The Scanner That
Reads Social Engineering.
Saber combines live JavaScript rendering, threat-intelligence feeds, and AI reasoning to expose phishing that traditional blocklists miss — including the world's first scanner with native Arabic language intelligence.
↳ Domain registered 2 days ago via proxy registrar
↳ Free TLS cert — consistent with phishing kit
↳ Redirect chain: 3 hops through cloaking CDN
From URL to Verdict. In Seconds.
Five sequential analysis stages run in parallel where possible — delivering a confident risk classification faster than a human can read the URL.
Submit
Paste a URL, IP address, or scan a QR code. Saber accepts any format and begins multi-layer analysis immediately — no account needed.
Reputation Check
Cross-references threat-intelligence feeds and blocklists while evaluating domain age and registrar credibility to surface known bad actors.
Live Page Fetch
A stealth browser retrieves the live page, simulates real user interaction to trigger hidden forms, and extracts text from image-locked content in 18 languages.
Signal Analysis
Evaluates dozens of indicators: domain structure, TLS certificates, redirect chains, page content, and a database of known phishing kit fingerprints.
AI Verdict
An AI model answers four structured questions on page intent, brand claims, domain consistency, and evidence strength — then delivers a confident verdict.
Six Dimensions.
No Blind Spots.
Where most scanners stop at blocklists, Saber analyses each URL across six independent threat dimensions — then fuses the signals with AI.
Registrar credibility, domain age, naming patterns, and DNS anomalies that expose typosquatting and lookalike domains before they load.
Visual and textual brand impersonation detection — catches fake login pages, cloned interfaces, and forged logos used to deceive victims.
Full redirect chain analysis including multi-hop cloaking, geo-redirects, and bot-detection bypasses commonly used to hide phishing destinations.
Cross-referenced against multiple independent threat feeds, blocklists, and community-reported phishing indicators for broad coverage.
A stealth browser renders dynamic content to reveal credential-stealing forms, malicious scripts, and cloaked payloads invisible to static analysis.
Certificate issuer analysis, HTTPS misuse patterns, and SAN inspection to detect the free-cert abuse pattern prevalent in phishing campaigns.
Not a Score. A Verdict.
Saber's AI model doesn't return an opaque confidence number — it answers four structured questions about every URL, then delivers one of four clear risk classifications.
What is this page's apparent intent?
Classifies purpose: login, payment, info capture…
Does it claim to represent a known brand?
Detects impersonation of banks, social platforms, SaaS
Is the domain consistent with that brand?
Catches typosquats and lookalike registrations
How strong is the evidence for the verdict?
Scores confidence across all detection signals
Arabic-native verdicts. When Arabic content is detected, Saber delivers its reasoning in Arabic — the world's first phishing scanner to do so.
No threat signals detected across all analysis dimensions.
Elevated risk indicators detected. Proceed with caution and verify the source.
Page unreachable or insufficient signals for a conclusive verdict.
Active phishing confirmed — one of five specific threat types identified.
Built for Threats That
Traditional Scanners Miss.
Catches Threats Written in Arabic
Most scanners are blind to Arabic-language social engineering. Saber reads phishing lures, impersonation copy, and deceptive instructions in Arabic natively — delivering verdicts and explanations in Arabic when it matters most.
Spots Recycled Attack Infrastructure
Attackers reuse the same phishing kits across thousands of campaigns. Saber fingerprints known kit patterns so recycled infrastructure is flagged instantly — before it tricks a single victim.
Reads Text Phishers Hide in Images
A common evasion trick: embed credential-stealing instructions inside an image so text scanners see nothing. Saber extracts and analyses image-locked content in 18 languages, closing that blind spot completely.
Share Evidence in One Click
Every scan produces a permanent, shareable report URL — no account needed. Forward it to your team, attach it to an abuse report, or escalate to a registrar without any login or setup.
Paste a Link.
Get the Truth in Seconds.
No account. No setup. Submit any URL, IP, or QR code — Saber returns a shareable, permanent report with a full breakdown of every signal it found.