How It Works

Learn how to use BlockLang Security Scanner and understand your results

How to Use the Scanner

  1. Enter a Website URL: Type or paste the website address you want to check (example.com, https://example.com, or www.example.com)
  2. Complete reCAPTCHA: Verify you're human by completing the reCAPTCHA challenge
  3. Click "Check Security": Hit the button and wait a few seconds for the analysis
  4. Review Results: See detailed security information and threat analysis below

Understanding Your Security Score

Our scanner analyzes websites using multiple security databases and gives you a score from 0 to 100:

80-100 (Safe)
The website appears to be legitimate and safe. No significant threats detected by our security sources.
50-79 (Caution)
The website has some warning signs. Proceed with caution and verify the site carefully before entering personal information.
0-49 (Dangerous)
The website has been flagged for potential scams, phishing, or malware. We recommend avoiding this site.

What We Check

Our scanner analyzes websites using multiple security sources and technical indicators:

1. Google Web Risk Analysis

Google Web Risk is a security service that detects unsafe websites across phishing, malware, and social engineering threats.

  • Status: Shows if threats were detected (SAFE, THREAT DETECTED, or API UNAVAILABLE)
  • Threat Types: Lists specific threats like phishing, malware, unwanted software, or social engineering
  • Last Checked: When this website was last scanned by our system
  • Data Source: Whether results are from cache (previously checked within 7 days) or a fresh live check

How it works: Google maintains a massive database of unsafe URLs updated in real-time. When you check a domain, we query this database to see if the site has been reported for malicious activity.

2. VirusTotal Analysis

VirusTotal aggregates data from over 90 antivirus engines and security vendors to provide comprehensive threat detection.

  • Detection Rate: Shows how many security vendors flagged this site out of the total (e.g., "2/90 vendors flagged"). Each vendor uses different detection methods, so multiple flags indicate higher risk.
  • Categories: Classification of the website content type (e.g., business, shopping, adult content, etc.)
  • Reputation Score: Community-driven rating from -100 (very malicious) to +100 (very trustworthy). This score is based on user votes and historical behavior.
  • Last Analysis Date: When VirusTotal last scanned this domain. Recent scans provide more accurate current status.

How it works: VirusTotal scans URLs through multiple antivirus engines simultaneously. If several independent vendors flag the same site, it's a strong indicator of malicious activity.

3. Cloudflare Radar

Cloudflare Radar provides threat intelligence based on data from Cloudflare's global network, which handles millions of requests per second.

  • Risk Score: Overall threat level calculated from network traffic patterns, attack attempts, and domain behavior
  • Categories: Website classification based on content analysis and usage patterns
  • Popularity Rank: How popular and established this website is globally. Well-established sites with high traffic are generally more trustworthy.

How it works: Cloudflare analyzes billions of requests across its network to identify malicious patterns, DDoS attacks, and suspicious domain behavior.

4. Domain Registration Information

When available, we display domain registration details that can help you assess website legitimacy:

  • Domain Age (Creation Date): When the domain was first registered. Scam sites are often very new (days or weeks old), while legitimate businesses typically have older domains (years old). However, a new domain doesn't automatically mean it's malicious.
  • Registrar Information: Which company manages the domain registration. Some registrars are known to be used more frequently by scammers.
  • WHOIS Privacy: Whether the domain owner's information is hidden. While privacy protection is legitimate and common, scammers often use it to hide their identity.

5. SSL/TLS Certificate Analysis

We check if the website uses HTTPS and validate its security certificate:

  • Certificate Validity: Whether the SSL certificate is valid, expired, or self-signed. Legitimate sites should have valid certificates from trusted authorities.
  • Certificate Issuer: Which Certificate Authority issued the SSL certificate. Trusted CAs (like Let's Encrypt, DigiCert, etc.) indicate better security practices.
  • HTTPS Status: Whether the site uses encrypted connections. However, scammers can also have HTTPS, so this alone doesn't guarantee safety.

Important Note: Having HTTPS (the padlock icon) does NOT mean a website is safe from scams. It only means the connection is encrypted. Phishing sites frequently use HTTPS to appear legitimate.

Understanding Result Statuses

Google Web Risk Status

  • SAFE: No threats detected by Google Web Risk database. The domain is not currently flagged for phishing, malware, or social engineering.
  • THREAT DETECTED: Google has identified this site as potentially dangerous and has it listed in their unsafe URLs database. You should avoid visiting this site.
  • API UNAVAILABLE: We couldn't check with Google at this moment due to API limitations or connectivity issues. This doesn't mean the site is safe or dangerous - we simply don't have data from this source right now.

VirusTotal Detection Rates

  • 0/90 vendors: Clean - no security vendors flagged this site as malicious
  • 1-5/90 vendors: Low risk - a few vendors have concerns. This could be false positives, but investigate further before proceeding
  • 6-15/90 vendors: Medium risk - multiple independent vendors detected threats. Exercise caution
  • 16+/90 vendors: High risk - significant number of vendors flagged this as dangerous. Strong recommendation to avoid this site

Reputation Scores

  • Positive numbers (+1 to +100): Good reputation, trusted by the community and security researchers
  • Zero (0): Neutral - not enough data, new domain, or mixed reviews
  • Negative numbers (-1 to -100): Bad reputation, reported for malicious activity, phishing, or scams

Domain Age Indicators

  • Less than 30 days old: Very new domain - exercise extreme caution. Many scam sites are abandoned within weeks
  • 1-6 months old: Relatively new - verify the site carefully before trusting it
  • 6 months - 2 years old: Established presence - more likely to be legitimate, but still verify
  • 2+ years old: Long-established domain - generally more trustworthy, though not a guarantee

Data Caching

To provide fast results and reduce costs, we cache (temporarily save) security check results for up to 7 days. This means:

  • If someone recently checked a website, you'll get instant cached results
  • Cached results are clearly marked as "Cached" in the Data Source field
  • After 7 days, we automatically fetch fresh data from our security sources
  • For brand new checks, you'll see "Live check" as the data source

Important Limitations and Disclaimers

This tool provides security analysis for informational purposes only and has important limitations:

  • Not 100% Accurate: No security scanner can detect all threats with perfect accuracy. Our tool combines multiple sources, but false positives and false negatives can occur.
  • False Positives: Sometimes legitimate, safe websites get incorrectly flagged as dangerous due to temporary issues, shared hosting with suspicious sites, or overly aggressive detection rules.
  • False Negatives: Brand new scam sites (created in the last few hours or days) may not yet be in security databases and could show as "safe" until reported and added to threat lists.
  • Point-in-Time Analysis: Results reflect the website's status at the time of checking. A safe site today could be compromised tomorrow, or a flagged site could be cleaned and made safe.
  • Not Professional Security Advice: Our results are automated analysis and should not replace professional cybersecurity consultation or due diligence for business decisions.
  • Your Responsibility: Always use your own judgment. If something feels suspicious (too-good-to-be-true offers, requests for unusual information, poor grammar, etc.), trust your instincts regardless of our scanner results.
  • No Guarantee of Safety: A "safe" result does not guarantee that a website is secure or that you won't be scammed. Always verify websites independently before sharing personal, financial, or sensitive information.
  • Verify Independently: Cross-check suspicious sites with other security tools, search for reviews, verify contact information, and check the site's legitimacy through official channels.

Report Incorrect Results

If you believe a security result is incorrect, you can report it:

  • False Positive: A safe site was marked as dangerous
  • False Negative: A dangerous site was marked as safe
  • Other Issues: Any other problems with the results

After submitting a report, you'll receive a verification email. Click the link in the email to confirm your report. This helps us prevent spam and improve our accuracy.

Your Privacy

We take your privacy seriously:

  • We don't collect personal information when you check websites
  • We only store domain names and security results (no user data)
  • Report emails are only used for verification and never shared
  • Read our full Privacy Policy for details
Still have questions? Check our FAQ page or contact us for help.