URETHANE — Documentation

OVERVIEW

Introduction

Urethane is a privacy and security toolkit running as a web service. It gives you four tools — a malware and metadata file scanner, a link safety checker, a personal data breach monitor, and a disposable email system — all under one account.

You don't need an account to use most features, but usage is tracked per session for guests. Signing up links your usage to your account and gives you higher limits. Upgrading to Pro removes most limits entirely.

No files are stored after scanning. No email addresses are shared. No telemetry beyond what's needed to enforce rate limits.

OVERVIEW

Plans & Limits

Urethane runs on three tiers. Limits reset on the 1st of each calendar month (UTC), except for temp mail send counts which reset daily.

FEATURE	GUEST	FREE	PRO — $5/mo
File scans	10 / month	10 / month	Unlimited
Link checks	10 / month	10 / month	Unlimited
Breach checks	1 / month	1 / month	Unlimited
Temp mail addresses	1 (1 hour expiry)	1 (3 day expiry)	5 (30 day expiry)
Temp mail — send	Not available	3 / day	50 / day
Custom email prefix	No	No	Yes
Cross-device sync	No	Yes	Yes
Max file size	650 MB	650 MB	650 MB

NOTE

Pro subscriptions are billed monthly through Stripe. You can cancel at any time from your account page — no cancellation fee, no questions. Access continues until the end of the billing period.

OVERVIEW

Account Setup

Registration

Go to /register.html. Enter your email and choose a username. We send a 6-digit OTP to your email — enter it to verify. Once verified, set your password. You're in.

Passwords must be at least 8 characters. There's no enforced complexity rule, but use something you don't reuse elsewhere.

Login

Go to /login.html. Enter your email and password. Sessions last 30 days. You can view and revoke active sessions from /account.html.

After 10 consecutive failed login attempts, your account is locked for 15 minutes.

Changing your password

Go to /account.html → Change Password. You'll need to enter your current password first.

Deleting your account

Go to /account.html → Delete Account. This is irreversible. All your data is removed immediately. If you have an active Pro subscription, cancel it in Stripe first — deleting your account does not automatically cancel billing.

FEATURE

File Scanner

The file scanner does two things: it submits your file to VirusTotal for malware analysis, and it extracts and strips metadata from documents and images.

How to use it

Go to /scan.html
Drop a file onto the upload zone or click to browse
Click SCAN FILE
Wait for results — typically 10–30 seconds depending on file size and VirusTotal queue
Download the cleaned file (metadata stripped) if applicable

What gets checked

Malware detection: Your file is hashed and the hash is checked against VirusTotal's database of 70+ antivirus engines. If the file is new, it may be submitted for a fresh scan, which takes longer.

Metadata extraction: Supported for PDF, DOCX, XLSX, PPTX, images (JPEG, PNG, TIFF, HEIC), MP3, MP4, and most common document formats. The tool strips fields like GPS coordinates, author name, software version, company name, and revision history.

Supported file types

Any file up to 650 MB. Metadata extraction works on documents and images. Non-supported formats are still scanned for malware but returned without metadata stripping.

What the results mean

RESULT	MEANING
CLEAN	No engines flagged this file. Safe to open.
DETECTED	One or more engines flagged it. Don't open it. Check the engine list for false positive assessment.
UNRATED	File is new to VirusTotal — scan is still running or the file was never submitted before. Re-check in a few minutes.

IMPORTANT

A "clean" result is not a guarantee. New malware may not yet be in any engine's signature database. Don't open files from untrusted sources even if they pass.

FEATURE

Link Checker

The link checker analyzes a URL for phishing signals, reputation issues, and redirect chains without you having to visit it.

How to use it

Go to /check.html
Paste the full URL including https://
Click CHECK
Results appear in a few seconds

What gets checked

Domain age and registration data
VirusTotal URL reputation (70+ security vendors)
Redirect chain — where the link actually leads
Presence on known phishing/malware blocklists
SSL certificate validity

What the results mean

SIGNAL	MEANING
SAFE	No vendors flagged this URL. Domain has normal history.
SUSPICIOUS	One or more vendors flagged it, or the domain is very new (under 30 days). Proceed with caution.
DANGEROUS	Multiple vendors flag this as phishing or malware distribution. Do not visit.

FEATURE

Breach Monitor

The breach monitor checks whether your email address has appeared in known data breach dumps. Data is sourced from BreachDirectory, which aggregates billions of leaked credential records from publicly disclosed breaches.

How to use it

Go to /monitor.html
Enter your email address
Click CHECK
Results show the number of leaked credential records found

What the count means

The number shown is how many times your email appeared across all indexed breach databases. A count of 1 means one breach. A count of 2,500 usually means a large breach like LinkedIn or Adobe exposed your credentials across multiple indexed sources.

If breaches are found, change your password on any service where you used the same credentials, and enable two-factor authentication.

What this does not check

Breaches that happened today or recently — databases take time to index
Private breaches that were never publicly disclosed
Phone numbers, physical addresses, or social security numbers

PRIVACY

Your email is sent to BreachDirectory's API over HTTPS and is not stored on our servers or logged beyond what's needed to enforce rate limits.

FEATURE

Temp Mail

Temp Mail generates a real, functioning disposable email address. You can use it to receive emails from any sender, and optionally send emails from it. Addresses are automatically deleted when they expire.

How to use it

Go to /tempmail.html
Click GENERATE ADDRESS
Your address appears at the top. Copy it and use it wherever you need a throwaway inbox.
Incoming emails appear in the inbox automatically — it polls every 5 seconds.
To send an email, click [ COMPOSE ]

Address lifecycle

PLAN	ADDRESSES	EXPIRY	SEND LIMIT
Guest	1	1 hour	Not available
Free	1	3 days	3 / day
Pro	5	30 days	50 / day

Custom prefix (Pro)

Pro users can choose the first part of their address. For example, entering work-signups generates something like work-signups-a4f2@deltajohnsons.com. The suffix is always randomized to prevent conflicts. Only letters, numbers, and hyphens are allowed in the prefix.

Cross-device sync

If you're logged in, your temp mail addresses follow your account. Log in on any device and your inbox is there. Guests use browser localStorage — clearing your browser data loses the address.

Sending emails

Outgoing emails are sent via Urethane's mail relay (noreply@urethane.site) on your behalf, with your temp address shown as the display sender. Replies go to your temp address inbox. Note that some mail providers may filter these as spam due to the relay — this is a limitation of shared sending infrastructure and not a bug.

REFERENCE

Error Reference

This table covers every error message or code you might encounter while using Urethane, what it means, and how to fix it.

HTTP Status Codes

CODE	MEANING	WHAT TO DO
400	Bad request — malformed input	Check what you submitted. Usually a missing field or invalid email format.
401	Not authenticated	Your session expired or you're not logged in. Go to login.
403	Forbidden — feature not available on your plan	This action requires a higher plan. Check what's available on your current tier.
413	File too large	Maximum file size is 650 MB. Split or compress your file.
429	Rate limit reached	You've hit the limit for this feature this month (or today for sends). Wait for reset or upgrade.
500	Internal server error	Something broke on our end. Wait a few minutes and retry. If it persists, contact us.
502	Upstream service unavailable	An external API (VirusTotal, BreachDirectory, mail.tm) is temporarily down. Retry in a few minutes.
503	Service not configured	A required API key is missing server-side. This is an admin issue — contact support.

File Scanner Errors

ERROR MESSAGE	CAUSE	FIX
"File too large"	File exceeds 650 MB	Compress or split the file before uploading.
"VirusTotal analysis failed"	VirusTotal API is down or quota exceeded	Wait a few minutes and retry. VirusTotal has free-tier rate limits.
"Metadata extraction failed"	Unsupported format or corrupted file	The file may be corrupt. Malware scan still ran — only metadata stripping failed.
"Monthly scan limit reached"	You've used all 10 scans this month (Free)	Wait for the 1st of next month, or upgrade to Pro for unlimited scans.

Link Checker Errors

ERROR MESSAGE	CAUSE	FIX
"Invalid URL"	URL is malformed or missing protocol	Make sure the URL starts with `http://` or `https://`.
"Check failed"	VirusTotal API timeout or connectivity issue	Retry. If persistent, the URL may be unreachable or VirusTotal is down.
"Monthly link check limit reached"	10 checks used this month (Free)	Wait for the 1st of next month, or upgrade to Pro.

Breach Monitor Errors

ERROR MESSAGE	CAUSE	FIX
"Please enter a valid email address"	The entered string is not a valid email	Check formatting — no spaces, must have @ and domain.
"Service unavailable"	BreachDirectory API is down or key is expired	Retry later. If persistent, contact us.
"Limit reached"	1 check used this month (Free)	Wait for the 1st of next month, or upgrade to Pro.

Temp Mail Errors

ERROR MESSAGE	CAUSE	FIX
"Mail service unavailable"	mail.tm API is temporarily down	Retry in a few minutes. This is an upstream provider issue.
"Account creation failed"	The randomly generated address already exists (rare)	Click Generate again. A new address will be attempted.
"Active address limit reached"	You already have the maximum number of active addresses	Delete an existing address first, or upgrade to Pro for up to 5.
"Sign in to send emails"	Guests cannot send mail	Create a free account. Sending requires authentication.
"Daily send limit reached"	3 sends used today (Free) or 50 (Pro)	Wait until midnight UTC for the count to reset, or upgrade.
"Custom prefix is a Pro-only feature"	Prefix field was submitted without a Pro account	Upgrade to Pro, or leave the prefix blank to get a random address.
"Invalid or expired key"	Address has expired or was deleted	Generate a new address.

Authentication Errors

ERROR MESSAGE	CAUSE	FIX
"Invalid credentials"	Wrong email or password	Check your input. Email is case-insensitive, password is case-sensitive.
"Account locked"	10+ failed login attempts	Wait 15 minutes. The lockout resets automatically.
"OTP expired"	Verification code was not entered within the time window	Request a new code and enter it within 10 minutes.
"Email already registered"	An account with this email already exists	Log in instead, or use a different email to register.

REFERENCE

Known Limitations

Temp mail deliverability: Some services block disposable email domains. If a signup form rejects your temp address, that site specifically blocks known temp mail providers — this is not a bug.
Outgoing email spam: Emails sent from temp mail may land in spam on the recipient's end. This is due to the shared sending domain reputation and is a known limitation of relay-based sending.
VirusTotal queue: On first submission, a file may wait in VirusTotal's analysis queue. Results may take up to 2 minutes for large or novel files.
Breach data freshness: BreachDirectory indexes known public breaches. A breach that happened last week may not yet be indexed. The database covers billions of records but is not real-time.
File size: The maximum upload is 650 MB. Very large files may time out on slow connections — consider uploading on a faster network.
Browser support: Urethane requires a modern browser. Internet Explorer is not supported. Safari on iOS may have issues with certain file upload behaviors.
Temp mail guest addresses: Guest addresses survive only in your browser's localStorage. Clearing your browser data, using incognito mode, or switching browsers will lose the address and its messages.

REFERENCE

FAQ

Do you store my files?

No. Files are held in memory during scanning and deleted immediately after. We do not log file contents, file names, or scan results on our servers. The only record is your usage count for rate limiting.

Do you store my email address when I check for breaches?

No. The email is passed directly to BreachDirectory's API and not written to our database. It appears in server access logs for a few hours (standard web server behavior) and is then overwritten.

Can I get a refund?

If you were charged and didn't mean to be, contact us within 7 days for a full refund. We don't offer partial refunds for unused portions of a billing period.

Why did my temp mail address expire early?

If you deleted it, it's gone. If you didn't, check that the address hadn't hit its plan expiry window (1 hour for guests, 3 days for Free, 30 days for Pro). If it disappeared before it should have, contact us.

Why is my scan showing "unrated"?

The file is either new to VirusTotal or was not previously submitted. VirusTotal is running a live scan. Wait 1–2 minutes and re-check. If it stays unrated, the file may be too unusual for any engine to classify.

I cancelled my Pro subscription but still see Pro on my account.

Pro access continues until the end of your current billing period. Cancellation stops the next charge — it doesn't cut off access immediately. This is standard behavior and intentional.