Skip to main content

Use Case: Scam domains

  • July 14, 2026
  • 1 reply
  • 6 views

Hello,

 

I am using Censys to identify scam domains by using OSINT indicators. After reviewing hundreds of websites, I have started to identify indicators of scam sites (specifically crypto investment fraud). I’ve found that the censys collection data is most useful! I’m getting hits almost daily on new scam sites. 

However, one issue that I have been running into is getting consistent results with the query. For example, I know there are certain images that I can link to specific templates of a scam site, but its hit or miss. 

I tend to use the web.endpoints.http.body , but it doesn’t always work.  

I’m trying to build some cheat sheet queries. Are there any really good search examples out there? Funny enough, claude and chatgpt have not been very helpful on cleaning up my search parameters. 

1 reply

  • Author
  • New Participant
  • July 14, 2026

Here is an example: 

I have a known exposed cloud bucket and I would like to find out all sites that are calling out to that bucket or have hosting files. I have tried just “bucketname.cloudservice.io” and I don’t get any results. I tried using web.hostname=~`bucketname.cloudservice.io` , nothing 

however, one of my collections is setup just to look for all the buckets, so I know there is data out there. I am currently looking at 300 domains in URLScan, so I know they are out there….