A computer-implemented method may comprise collecting and storing a plurality of electronic messages and a corresponding plurality of phishing kits, each of which being associated with one or several malicious Uniform Resource Locator (URL) and extracting a set of features from each of the plurality of electronic messages. For each of the extracted set of features, the method may comprise determining a set of optimal scanning parameters using one or more decision trees, trained with a supervised learning algorithm based on programmatically or manually examining or reverse-engineering the source code of the phishing kits, or trained with a supervised learning algorithm based on a function that iteratively requests data from the websites pointed to by the malicious URLs and examines data and codes returned by such requests. These optimal scanning parameters may then be used to scan a malicious URL with a reduced likelihood that a defensive action will be taken to hide the existence of the malicious content pointed to by the malicious URL.