external-link-scanner

Crawl a site and audit where it links out to. Every external link, script, iframe and form target is collected and grouped by destination domain — domains on nonstandard TLDs (.dev, .xyz, .top, …), raw IPs, punycode hosts and spam-keyword URLs are flagged as suspicious.

Scan a site

What gets flagged as suspicious
SignalMeaning
nonstandard TLDAny TLD that is not a two-letter country code or a classic gTLD (.com, .net, .org, …). New gTLDs such as .dev, .xyz, .top or .icu are cheap and heavily abused for spam and malware.
raw IP addressA reference pointing at an IP address instead of a hostname.
punycode / IDNxn-- hostnames can visually impersonate other domains (homograph attacks).
SEO-spam keywordsCasino/pharma/adult keywords in the target URL or anchor text — typical of injected spam links.
active contentA flagged domain that also serves scripts, iframes or receives form posts — code execution or data exfiltration, not just a link.