Detect Malware, Spam & Adware
Deep-crawls website pages and linked code to surface Ragnarok-oriented patterns, webshells, phishing, SEO spam, injected ads, popunders, click hijacking, and more.
Detected Malicious Code Blocks
No matched malware signatures
The fetched responses did not match the current signature library.
Suspicious Link Obfuscation Detector
URL shorteners, IP-based hosts, and homoglyph/lookalike domains.
Google Safe Browsing Check
Threat intelligence from Google Safe Browsing API (requires API key config).
CDN / Third-Party Integrity Check
External scripts and stylesheets missing SRI integrity hashes.
Directory Traversal & Path Disclosure
Sensitive files/directories exposed on the target server.
YARA Rule Engine Matches
Pattern-based detection for common malware behaviors.
External Resource Dependency Auditor
All third-party hosts the page loads; mixed content flagged.
HTTP Security Headers Audit
Missing or weak security headers that facilitate XSS, clickjacking, or MIME attacks.
JS Obfuscation & Entropy Analyzer
Packed/encoded JavaScript patterns and high-entropy lines that evade regex signatures.
Form Data Exfiltration Detector
Password/CC forms submitting to foreign domains; excessive login forms.
Open Redirect Detection
URL parameters that redirect to external domains; server-side redirect probes.
CSP Policy Evaluator
Content-Security-Policy strength audit — unsafe-inline, wildcards, missing directives.
HTML Comment & Artifact Leak Scanner
Credentials, IPs, TODOs, API keys, and DB connection strings left in HTML comments.
Advertising & Tracking Observations
Detected integrations are inventory items, not malware findings by themselves.