Catch phishing pages before blocklists do.
Muninn is a Chrome extension that scans pages as you browse and warns you when something looks off. Yggdrasil is the open threat database where suspicious URLs can be checked, reviewed, and shared.
Free during beta. Create an account to unlock deep scans, URL submissions, and the full Yggdrasil workflow.
Quiet by default. Thorough when it matters.
Muninn uses a two-step system to catch phishing pages before they slip by. The automatic scan checks each page in the background as you browse. If something looks suspicious, deep scan takes a closer look at what the page actually looks like.
That gives you a fast first pass on every page and a stronger second opinion when you want to investigate further.
Flagged 95% of URLs with later phishing evidence.
Runs quietly in the background while you browse.
Caught 98% of URLs later confirmed as phishing.
Screenshot-based analysis for a closer look.
See Muninn in action
This phishing page wasn't flagged by Chrome. Muninn caught it.
Recent entries in Yggdrasil
Open full view| URL | Status |
|---|---|
| https://app-cexio-login.pages.dev Entity: CEX.io | The site uses a 'pages.dev' subdomain to mimic the official CEX.io brand, a common tactic for hosting phishing pages on legitimate cloud platforms.; The URL includes keywords like 'app' and 'login' while being disconnected from the official 'cex.io' domain, indicating an attempt to harvest user credentials. | Phishing |
| https://us-ledgrlive-desktop.pages.dev Entity: Ledger | The URL uses a misspelled version of the brand ('ledgr' instead of 'ledger') and is hosted on a generic subdomain (pages.dev) rather than the official company domain.; The page uses obfuscated text with diacritics in the main header (e.g., 'Lėdger') to bypass automated security filters, a classic indicator of a phishing site. | Phishing |
| https://spincasinologin-vip.pages.dev Entity: Spin Casino | The website is hosted on a free Cloudflare Pages subdomain (pages.dev) rather than a legitimate corporate domain, which is highly unusual for a major gambling brand.; The URL uses keywords like 'login' and 'vip' alongside a well-known brand name to create a deceptive link aimed at harvesting user credentials or financial information. | Phishing |
| https://theviclogin-vip.pages.dev Entity: The Vic | The website is hosted on pages.dev, a free platform frequently used for phishing, which is highly unusual for a legitimate gambling institution's login portal.; The domain name 'theviclogin-vip' combines brand keywords with common phishing suffixes designed to deceive users into providing credentials. | Phishing |
| https://premium-wallet.app Entity: Trust Wallet | The domain 'premium-wallet.app' is not the official Trust Wallet domain (trustwallet.com), indicating a clear attempt at brand impersonation.; The website mimics the Trust Wallet interface to likely steal sensitive information such as recovery phrases through deceptive 'wallet synchronization' or login prompts. | Phishing |
| https://betdaqlogin-vip.pages.dev Entity: BETDAQ | The site uses a free hosting domain (pages.dev) instead of the official betdaq.com domain, which is a significant indicator of phishing or fraudulent activity.; The subdomain 'betdaqlogin-vip' combines a major brand name with keywords like 'login' and 'vip' to impersonate official services and lure users. | Phishing |
| https://fanciful-cactus-7d564d.netlify.app | Phishing |
| https://fanciful-cactus-7d564d.netlify.app/pass.html | Phishing |
| https://www.frontierairlines.ru | Phishing |
| https://www.alaskaairlines.ru | Phishing |
The Muninn extension checks against Yggdrasil plus AI analysis that can catch threats not in the database yet. Submitting URLs requires logging in.