Catch phishing pages before blocklists do.
Muninn is a Chrome extension that scans pages as you browse and warns you when something looks off. Yggdrasil is the open threat database where suspicious URLs can be checked, reviewed, and shared.
Free during beta. Create an account to unlock deep scans, URL submissions, and the full Yggdrasil workflow.
Quiet by default. Thorough when it matters.
Muninn uses a two-step system to catch phishing pages before they slip by. The automatic scan checks each page in the background as you browse. If something looks suspicious, deep scan takes a closer look at what the page actually looks like.
That gives you a fast first pass on every page and a stronger second opinion when you want to investigate further.
Flagged 95% of URLs with later phishing evidence.
Runs quietly in the background while you browse.
Caught 98% of URLs later confirmed as phishing.
Screenshot-based analysis for a closer look.
See Muninn in action
This phishing page wasn't flagged by Chrome. Muninn caught it.
Recent entries in Yggdrasil
Open full view| URL | Status |
|---|---|
| https://fanciful-cactus-7d564d.netlify.app | Phishing |
| https://fanciful-cactus-7d564d.netlify.app/pass.html | Phishing |
| https://www.frontierairlines.ru | Phishing |
| https://www.alaskaairlines.ru | Phishing |
| https://www.southwestairlines.ru | Phishing |
| https://docs.google.com/presentation/d/e/2PACX-1vSBDHdrUE_3X97DXjufrtBTXA0lcbFDpiWH1idPj6XeXMkLsaT_oA1qr93ZBM_whe9Zm7voAB8_xJOA/pub | Phishing |
| https://pub-0a634125d0bc49c4b256782bbc553fae.r2.dev/AT%26T%20SERVICE%20UPDATE%20(7).html Entity: AT&T | The login page is hosted on Cloudflare's R2 object storage (r2.dev) rather than an official AT&T domain, which is a common indicator of a phishing site.; The URL path contains a suspicious filename 'AT&T SERVICE UPDATE (7).html', suggesting it is a static malicious file designed to harvest credentials. | Phishing |
| https://sshimran-2026flavour.com Entity: Smirnoff | The domain name 'sshimran-2026flavour.com' is unrelated to the official Smirnoff brand, which is a common indicator of a phishing attempt.; The site requests sensitive credentials (phone number and password) while using official brand imagery on an unofficial, suspicious domain. | Phishing |
| https://hardware-ledge-aws.pages.dev Entity: Ledger | The URL contains a misspelling of the brand name ('ledge' instead of 'ledger') and is hosted on a free subdomain (pages.dev), which is a common tactic for phishing sites.; A legitimate high-security hardware wallet company like Ledger would use its own official domain (ledger.com) rather than a third-party cloud hosting platform. | Phishing |
| https://lldgerr-live.pages.dev Entity: Ledger | The domain 'lldgerr-live.pages.dev' contains a blatant misspelling of the 'Ledger' brand, which is a common typosquatting technique used in phishing.; The website is hosted on a free subdomain (pages.dev) rather than the official Ledger domain (ledger.com), and the visual content appears to be a low-quality template. | Phishing |
The Muninn extension checks against Yggdrasil plus AI analysis that can catch threats not in the database yet. Submitting URLs requires logging in.