Ghost
Ghost is a modern open-source publishing platform focused on blogs, newsletters and membership sites. ScanMalware detects it from its generator meta tag, default theme markup and asset paths.
Ghost has a smaller attack surface than plugin-heavy CMSs, but as with any platform the version and the content actually served are what determine a site’s security verdict.
Commonly deployed alongside Ghost
Of the 5,030 public scans where Ghost was detected, these are the technologies most often present on the same site. The share is the percentage of Ghost sites that also ran each one.
| Technology | Category | Share of Ghost sites |
|---|---|---|
| X-UA-Compatible | miscellaneous | 82.38% |
| PasswordField | miscellaneous | 75.23% |
| Meta-Refresh-Redirect | miscellaneous | 71.95% |
| HSTS | wappalyzer | 57.71% |
| HTTP/3 | wappalyzer | 35.72% |
| Microsoft ASP.NET | wappalyzer | 34.09% |
| Microsoft SharePoint | wappalyzer | 26.5% |
| Open-Graph-Protocol | miscellaneous | 10.99% |
| jQuery | wappalyzer | 8.72% |
| Cloudflare | wappalyzer | 8.62% |
| Google Analytics | wappalyzer | 8.14% |
| MetaGenerator | miscellaneous | 7.65% |
| Cloudflare Bot Management | wappalyzer | 7.55% |
| Google-Analytics | miscellaneous | 6.75% |
How ScanMalware detects Ghost
Ghost is detected from generator meta tags, characteristic URL paths and login endpoints, and the theme and plugin asset fingerprints it exposes.
From any scan you can pivot into related signals — JARM TLS fingerprints, ASN ownership and BGP routing, certificate history, JavaScript analysis and the overall security verdict — to understand not just that Ghost is present, but how it is being used. Open the full search interface for Ghost →
Recent public scans featuring Ghost
A rolling sample of recent public scans where Ghost was detected. Listing a site here is not a safety judgement — open a scan to see its full verdict.
| Site | Scanned |
|---|---|
| Sign in to your account https://orga313642b.api.crm4.dynamics.com | 2026-06-15 |
| Sign in to your account https://syoqtwhm.mvl.94accesspoint.vpceslotter.03-120-55-020.plesk.page/auth/oidc/azure | 2026-06-15 |
| Sign in to your account http://laprairie.wincasa-clients.ch/ | 2026-06-15 |
| Sign in to your account http://txgroup.wincasa-clients.ch/ | 2026-06-15 |
| Motorcycle Parts From Europe’s Number 1 - MSP https://www.motorcyclespareparts.eu | 2026-06-15 |
| Sign in to your account https://acproducts-my.sharepoint.com | 2026-06-15 |
| Startsida | Sveriges Riksbank https://www.riksbank.se | 2026-06-15 |
| Sign in to your account https://outlook.office.com/calendar/0/deeplink/compose?subject=testios+and+Brian+Chedrawi+… | 2026-06-15 |
Frequently asked questions about Ghost
- Does using Ghost mean a website is unsafe?
- No. Ghost is a stack component, not a verdict. ScanMalware scores the whole page — its scripts, redirects, certificates, threat-intelligence matches and behaviour — so a site using Ghost can be perfectly safe or actively malicious.
- How many sites using Ghost has ScanMalware scanned?
- Ghost has been detected in 5,030 public scans on ScanMalware.com. Each scan is a real headless-browser visit, and the figure updates as new URLs are submitted.
- What technologies are commonly used with Ghost?
- Across scanned sites, Ghost is most often seen alongside X-UA-Compatible, PasswordField and Meta-Refresh-Redirect. The full co-occurrence breakdown is listed on this page.
Browse all profiled technologies on the technology index, or scan a URL to see its full stack.