One Platform.
Complete Visibility.
Deep-scan websites for 100+ security checks or run any single check on demand, analyse MX records for email misconfigurations with copy-paste fixes, inspect email headers for spoofing, check any suspicious URL against 20+ reputation vendors, and geolocate any IP or domain — website, email, URL and network intelligence under one platform, with complete visibility and zero data stored.
Everything You Need to
Secure Your Infrastructure
Web Scan
Run a full Deep Scan of any public website, or pick a single
check from the dropdown — SSL, WAF, headers, ports, WHOIS and more. Auto-tries
both domain.com and www.domain.com.
- ✓ Deep Scan or 16 individual checks on demand
- ✓ Security grade (A+ to F) + 0–100 score
- ✓ SSL certificate — validity, issuer, expiry, SANs
- ✓ WAF detection — 22 WAFs including cloud & on-prem
- ✓ Security headers — HSTS, CSP, X-Frame-Options + more
- ✓ Cookie security — Secure, HttpOnly, SameSite flags
- ✓ Sensitive file exposure — .git, .env, backups, phpinfo
- ✓ HTTP methods audit — flags risky verbs (PUT, DELETE, TRACE)
- ✓ WHOIS / registration — registrar, dates, nameservers
- ✓ DNSSEC, security.txt, robots.txt & sitemap detection
- ✓ Internal & external link scan
- ✓ DNS records — A, AAAA, MX, NS, TXT, CNAME, SOA
- ✓ CMS & tech stack — 50+ CMS, 30+ frameworks
- ✓ Open port scan — 17 common ports
- ✓ Subdomain enumeration
- ✓ CVE matching — Apache, Nginx, PHP, IIS, OpenSSL (with NVD links)
- ✓ Redirect chain tracing
- ✓ Shareable report, PDF export & embeddable grade badge
SSL/TLS Deep Grade
A dedicated, in-depth TLS audit of any HTTPS site — live handshakes test every protocol version and cipher, validate the full certificate chain, and produce an A+ to F TLS grade.
- ✓ Live TLS handshake — real, not header-guessed
- ✓ Protocol matrix — TLS 1.0, 1.1, 1.2 & 1.3 tested individually
- ✓ Flags deprecated TLS 1.0 / 1.1
- ✓ Certificate — issuer, validity, expiry countdown, SANs
- ✓ Hostname match incl. wildcard certificates
- ✓ Key strength (RSA ≥ 2048 / EC ≥ 256) & signature algorithm
- ✓ Forward secrecy (ECDHE/DHE) detection
- ✓ Full certificate chain & self-signed detection
- ✓ HSTS — max-age, includeSubDomains, preload
- ✓ Weighted A+ to F grade with prioritised fixes
MX Record Analysis
Run a full Deep Scan of a domain's email security, or pick a single check from the dropdown — MX servers, SPF, DMARC, DKIM, BIMI, blacklist, DNSSEC, DNS, CNAME, PTR, MTA-STS or TLS-RPT.
- ✓ Deep Scan or 12 individual checks on demand
- ✓ Email provider detection (Google, M365, Proton + more)
- ✓ "Can this domain be spoofed?" plain-English verdict
- ✓ Email security grade (A+ to F)
- ✓ Full MX listing with priority & IP resolution
- ✓ SMTP port check (25, 587, 465) per mail server
- ✓ STARTTLS & TLS support detection
- ✓ SPF, DMARC & DKIM (19 selectors) analysis
- ✓ MTA-STS policy & TLS-RPT reporting checks
- ✓ CNAME records & PTR (reverse DNS) lookup
- ✓ DNSSEC validation
- ✓ DNS blacklist check (Spamhaus, SpamCop + more)
- ✓ BIMI brand indicator lookup
- ✓ Copy-paste SPF/DMARC fix records when missing
- ✓ Shareable report & PDF export
Email Header Analysis
Paste any raw email header and get instant forensic analysis — trace the full delivery route, validate authentication records, and inspect sender and recipient domain security posture.
- ✓ Phishing / spoofing risk score with verdict
- ✓ HELO/EHLO & full SMTP connection details
- ✓ Hop-by-hop routing with colour-coded timing bars
- ✓ SPF, DKIM, DMARC & ARC authentication results
- ✓ Final delivery verdict — delivered, junk, quarantined, rejected or blocked, with the reason
- ✓ From / Return-Path / Reply-To mismatch detection
- ✓ Sender & recipient domain DNS + MX records
- ✓ Reverse DNS per relay hop
- ✓ Connecting IP rDNS & TLS analysis
- ✓ X-Originating-IP extraction
- ✓ Spam score & X-header analysis
- ✓ Total delivery time calculation
Phishing & URL Checker
Paste any suspicious link and get an instant safety verdict before you click. Built for everyone — not just security pros — to spot scams, fake login pages and lookalike domains in seconds.
- ✓ Safety verdict from 12 best-practice phishing tests
- ✓ Pass/fail breakdown with green/red indicators
- ✓ Typosquatting & brand-lookalike detection
- ✓ Homograph / punycode (xn--) detection
- ✓ Domain age check — flags freshly registered domains
- ✓ Redirect tracing — reveals the real destination
- ✓ TLS / HTTPS certificate validation
- ✓ Risky TLD & URL-shortener detection
- ✓ "@" trick & IP-address host detection
- ✓ Reputation check — 24 DNS blocklists + 20 top vendors (Google Safe Browsing, VirusTotal, AbuseIPDB + more)
IP Geolocation & Network Intel
Your own IPv4 & IPv6 are detected automatically the moment the page loads — then look up any IP or domain to reveal where it's hosted and who owns the network.
- ✓ Auto-detects your IPv4 & IPv6 on page load (no click)
- ✓ Country, region, city & coordinates
- ✓ Map link (OpenStreetMap) + timezone
- ✓ ISP, organisation & ASN lookup
- ✓ Reverse DNS (PTR) resolution
- ✓ Domain → IP resolution built in
- ✓ "Want details?" expands full geo & network intel
- ✓ Shareable link + PDF report
PDF Report Download
After any scan, generate a complete branded PDF report — title page with logo, full results, and a sitealertai.com watermark on every page. Perfect for sharing with clients or your team.
How to Fix Guidance
Every scan includes a step-by-step remediation guide for the issues it can find — with copy-ready config snippets for SSL, security headers, SPF, DMARC, DKIM and more. No login required.
Shareable Result Links
Turn any scan into a private link you can drop into Slack, a ticket or an email. Links re-display the full report and auto-delete after 15 days — with no personal data stored.
Is-This-Link-Safe? Verdict
Paste any suspicious URL and get a clear safety verdict from 15+ best-practice phishing tests — typosquatting, homograph tricks, domain age and where the link really lands — plus an on-demand check against 20+ public security blocklists.
A+ to F Security Grade
Every web and email scan distils dozens of checks into one clear letter grade and a 0–100 score — so you instantly know where you stand and what to improve first.
Private & No Login
No account, no sign-up, no tracking. Scans run in real time and nothing about your targets is stored — your reports stay yours, and your own site reveals nothing to scanners.
Start a Scan in 3 Seconds
Enter a Target
Type any domain, IP, or URL. No account needed for web scans.
Scan Runs
Our engine checks SSL, DNS, WAF, ports, headers, CVEs and more in parallel.
Read Your Report
Get a colour-coded security report with a 0–100 score and actionable findings.