--:--:--UTC

Searching APEX

Starting…

  1. Searching Threats, IOCs & Threat Intelligence locally
  2. Querying external providers
  3. Asking AI Forensic Validator
  4. Creating new entry from validated hit

0s elapsed

Payload Analyzer

Drop a base64 / hex blob; APEX disassembles, signatures and validates with AI.

Paste a suspected-malicious payload (JavaScript, HTML, SQL, shell snippet, or any string) and the analyzer flags signature matches, suspicious heuristics, and dangerous AST nodes (for JavaScript). Analysis runs entirely in your browser. A payload flagged as harmful (critical / high severity) is then saved to this APEX server's threat library so confirmed-malicious samples are shared across analysts — benign payloads are never transmitted, and nothing is ever sent to a third party.

Input

no input

AI Analysis

Run a deep AI malware / secure-code review of the payload above — intent, malicious indicators, MITRE ATT&CK / CWE mapping, obfuscation, and recommended actions. Unlike the static checks above, this sends the payload to this server's configured AI provider for analysis. When the static checks clear a payload, this AI review also runs automatically in the background as a second opinion — if it finds the code malicious, you are flagged with the full analysis.

Fair-use limit: AI analysis is limited to 10 runs per hour per visitor to prevent abuse and control cost. When the limit is reached the AI analysis is disabled until the hour rolls over — the static signature / heuristic / AST analysis above always stays available with no limit. During heavy use the AI server may be momentarily busy — the button is briefly unavailable until an analysis slot frees up.

Complete the verification above to enable AI analysis.

10 of 10 AI analyses remaining this hour.

How it works

Detection methods
  • Signature matching — regex-based comparison against known-bad patterns (EICAR test string, common XSS / SQLi / command-injection / webshell snippets, base64-encoded payload shells).
  • Heuristic analysis — flags obfuscation tells: eval(), atob(), String.fromCharCode, long hex / Unicode / base64 runs, percent-encoded blobs, suspicious identifier patterns.
  • AST parsing — when "Parse as JavaScript" is enabled, payloads are parsed with Acorn into an Abstract Syntax Tree. The analyzer walks the tree and flags dangerous API calls: eval, Function(), document.write, innerHTML =, XMLHttpRequest / fetch(), storage access, and window.location redirects.
  • Severity model — findings tagged critical / high / medium / low / info, each with a one-line mitigation hint.

No sandboxed execution: the analyzer is static-only. For dynamic behavioral analysis, use a separate sandbox (Cuckoo, Hatching Triage, JavaSith). The detection ruleset is intentionally conservative — false positives are preferable to false negatives when triaging suspected malicious content.