns what it sees into threat intelligence the whole security community can search, hunt across and build on.

Why Voretix exists

Most of the damage done by malicious links happens in a narrow window: a phishing page goes live, harvests credentials for a few hours, and disappears before it ever reaches a blocklist. Reputation feeds are essential, but they are records of yesterday's attacks. The gap between "this URL just arrived" and "this URL is on a list" is exactly where people get hurt.

Voretix exists to close that gap. Instead of asking whether a link has already been reported, we open it — in an isolated browser sandbox, away from your machine — and judge the page by what it actually is: where its redirects really lead, what its certificate says, how its layout compares to known phishing kits, how old its domain is, and what the page tries to do. Anyone should be able to get that answer before clicking, whether they run a SOC or just received a text message that feels off.

What we do

The platform has four pillars, and they feed each other: every public scan makes Search and Hunt more useful, and everything you can do in the browser you can automate through the API.

How verdicts are produced

No single signal is trustworthy on its own, so every scan is judged by three independent families of evidence:

  • Heuristic rules — patterns in the page content, redirect behaviour and hosting setup that analysts recognise in malicious campaigns, encoded as deterministic checks;
  • AI analysis — a model reviews what the page shows and asks for, catching lures that no fixed rule anticipated;
  • Infrastructure signals — how recently the domain was registered, what the TLS certificate reveals, and whether the page is structurally similar to known-bad pages already in the corpus, even when the domain is brand new.

The result is a verdict and risk score backed by named findings, so you can see why a page was flagged rather than take our word for it. And because no scanner is perfect, every report can be challenged: if you believe a verdict is wrong, use the report option on the scan page and a human will take another look.

What we believe

Detonation over reputation
Blocklists lag; phishing pages live for hours. We judge a page by what it actually does in a real browser, not only by whether someone has reported it before.
Free for everyone
Checking whether a link is safe should not require a security budget. Every account includes 100 scans per month, with full reports — paid plans add API volume, not basic safety.
Shared by default, private when needed
Public scans join a corpus that every analyst can search and hunt across — each submission makes the next verdict smarter. Sensitive work can stay private.
Submitter privacy is non-negotiable
Who submitted a scan, and from where, is never public: identity and source IP are never searchable and never appear in Hunt results. Only the scanned page is on display.

Who uses Voretix

Voretix is built by and for people who look at suspicious URLs all day — and for everyone else who just wants to know if a link is safe:

  • SOC analysts enrich alerts and quarantine decisions with sandbox verdicts, from the site or straight from their SOAR playbooks via the API;
  • Threat researchers use Hunt to track phishing kits as they rotate across domains, pivoting on redirect chains, technologies and structural fingerprints;
  • Red and blue teams check their infrastructure's footprint and study real campaigns in the public corpus;
  • Everyone else pastes in the link from that suspicious email or text message and gets an answer — with the evidence to back it up.

Get in touch

Every route to the team is on the Contact & Support page — these are the ones people need most:

  • Product support[email protected] for accounts, quotas, plans and the API;
  • Privacy questions or data requests[email protected] (see the Privacy Policy);
  • Legal and abuse matters[email protected] (see the Terms of Service);
  • A verdict you disagree with — use the report option on the scan result page, so the review lands next to the evidence;
  • What we're working on — the blog covers new features, detection research and analyst guides, and the API documentation is the fastest way to see what the platform can do.