Changelog

Fixed intermittent 500 errors on several API endpoints (OCR, favicon search, scan summary, high-risk search, analyzer stats) that occurred after the first cached request

Improved AI security verdict accuracy with established-domain leniency, SSO flow recognition, and self-branding detection — reducing false positives on corporate sites, news/media, and small business websites

API: Renamed several response fields for consistency across scan results, nameserver lookups, and PCAP endpoints

Further improved AI brand impersonation detection with contextual awareness for venue names, geographic locations, and corroborating signal requirements

Improved AI security verdict accuracy for brand impersonation detection, reducing false positives on sites that use third-party services

Fixed missing ASN organization names for some IPs in the Domain & IP Information table

New Advanced Search (SMQL) with 120+ filters, boolean logic, and sorting - Browse /search-advanced

Added multi-signal phishing detection for Microsoft 365 credential phishing (AiTM proxies, static clones, obfuscated kits)

Added stable behavioral signatures and behavior vectors for JavaScript similarity clustering - Browse /blog/stable-behavioral-signatures

Improved database query performance and search responsiveness

Fixed "Find Similar" links for behavioral code fingerprints on scan results

Improved scan submission responsiveness and URL validation performance

Improved threat intelligence coverage with additional feed sources and freshness monitoring

Improved YARA malware detection accuracy and updated threat intelligence feeds

Improved JavaScript analysis for external scripts with enhanced hybrid analysis pipeline

Added crypto wallet drainer detection with blockchain RPC monitoring and brand impersonation checks

Improved AI security analysis accuracy and network traffic analysis coverage

Show full certificate hashes in Certificate Transparency Intelligence section

Fixed Certificate Transparency API endpoints to correctly return DNS records and IP addresses for domains

Infrastructure: Resolved search cluster issue and performed disk space optimization

Published blog post: Detecting Coruna, the nation-state iOS exploit kit targeting Safari, with 16 new YARA detection rules - Visit /blog/coruna-ios-exploit-kit-detection

Improved RDAP display by filtering out OCITOKEN metadata from IP descriptions

Fixed RDAP domain age trust bypass on cross-domain redirects

Fixed JSON-LD XSS vulnerability and invalid character handling

Skip AI analysis for error pages to reduce false alerts

Reduced AI verdict false positives for news and article sites writing about brands

Added title-domain mismatch detection to AI security analysis

Fixed AI verdict false positive for gambling sites misclassified as phishing

Added Content Security Policy header to frontend pages

Fixed search query timeouts for faster hash and fingerprint lookups

Improved accuracy: hosting platform false positive prevention, domain age scoring, and scam taxonomy

Integrated IDS/Suricata network alerts into AI security analysis for deeper threat detection

Improved AI security analysis with enhanced phishing detection and reduced false positives for legitimate websites

Scanning performance improved 34x with optimized parallelization

Improved credential exfiltration detection accuracy with reduced false positives

Published blog post analyzing ShinyHunters phishing kit campaign with 21,090 domains scanned - Visit /blog/shinyhunters-phishing-kit-analysis

Added malware warning indicators to script analysis pages

Refined malware detection patterns achieving under 5% false positive rate

Fixed AI analyzer to correctly identify critical malware patterns

Added Meta/Facebook brand detection to security analysis

Fixed AI classification thresholds for more accurate risk scoring

Added trusted domain badge to individual script analysis pages

Improved scan processing reliability with optimized timeout settings for better resource management

Enhanced logging infrastructure for improved performance monitoring across distributed systems

Improved network traffic capture quality by preventing empty packet captures from being stored

Infrastructure: Optimized internal data management for better system performance

Enhanced system health monitoring with TLS certificate analysis status tracking

Enhanced scan pipeline reliability analysis for better error detection and automatic recovery

Improved code analysis accuracy by reducing false positive detections in fingerprint matching

Expand API documentation with 10 new endpoints: YARA malware detection (4 endpoints), registrar search, tracking keys analysis (3 endpoints), Chrome network debug logs, and nameserver domain lookups - Visit /api-docs

Add confidence level indicators when identifying code libraries in scan results

Improved accuracy in library identification by reducing false matches for generic filenames

Launch Model Context Protocol (MCP) server for AI integration - enables Claude Desktop and other AI tools to directly access ScanMalware security scanning capabilities - Visit https://mcp.scanmalware.com

Enhanced library detection accuracy for inline and embedded code blocks

Fix IOC Matcher false positive issue - eliminated 85% false positives by properly filtering legitimate CDN services (Cloudflare Pages, Wix, IPinfo, TikTok CDN)

Improved library version detection accuracy with better validation logic

Add detection for programming interfaces and system calls used in JavaScript code

Improved reliability of network traffic capture and analysis during scans

Expand library detection capabilities by 355% with 47 new identification signatures

Expand threat intelligence coverage to 4.5M+ indicators with ThreatFox (123K network IOCs), MalwareBazaar (3.1M file hashes), and MISP (6.9K threat indicators)

Fix scan result page error when analyzing forms with unusual field configurations

Improved tracking of URL redirects to preserve fragment identifiers in destination URLs

Improve code analysis reliability to 100% success rate, eliminating processing errors

Launch automated copyright and licensing detection with 119% improvement in accuracy

Add detection for JavaScript-based navigation and blob URLs for better tracking of client-side URL changes

Add automatic URL preprocessing to unwrap redirect links from social media platforms and URL shorteners

Enhanced IP geolocation display with full country names in Network tab

Performance: Database query optimizations for faster domain search and tracking key lookups

Add WAF and CDN detection to TLS fingerprint analysis (Cloudflare, Akamai, Fastly, and more)

Add page-level JavaScript behavioral risk analysis on Scripts tab

Add MD5 and SHA-1 hash search support to JavaScript search with direct links to script detail pages

Improved domain registration (RDAP/WHOIS) caching with smart expiration-based refresh

Improved JavaScript malware analysis with better code segment extraction and pattern matching

Fix technology detection service - improved reliability for website fingerprinting

Infrastructure: Improved network reliability for DNS lookups and domain intelligence

Reduced false positives for regional brand TLD variants (e.g., crocs.eu, nike.de)

Improved form analysis to reduce false positive password field detections

Add business legitimacy assessment for positive trust signals in security analysis

Enhanced form classification to recognize legitimate booking forms and third-party services

Add industry-aware brand detection to reduce false positives for legitimate businesses

Infrastructure: Upgraded fallback worker for improved bot detection evasion

Add scan visibility selector UI with public, unlisted, and private options (coming soon)

Fix malware scanning service and improve intrusion detection reliability

Performance: Increased search database memory and extended Certificate Transparency query timeout for large searches

Add dual search cluster monitoring to health checks for improved reliability

Enhanced Certificate Transparency search performance and reliability

Improved infrastructure monitoring with enhanced health checks for all services

Refactored internal architecture for better scalability and maintainability

Add dark mode support for YARA malware pattern detection results

Launch YARA malware pattern detection with visual indicators on scan results

Expand YARA malware detection capabilities by 23% (1,250 → 1,540 detection patterns)

Add YARA malware pattern matching to JavaScript analysis for enhanced threat detection

Add automated daily updates for YARA malware detection rules

Launch unified search page with tabs for text, visual, and JavaScript code search

Launch JavaScript Malware Analysis v2.0 with YARA patterns, fuzzy hashing (TLSH), webpack de-bundling, and ML-based code similarity detection

Add library fingerprinting system to identify known JavaScript libraries and isolate suspicious code

Infrastructure improvements: Updated to latest platform versions for better performance and security

Add domain registration and nameserver information to scan results with DNS fallback support

Launch JavaScript obfuscation detection to identify malicious code hiding techniques

Improve scan reliability with automated retry logic, reducing error rate to under 6%

Fix critical scanning issues and enhance error handling for improved stability

Launch hybrid JavaScript fingerprinting with 19x coverage increase for better malware detection

Fix GeoIP data enrichment for network analysis and IP geolocation

Add trusted CDN whitelist badges to Scripts tab for better security transparency

Fix screenshot loading issue on Visual Search page

Add TLS Certificate Analysis API endpoint with CAA validation and Certificate Transparency data - Visit https://scanmalware.com/api-docs#tls

Launch public changelog page with timezone-aware timestamps and clickable links - Visit /changelog

Add RSS feed for changelog updates - Subscribe at /changelog.xml

Launch security blog with articles on TLS certificates, CAA validation, and Certificate Transparency - Visit /blog

Add RSS feed for blog posts - Subscribe at /rss.xml

Add tag filtering for blog posts - Browse posts by topic

Performance improvement: Database optimizations

Add daily automated browser profile warmup for better bot detection evasion

Expand browser profile warmup from 5 to 10 popular websites

Security: Browser workers now run as non-root user for improved security

Add CAA validation and certificate validity period checks to TLS analyzer

Add hostname validation and certificate chain validation to TLS analyzer

Add comprehensive security certificate test validation

Fix TLS analyzer ECDSA key size false positive

Implement TLS Certificate Analyzer with Certificate Transparency enrichment

Optimize JavaScript fingerprinting performance

Add CJK script detection and language code normalization

Implement improved multi-signal language detection

Implement multi-signal phishing clone detection

Remove white background from favicons, make transparent

Fix URL manipulation false positive for hash fragments in single-page apps

Fix browser error URL exposure and improve AI analysis continuation logic

Improved JavaScript fingerprinting processing speed with parallel workers

Fix HTML upload race condition with inline data storage

Enhanced reliability for JavaScript file downloads and analysis

Fix null checks in expanded fingerprint metrics section

Fix null handling for function count in JavaScript fingerprints

Add obfuscated JavaScript detection for improved malware identification

Add expanded JavaScript fingerprint metrics view

Implement JavaScript fingerprinting feature for malware detection

Faster JavaScript fingerprinting results for newly submitted scans