S ScrapeSmith alpha

Positioning

An honest accounting of where we fit — and where we don't.

This page exists because we think pricing pages full of marketing are bad for buyers and bad for our reputation. Here's the elevator pitch and the teardown. Disagree with anything? Tell us at hello@scrapesmith.io.

ScrapeSmith is a urlscan / VirusTotal alternative built around an on-prem AI review layer. We give you a confident, explained verdict on any URL — including brand impersonations the incumbents miss because they only track 500 brands — at a transparent per-scan price with a real free tier and a real API. Because our AI runs on our hardware, we can afford to reason on every uncertain scan, re-score history when our models improve, and keep your URLs on our infrastructure. No quote calls. No surprise renewals. Just POST /scan.

Four wedges we win on

1

On-prem AI unit economics

Every URL-scanning competitor adding LLM reasoning faces a per-token bill at scan time. Inference for us is electricity, not OpenAI invoice line items. That lets us reason on every gray-zone scan and re-score the backlog when prompts get better — competitors can't.

2

Modern developer experience

Public pricing. POST /scan as a first-class citizen. Webhooks free, not enterprise-locked. Auto-generated SDKs from the OpenAPI spec. CLI that prints JSON to stdout. The Stripe of malicious-URL scanning, not the Salesforce of it.

3

Kit-clustering as a flywheel

pgvector embeddings + DOM simhash + screenshot pHash. "Show me every page in our corpus that's the same kit as this URL" — one API call. The feature brand-protection vendors charge $50k/year as a managed service. We sell it as an API endpoint.

4

Stealth that's actually documented

Patchright fork of Playwright, browserforge fingerprints, residential proxy pool, WebRTC-leak blocking. The same anti-bot posture that sophisticated kits cloak against on urlscan, we publish at /stealth — it's a credibility signal in this market.

Head-to-head with the incumbents

vs. urlscan.io

The direct comparable

Where we win AI verdict on every uncertain scan, with no fixed brand list — the VLM reads the screenshot, the LLM reads the DOM. We catch impersonations of regional banks, niche SaaS, and crypto frontends that aren't on anyone's hardcoded list. urlscan explicitly warns against using their verdict as a block signal because of false positives.

Also Transparent pricing (urlscan's top tier is ~$4,166/mo and enterprise is sales-led). Re-crawl of historical scans when our models improve. An anti-bot stack we publish openly instead of one that's been reverse-engineered by every phishing-kit author.

Where they still beat us Corpus size and the "send me the urlscan link" brand recognition. That's a multi-year flywheel — we beat them on quality per scan and price per scan, and the corpus catches up.

vs. VirusTotal

The goliath

Where we win Reasoning beats engine aggregation for novel phishing. VT shows you a verdict after vendors update their definitions — that's hours to days for fresh kits. We verdict a page that didn't exist 10 minutes ago.

Pricing Vendr lists VT enterprise renewals in the $20–50k/yr range with 3–5× year-over-year hikes. Our Pro tier is $49/month. Customers shopping for "VT alternatives" are our acquisition channel.

Don't compete here We don't try to be a multi-engine file-hash aggregator. Cross-reference VT as enrichment, complement it.

vs. ANY.RUN / Hybrid Analysis / Joe Sandbox

The detonation chamber

Where we win 95% of "I need to verdict this URL" cases don't need a sandbox. They need a screenshot, a DOM, a verdict, in <30s. We're priced and engineered for that. Sandboxes are minutes per scan and per-analyst-seat ($3,990/yr and up).

Don't compete here Kernel-instrumented sandboxing is a different product. Hand downloads off to them when we find one.

vs. PhishTank / OpenPhish / Google Safe Browsing

The blocklists

Where we win Blocklists are lagging signals — academic research finds OpenPhish removes URLs after 5–7 days. The first hours of a campaign, when the damage happens, are exactly when blocklists don't have it. We catch those by reasoning, not lookups.

Downstream of us Once we have scan volume, the explainable-phish feed (every entry with screenshot, DOM, AI rationale) is what MSSPs will buy instead of OpenPhish.

vs. Netcraft / BrandShield / ZeroFOX / Bolster

Brand protection

Where we win on price ZeroFOX averages ~$56k/yr/customer. Our self-serve "watch a brand" tier (coming) is fraction-of-Netcraft pricing. The SMB and fintech-dev-team end of the market is genuinely underserved.

Don't try to take their takedown service Their registrar relationships and 33-minute median takedown is a moat we don't fight. We're the detection engine; they layer takedown on top.

Disclaimer. Numbers above are from public sources (pricing pages, G2 listings, the Vendr marketplace, academic phishing-blocklist studies, urlscan's own docs). Vendors change their pricing and posture; if you see something out of date, tell us. The full COMPETITORS.md in the repo carries the source links.

Convinced? Try it.

Free tier, no signup — just paste a URL.

Scan a URL See pricing