Website Malware Scanner

Check for malware, blacklisting, and malicious content — no signup required

We automatically add https:// — just type your domain. We'll run the relevant scanners and email you the full report.

What We Check

Domain Blacklist Check

Checks 13 DNSBLs including Spamhaus, Barracuda, SURBL, UCEPROTECT.

Information Disclosure

Scans 40+ sensitive paths (.git, .env, backups, config files).

Exposed .git Directory

Detects if source code is leaked via an accessible .git directory.

Exposed .env Files

Checks for environment files containing credentials and API keys.

Backup Files

Looks for publicly accessible backup files (.sql, .zip, .tar.gz).

Debug Endpoints

Detects exposed debug tools (Telescope, Ignition, DebugBar, phpinfo).

API Documentation

Checks for exposed Swagger/OpenAPI specs and GraphQL endpoints.

Server Banners

Identifies server version disclosure that helps attackers.

Get a Complete Security Audit

This checker is just part of our 27-scanner security assessment. Run a full scan for a complete report.

Start Full Free Scan →