Unknown Builder SECUREby UNKNOWN BUILDER

Find the crypto scam before
it finds your holders.

Built for the Solana ecosystem. Detect cloned project sites, fake trading bots, and façade "protocols" that look real but have no backend. Run it on any URL — no ownership required. Mint a signed trust badge for your own legit project so your users can verify at a glance.

πŸͺž
Crypto scam & clone detector
Paste any URL. We catch the four ways crypto sites fake legitimacy:
  • Clones of real projects (canonical / og:url / asset mismatch)
  • FaΓ§ade sites with no backend (static shell, dead forms, zero API calls)
  • Fake token sites β€” we extract every SOL & ETH contract address and flag unverifiable mints
  • Impersonation β€” brand name on the page does not match the domain
Four-way verdict with hard evidence. 5 credits, no ownership required.
πŸ›‘οΈ
Signed trust badge
Pass a security scan + authenticity check, mint a police-shield badge, embed it on your own project site. Visitors click it and land on a public verify page showing your scores. HMAC-signed, auto-expires after 30 days.
πŸͺž Crypto scam detector β€” clone detection (canonical/og:url mismatch), faΓ§ade sites (static shell), fake token pages (contract address extraction), brand-domain impersonation
πŸ›‘οΈ Trust badge β€” signed SVG embeddable on your own site, public verify page, 30-day recurring verification
πŸ” Secret leaks β€” 93 patterns, AI-validated false-positive filter
🌐 Hidden subdomains β€” harvested from Certificate Transparency logs
πŸ—ΊοΈ API endpoint discovery β€” every fetch/axios/GraphQL call inside your JS bundles
🧩 Source map recovery β€” if you shipped .js.map, we reconstruct the original source
πŸͺ£ Public S3 buckets β€” 230 bucket name variants probed automatically
βš“ Solana program audit β€” 13 static Anchor rules + hidden instruction detection
🎯 Active probes β€” reflected CORS, GraphQL introspection, host-header injection, Next.js build leaks
πŸ“Š CISO-ready report β€” risk score, dollar exposure range, SIEM detection rules, remediation timeline
Start free β€” 10 credits + unlimited preview See pricing
Ownership-verified only. Every target must pass a DNS or HTTP challenge before a scan can run. You cannot scan what you do not control. Audit log on every action.

What it finds

πŸ” Secret leaks

93+ patterns β€” API keys, wallet keys, database URIs, JWTs, AWS creds. Validators cut 90% of false positives automatically.

🌐 Subdomain surface

Queries Certificate Transparency logs and discovers every subdomain your org has ever had. Scans each one.

πŸ—ΊοΈ Hidden endpoints

Parses your JS bundles to find every fetch(), axios, WebSocket, and GraphQL URL β€” including the ones your engineers forgot about.

🧩 Source maps

If you accidentally ship .js.map in production, we recover the original source tree and scan it for secrets, TODOs, and internal hostnames.

πŸͺ£ Open S3 buckets

Probes 230+ plausible bucket name variants per domain for public LIST access. One of the top 3 data-leak classes on the web.

βš“ Solana program audit

13 static detection rules for Anchor programs: signer checks, account confusion, PDA collisions, unsafe close destinations, CPI trust boundaries.

🎯 Active probes

CORS reflection, GraphQL introspection, host-header injection, HTTP→HTTPS redirect, Next.js build manifest leaks.

πŸ‘» Hidden instructions

Diff the binary against the IDL to find instructions that are callable but undocumented β€” the hardest class of Solana attack surface to find manually.

πŸ“Š Executive risk report

Every scan produces a CISO-ready report: risk score, dollar exposure range, deploy-now detection rules for your SIEM, remediation timeline.

πŸͺž Crypto scam & clone check

Paste any URL. We detect phishing clones (canonical/og:url mismatch, assets pulled from the original), façade sites (static shell, no backend, dead forms, no API calls), fake token pages (contract addresses extracted and flagged for on-chain verification), and brand-domain impersonation (title brand ≠ domain name). Four-way verdict with hard evidence. 5 credits per check, no ownership required.

πŸ›‘οΈ Trust badge

Pass a Silver+ scan and an authenticity check, mint a signed badge, embed it on your site. Verified visitors see a police-shield with your security + authenticity score. Tamper-proof (HMAC signed), expires after 30 days β€” recurring verification built in.

How it works

  1. Sign in with your email. No password. Magic link only.
  2. Add a target. Choose DNS TXT or HTTP file challenge to prove you control the domain.
  3. Run a scan. Site scan (1 credit), master pipeline (5 credits), or pick a specific tool.
  4. Get the report. Markdown + detection rules. Copy into your ticket tracker or SIEM.

Scan tiers β€” pay per scan in SOL or our token

Pick the tier that matches how deep you want to go. Each scan is a one-shot payment β€” no subscription, no auto-renewal. Pay with the platform token for a 25% discount.

Preview

Free
3 per day per account
  • βœ“ Security header audit
  • βœ“ TLS certificate audit
  • βœ“ Homepage response check
  • βœ— No path scan, no secret scan

Zero-commit try-out, before you pay.

Basis

0.05 SOL
10 credits Β· or pay in $TOKEN βˆ’25%
  • βœ“ Path + config file scan
  • βœ“ Secret leak detection (93 patterns)
  • βœ“ Security header audit
  • βœ“ TLS certificate audit

Quick surface check, one host.

Silver

0.15 SOL
30 credits Β· or pay in $TOKEN βˆ’25%
  • βœ“ Everything in Basis
  • βœ“ Subdomain enumeration (crt.sh)
  • βœ“ JS endpoint extraction
  • βœ“ Content checks (SRI, mixed content, JWT)

Full surface map of the app.

Steel

0.25 SOL
50 credits Β· or pay in $TOKEN βˆ’25%
  • βœ“ Everything in Silver
  • βœ“ Deep crawl (depth 2, up to 150 URLs)
  • βœ“ S3 bucket enumeration
  • βœ“ Source map recovery
  • βœ“ Active probes (CORS, GraphQL, host-header)

Professional audit depth.

Enterprise

1.00 SOL
200 credits Β· or pay in $TOKEN βˆ’25%
  • βœ“ Everything in Steel
  • βœ“ Master pipeline across top 5 subdomains
  • βœ“ Anchor program audit (if Solana)
  • βœ“ Historical invariant scanner
  • βœ“ Executive risk report + detection rules
  • βœ“ CISO-ready markdown + PDF export

Deep data β€” everything the platform can do.

Γ€ LA CARTE

πŸͺž Scam / clone check

5 credits
β‰ˆ 0.025 SOL Β· no ownership required
  • βœ“ Clone / faΓ§ade / real / suspicious verdict
  • βœ“ Canonical + og:url + asset host analysis
  • βœ“ Token contract extraction (Solana + ETH)
  • βœ“ Brand-domain impersonation check
  • βœ“ Static-shell & random-path probe
  • βœ“ WHOIS, TLS, DNS, cert age
  • βœ“ Full evidence log

Paste any URL — investigate scam copies, façade sites and fake token pages.

πŸ›‘οΈ Trust badge

20 credits
β‰ˆ 0.10 SOL Β· valid 30 days
  • βœ“ Signed police-shield SVG
  • βœ“ Embed on your own site
  • βœ“ Public verify page
  • βœ“ Requires verified target + Silver+ scan + passing clone-check
  • βœ“ Tamper-proof HMAC token

Prove to your visitors this site is real and secure.

πŸ’š 50% of every SOL payment is automatically used to buy back our protocol token via Jupiter β€” treasury and token holders benefit from every scan.

πŸ’Ž Pay with our token and get 25% off any tier. Hold the token, use the platform cheaper, reduce circulating supply.