This tool runs entirely in your web browser. When you perform a scan, your browser makes direct connections to public APIs to gather information. No data is sent to or processed by our servers.
For full transparency on which services your browser will connect to, please review the Cloud Bill of Materials (CBoM).
No CT attempts yet.
No DNS queries yet.
No IdP probes yet.
No unknown TXT records logged yet.
No unknown SPF records logged yet.
This tool makes direct connections from your browser to public, third-party APIs to gather information. No data is sent to our servers. Here is a list of all external services used:
Services: Cloudflare DNS, Google DNS
Purpose: Performs DNS lookups for consistent, unfiltered results, bypassing local/ISP resolvers.
Endpoints:
https://cloudflare-dns.com/dns-queryhttps://dns.google/resolvehttps://1.1.1.1/dns-query (Cloudflare via IP)https://1.0.0.1/dns-query (Cloudflare via IP)https://8.8.8.8/resolve (Google via IP)https://8.8.4.4/resolve (Google via IP)Data Sent: The domain name or IP address being queried (e.g., `?name=example.com&type=A`).
Service: crt.sh (via AntiHacker proxy)
Purpose: Discovers subdomains by searching public logs of SSL/TLS certificates.
Endpoints:
https://antihacker.nl/cprx.php?url=Data Sent: The domain name being scanned.
Service: Archive.org
Purpose: Discovers subdomains and historical URLs matching the domain.
Endpoint: https://web.archive.org/cdx/search/cdx (via proxy)
Data Sent: The domain name being scanned.
Service: ProjectDiscovery Chaos API
Purpose: Discovers subdomains using the Chaos dataset.
Endpoint: https://dns.projectdiscovery.io/dns/{domain}/subdomains
Data Sent: Domain name and your API Key (Authorization header). Sent directly or via proxy to ProjectDiscovery.
Service: AlienVault Open Threat Exchange
Purpose: Passive DNS lookup for subdomain discovery.
Endpoint: https://otx.alienvault.com/api/v1/indicators/domain/{domain}/passive_dns
Data Sent: Domain name and your API Key (X-OTX-API-KEY header). Sent directly or via proxy to AlienVault.
Service: Team Cymru
Purpose: Identifies the network owner (e.g., Google, Amazon) of an IP address via its ASN.
Endpoint: DNS queries are made to `*.asn.cymru.com`.
Data Sent: The reversed IP address being queried (e.g., for `8.8.8.8`, a query is sent for `8.8.8.8.origin.asn.cymru.com`).
Service: RIPEstat
Purpose: To determine the parent IP address range (prefix) for a given public IP.
Endpoint: https://stat.ripe.net/data/network-info/data.json
Data Sent: The IP address being queried (e.g., `?resource=8.8.8.8`).
Purpose: To check for cloud identity services (like Microsoft Entra ID) by querying well-known public configuration endpoints.
Services: Microsoft Online Services (Commercial, US Government, China)
Endpoints: Your browser attempts to connect to endpoints such as:
https://login.microsoftonline.com/{domain}/.well-known/openid-configurationhttps://login.microsoftonline.com/getuserrealm.srf?login=info@{domain}https://login.microsoftonline.us/... (US Gov)https://login.chinacloudapi.cn/... (China)Data Sent: The domain name being scanned.
Service: Generic Identity Provider Discovery
Endpoint: https://{domain}/.well-known/webfinger
Data Sent: The domain name being scanned (e.g., `...webfinger?resource=acct:info@example.com`).
Service: Active Directory Federation Services
Endpoint: If an ADFS server is identified, the tool queries its public metadata endpoint, typically https://{adfs_server}/FederationMetadata/2007-06/FederationMetadata.xml.
Data Sent: A request to the discovered ADFS server hostname.
Service: internet.nl
Purpose: Provides quick links for the user to manually verify modern Internet standards (IPv6, DNSSEC, HTTPS, etc.) and email security (SPF, DKIM, DMARC).
Data Sent: No data is sent by the tool automatically. If you click the provided links, your browser will navigate to internet.nl with the domain name included in the URL.
Service: Cloudflare CDN
Purpose: To load the Punycode.js library, which is required for handling internationalized domain names (IDNs).
Endpoint: https://cdnjs.cloudflare.com/ajax/libs/punycode/2.3.1/punycode.min.js
Data Sent: A standard request to fetch the JavaScript file.
Service: AntiHacker.nl
Purpose: Loads the latest DNS and SPF service signatures.
Endpoint: https://antihacker.nl/infra-mapper/js/definitions.js
Data Sent: A standard request to fetch the JavaScript file.