Changelog.
Shipped this week.

• Faster pages: tool pages and scan results load noticeably quicker.
• Better on mobile: bigger tap targets in forms and filters; the cookie banner no longer covers the hero.
• Sign-in deep links: sharing a scan URL or report link brings you back to the exact page after sign-up or password reset.

Review pages have been completely rebuilt around three focused tabs and a live view of the scam network behind every domain.

• New layout: review pages are now split into Overview, Network and Forensics tabs, each loading on demand for a faster page. Widgets were stripped back to a clean icon-and-title style, and a redesigned hero surfaces the trust score, live status and key signals at a glance.
• Live network graph: the Network tab maps the full scam operation in an interactive bubble graph: domains coloured by trust score, outlined by uptime, clustered together and filterable by detection signal. The graph is computed live, so it always reflects the latest data.
• Forensics: timing, resources, redirects, cookies and a full scan history timeline are now grouped into clear, paired widgets.
• Share an analysis: capture a PNG snapshot of any network graph, embed an interactive version on your own site, or export the network as STIX 2.1, CSV or JSON.
• Threat Intelligence on every review: review pages now cross-link into the Threat Intelligence registry, surfacing the brand, infrastructure correlations and detection signals connected to each domain.

Tabs with nothing to show are hidden automatically, and count badges make it obvious where the interesting data is before you click.

The biggest addition to Alertoscan yet: a public Threat Intelligence registry that maps how scam operations are connected.

• Networks: clusters of domains forensically linked through shared infrastructure and code.
• Brands: fake broker identities rotated across fresh domains.
• Signals: genome signatures (build, favicon and DOM fingerprints) that link cloned sites.
• Infrastructure: pivot across IPs, ASNs, registrars, nameservers, mail servers, SSL issuers and favicon hashes.

Every entity cross-links to the full scan review pages, so you can move from a single suspicious domain to the entire operation behind it.

Scan data is now considered fresh for 10 days instead of 7.

• Domains with data older than 10 days trigger an automatic full rescan when visited.
• Published review pages are held to the same freshness rule, stale reviews automatically refresh their underlying scan when visited.
• Fixed a caching issue where a manual rescan could still show old data.

Scans now cross-check four community-maintained threat feeds alongside Google Safe Browsing and Cloudflare:

• MetaMask: 205k+ Web3 phishing domains
• ScamSniffer: crypto wallet drainers
• Phishing.Database: ~1M phishing domains
• Crypto Scam Intel: drainers, romance and pig-butchering scams

Feeds refresh every 6 hours. Hits feed directly into the blacklist badge of the Trust Score, and multi-source hits escalate the severity.

Alertoscan now matches domains against the CMVM: the Comissão do Mercado de Valores Mobiliários, Portugal's securities market regulator.

Any domain named in a CMVM investor warning is flagged automatically in its review page and contributes to the Trust Score.

When a regulator names several domains in one warning, those operations are usually connected. Scans now link them directly. If a domain you scan was co-listed with others, each one is reachable in a single click.

Scan pages now include a Score Evolution chart. Each rescan adds a new point, so you can see whether a site is getting cleaner, getting worse, or has been flat for months.

The Trust Score now comes with a breakdown. Every scan result shows the scoring badges that contributed to the score, one per check triggered, with its severity tier and any positive signals that offset it.

Every scan now reveals the scam farm behind a domain, the cluster of other sites linked to it through shared infrastructure and code fingerprints. A wide farm pulls the Trust Score down; a long clean history adds a small bonus.

A new tool: a Password Generator with three modes (password, passphrase, PIN). Everything is generated in your browser; no secret ever leaves the device.

A new tool: BreachRadar. Enter an email and see every public data breach it appeared in, what was leaked, and when. We don't store the address you check.

Alertoscan is live. Scan any domain in under a minute, no account required, and get a Trust Score, a clear verdict, and a permanent result page you can share.