Hacked Webpage Finder
Drop In Traffic? Seeing Strange Things On Google?
We Will Scan All Your Pages For Hacks

Ensure the integrity of your website with Hacked Page Finder, the ultimate web-based tool designed to detect signs of hacking and malicious activity on your site. By performing a thorough scan of your web pages, Hacked Page Finder identifies suspicious elements, helping you safeguard your digital presence.

Simply enter your website and configure a small amount of settings then click start. Here are just some of the checks it performs:

1. Malicious Extracted URLs
Our tool scans the HTML of each page, identifying and extracting all external URLs, including those embedded in JavaScript, JSON, and schema markup. These URLs are then checked against the Google Safe Browsing project for any signs of malicious activity, including phishing, unwanted software, malware, and viruses.

2. Hidden Blocks
We compare how each page appears to both a normal user and GoogleBot. Hackers often manipulate content visibility differently for users and search engines to conceal their activities. This check highlights any discrepancies, allowing you to investigate further.

3. Malicious File Types
This scan identifies references to potentially dangerous files, such as .exe files, within your web pages. If your website doesn't typically reference these types of files, it's a red flag worth investigating.

4. Compare and Download HTML
Use our tools to compare and download the HTML content served to both GoogleBot and normal users. Differences may indicate hidden content or other anomalies, providing deeper insights into potential security issues.

5. Offsite JavaScript File
We detect any offsite JavaScript files included in your pages, which could be indicators of Cross Site Scripting (XSS) attacks. Investigate any unfamiliar scripts to ensure they are not malicious.

6. Offsite Redirect
We track if internal URLs on your website redirect to external domains. While often legitimate, unexpected redirects to unknown domains should be examined closely.

7. Push Notification API Usage
Our scan checks for the use of the Push/Notification API in your web pages. If your site doesn’t use this feature but it’s detected, further investigation is warranted.

8. Offsite iframe
We identify any external iframes within your pages. Unrecognized iframes might be used for malicious purposes, such as initiating automatic downloads.

9. Obfuscated JavaScript
This check detects JavaScript that appears obfuscated or encrypted, a common technique used by hackers to conceal malicious code. Download the flagged scripts for a closer look.

10. Hidden Link
We examine external links presented to GoogleBot and normal users, as well as those hidden using CSS tricks. Hidden backlinks are a common tactic used by hackers to boost their own sites’ SEO.

11. Hidden iframe
Similar to hidden links, we check for discrepancies in iframes visible to GoogleBot versus normal users. Hidden iframes can conceal malicious content while still driving traffic.

12. Hacking Signature
Our tool scans for typical hacker signatures, such as “hacked by” messages. While some keywords might result in false positives, this check is vital for identifying explicit signs of a breach.

13. Foreign Content
We detect significant amounts of non-English content on your pages, which can indicate automatically generated pages left by hackers.

14. Doorway Page
We compare the content shown to normal users and GoogleBot, identifying any different content, a tactic used by hackers to avoid detection while manipulating search results.

15. Affiliate Links
This scan identifies external links that appear to be affiliate links. If you don’t participate in affiliate programs, these links might have been placed maliciously.

16. Spammy Outbound Link
We check for outbound links pointing to potentially spammy websites. While there can be false positives, this check helps identify and mitigate spammy or harmful links.

17. Spammy Onsite Content
We scan for words commonly associated with spammy niches, such as gambling or adult content. Though often false positives, this check remains sensitive to avoid missing any injected spam.

18. Malicious Offsite Redirect
This check tracks internal URLs redirecting to external domains, verifying if the destination is flagged by Google Safe Browsing as malicious.

19. Malicious Outbound Link
We scrutinize all outbound links to ensure they aren’t flagged as malicious by Google Safe Browsing, signaling a potential hack.

20. Malicious Internal URL
Every page on your website is checked against the Google Safe Browsing project for signs of being flagged as hacked or malicious.

21. Malicious iframe
All iframes on your pages are checked against Google Safe Browsing, ensuring they aren’t flagged as malicious.

With Hacked Page Finder, you gain peace of mind knowing your website is thoroughly scanned and protected from potential threats. Regular scans and detailed reports help you maintain a secure and trustworthy online presence. Stay one step ahead of hackers with Hacked Page Finder.

Start using Hacked Webpage Finder

Hacked Webpage Finder Demo Video

Hello everyone, in this video I'm going to show you how to use our hacked web page finder tool. So this tool will scan every page on your website and look for any signs that there might be some sort of hack of your website happening. Now often people will see a sudden drop in their rankings on Google and sometimes they will mistakenly think, “Oh, it's just an algorithm change,” because websites do have traffic and ranking swings over time. But sometimes it's a bit more sinister and perhaps because, for example, your WordPress is out of date or you've used a plugin that has a vulnerability. It’s allowed someone to get into your hosting where your website is and do something that has caused it to drop in the rankings. Sometimes what hackers can do is inject hidden links into your homepage or any other page to increase the rankings of another website. They can also redirect users to other websites or inject crypto miners — there are lots of things they can do that you don’t want happening on your website because it can cause a drop in your search engine rankings. Before we start going through the settings and showing the tool in action, it’s worth noting that the tool is quite sensitive — it will pick up things that are probably false positives. It’s your job to look at them and see if they are actual issues or not. If not, you can remove them from the list and carry on working through potential issues. It’s designed like that so it doesn’t miss any real hack signals. So just be aware: if something shows up, it doesn’t necessarily mean that you’ve been hacked — it’s just something to check manually in more detail. Before we show you this on a real hacked website and the results it shows, we’ll run through the settings because they’re quite technical. Generally speaking, I’d probably just leave them as they are, but we’ll go through them and I’ll explain what each one does. Automatically trust well-known domains: We created a large list of trusted domains. For example, if we see an external piece of JavaScript being called into your website, we’ll check the domain. If it’s trusted, we won’t flag it. If it’s unknown, we might flag it depending on your other settings. Scan as both a normal user and Googlebot: When we check a page, we’ll scan it as a normal user and as Google’s search engine. Sometimes hackers make different things happen depending on whether it’s Google or a normal user. This setting compares the HTML and flags even tiny differences. I’d generally leave this off because small changes in HTML can cause false positives. Check for doorway pages: We compare what Google sees versus what users see. If they are significantly different, we flag it as a possible doorway page. Check for outbound malicious links: We check all outbound links against Google’s Safe Browsing database of malicious domains. Check for user redirects: When we crawl your site, if we’re redirected offsite, we’ll flag it. Most of the time, offsite redirects are harmless, but it’s flagged for double-checking. Check for malicious redirects: Similar to user redirects, but only flags if the redirect goes to a domain that’s been flagged as malicious by Google. Check HTML/JavaScript for malicious URLs: We extract all external JavaScript and check whether the domains are flagged as malicious. Check for offsite iframes: If we find any iframes pointing offsite, we’ll flag them unless they’re from common trusted sources like Facebook. Check for hidden iframes: We check whether an iframe is visible to users but hidden from Google (or vice versa), as that can indicate malicious behavior. Check for iframes with malicious sources: If an iframe’s source domain is flagged by Google as malicious, we flag it too. Check for web push notification API usage: If you’re not using push notifications, keep this checked — hackers sometimes use them for malicious alerts. Check for affiliate links: Hackers sometimes insert affiliate links to earn commissions. Check for obfuscated JavaScript: We flag code that’s deliberately hard to read. It’s not always malicious, but it’s worth reviewing. Check for offsite JavaScript: Flags any JavaScript loaded from external domains. Combine this with the trusted domain list to reduce false positives. Check for hidden backlinks: Flags backlinks that are hidden from users or search engines — a common hack tactic. Check for foreign languages: If your site has no legitimate reason to contain foreign languages (like Russian or Chinese), this can help identify hidden hacked content. Check for common hacked signatures: Looks for telltale phrases like “hacked by…” in your source code. Check for blocked pages: Identifies pages blocked from users but accessible to Google — sometimes a tactic to hide hacked content. Check for malicious file types: Flags references to suspicious file types like .exe, .bat, .jar, etc. Check for spammy content: Uses a list of spam-related words to detect spammy content, such as references to Viagra or gambling. Check for spammy outbound links: Analyzes where your outbound links go and flags if they point to spammy sites (gambling, payday loans, etc.). Editable spam word list: You can adjust this list depending on your niche (finance, adult, pharmacy, etc.) to reduce false positives. Concurrent connections: Controls how many pages are scanned simultaneously. If you’re confident your site won’t block us, you can increase it; otherwise, keep it low to avoid blocking. Now we’ll show an example: we scanned a plumbing website that we know has been hacked. After scanning 189 pages as both a normal user and Googlebot, we got some interesting results. We can see that a page was flagged for spammy onsite content in the gambling niche. The words triggering the classification are shown, and indeed, the page contains gambling-related content. Even the homepage has hidden gambling references in the HTML, which wouldn’t be visible to a normal user but appear in the source code. That’s exactly the kind of thing this tool detects. So, you can use this tool on any website that’s showing strange behavior or ranking drops. It will scan every page for signs of hacking and malicious activity. It’s sensitive, so you’ll need to handle some false positives — just remove those from the report and manually review anything suspicious. Hopefully, this tool helps if your website has been hacked or if you’ve experienced a ranking drop. As always, thank you for watching.

What does Hacked Webpage Finder look like?

Start using Hacked Webpage Finder