Recent Threats Caught
A live feed of scans run through ScanTotal in the past 24 hours.
What you are looking at
This page is a live window into ScanTotal in use. Every time someone runs a scan, a single anonymised line is added here: the tool they used, whether the result came back clean or as a threat, the country the request came from, and roughly when it happened. It refreshes on its own about once a minute, so what you see is close to real time.
We publish it for one reason: transparency. A free security tool is easy to claim and hard to verify. This feed, and the fuller threat-stats dashboard behind it, let anyone see that the scanner is genuinely used and genuinely catches things, without having to take our word for it.
How to read each entry
- The coloured badge is the tool that ran: URL, File, Email, SMS, Image (QR), or Hash lookup.
- The verdict is either "Clean" or "Threat detected". When a threat is named, the family or signature appears in italics beneath it.
- The country is an aggregate, derived from Cloudflare's edge network, never a precise location.
- The time is rounded to the nearest five minutes, so no entry can be tied back to a specific person or moment.
What this feed never shows
No scanned URLs, file names, file contents, hashes, email addresses, IP addresses, or device details ever appear here, because the scanner does not keep them. Files are hashed inside your browser and never uploaded, so the feed only ever holds the handful of non-identifying fields above. Known industry test signatures, such as the EICAR test file, are filtered out so the numbers reflect real-world threats rather than test noise, the same rule used on the threat-stats dashboard.
If the list looks quiet, that is normal. Threats tend to arrive in waves as active phishing campaigns run, rather than as a steady stream. For the 30-day picture, including the most-seen threat names and the busiest countries, see the threat-stats dashboard.