Website Malware Scanner
Check for malware, blacklisting, and malicious content — no signup required
We automatically add https:// — just type your domain. We'll run the relevant scanners and email you the full report.
What We Check
Domain Blacklist Check
Checks 13 DNSBLs including Spamhaus, Barracuda, SURBL, UCEPROTECT.
Information Disclosure
Scans 40+ sensitive paths (.git, .env, backups, config files).
Exposed .git Directory
Detects if source code is leaked via an accessible .git directory.
Exposed .env Files
Checks for environment files containing credentials and API keys.
Backup Files
Looks for publicly accessible backup files (.sql, .zip, .tar.gz).
Debug Endpoints
Detects exposed debug tools (Telescope, Ignition, DebugBar, phpinfo).
API Documentation
Checks for exposed Swagger/OpenAPI specs and GraphQL endpoints.
Server Banners
Identifies server version disclosure that helps attackers.
Get a Complete Security Audit
This checker is just part of our 27-scanner security assessment. Run a full scan for a complete report.
Start Full Free Scan →