How Saber Works

Saber combines static analysis, JavaScript rendering, reputation databases, and AI to deliver a confident risk verdict on any URL — in seconds

Saber is the world's first phishing scanner that understands social engineering in Arabic

The Scanning Process

Every scan follows the same multi-layer pipeline. Each stage builds on the previous one, so the final verdict is grounded in evidence from multiple independent sources.

01

Submit

Paste a URL, an SMS, an email, or a WhatsApp message — or scan a QR code. Saber automatically extracts the target URL from any message format.

02

Reputation Check

The URL is checked against Google Safe Browsing and WHOIS / RDAP registry databases before any further analysis runs.

03

Page Fetch

Saber retrieves the live page content. For sites that rely on JavaScript to render their content, a full browser engine is used to capture the real page.

04

Signal Analysis

Dozens of signals are evaluated across domain structure, TLS certificate, page content, redirect behavior, and brand patterns — all weighted against each other.

05

AI Verdict

An AI model reviews all collected signals and issues a structured verdict: a risk classification, a confidence score, and a plain-language explanation.

What We Analyze

Saber evaluates signals across five categories. No single signal is conclusive — the risk verdict reflects the weight of evidence across all of them.

Domain & Infrastructure

  • Domain registration age and history
  • TLS certificate validity and issuer
  • DNS configuration and nameservers
  • Subdomain structure patterns
  • Top-level domain classification

Content & Brand Analysis

  • Credential harvesting form detection
  • Brand impersonation indicators
  • Deceptive language and urgency patterns
  • Cryptocurrency and financial fraud terminology
  • Page heading and title analysis

Redirect & Network Behavior

  • Redirect chain length and destinations
  • Final landing URL verification
  • Cross-domain navigation patterns
  • Network-level evasion techniques
  • Bot-challenge interception detection

Reputation Databases

  • Google Safe Browsing threat lists
  • WHOIS / RDAP registrant data
  • Free hosting platform detection
  • Domain age from registry records
  • WHOIS privacy and redaction signals

JavaScript Rendering

  • Full browser-level page execution
  • Single-page application content capture
  • Dynamically constructed credential forms
  • Cross-origin iframe content analysis
  • Runtime evasion pattern detection

TLS & Certificate Signals

  • Certificate authority classification
  • Common name and subject validation
  • Certificate expiry and validity window
  • Wildcard and SAN coverage analysis
  • Certificate mismatch detection

Built for Arabic Speakers

World's First

Saber is the world's first phishing scanner that understands social engineering in Arabic — both in the message you submit and in the page content it analyzes.

1
01

Arabic social engineering in messages

When you paste an Arabic SMS, WhatsApp message, or email, Saber reads it natively. It detects urgency language, impersonation patterns, prize-scam phrasing, and suspicious keywords written in Arabic — not just transliterated or translated text.

2
02

Arabic page content analysis

Saber analyzes the full Arabic text of a phishing page — headings, body copy, form labels, and call-to-action buttons. Brand impersonation, financial fraud terminology, and deceptive language are detected directly in Arabic without any translation step.

3
03

Language-aware AI explanations

When the submitted message or scanned page is in Arabic, the AI verdict and explanation are delivered in Arabic. You receive threat context in your language — not a machine-translated afterthought.

AI Verdict Layer

After all signals are collected, an AI model reviews the full picture and issues a structured verdict with a confidence score and a plain-language explanation — available in English and Arabic.

Holistic evaluation

The AI model does not act on any single signal in isolation. It weighs the full body of evidence — domain, content, behavior, and reputation — together.

Structured output

The model always returns a typed verdict: a risk classification, a confidence level, and a plain-language explanation. No ambiguous free-text parsing.

Bilingual explanations

AI explanations are available in both English and Arabic, so users always receive threat context in their preferred language.

Risk Levels

Every scan produces one of three verdicts. When the evidence is ambiguous, Saber errs on the side of caution.

Safe

No significant threat indicators were found. The domain, content, and behavior all appear consistent with a legitimate site.

Suspicious

One or more signals warrant caution. The site may be legitimate, but we recommend not submitting credentials or sensitive information.

Dangerous

Strong evidence of phishing, malware, or credential harvesting. Do not proceed — report the URL to your security team.

Built for Trust

Every scan generates a shareable public report with a permanent URL. Security researchers, IT teams, and individuals can document and share threat findings — no account required to view a report.

Shareable public reports

Every scan generates a permanent public report URL you can share with anyone — no account needed to view it.

Independent signal sources

Saber cross-references multiple independent data sources so no single compromised or outdated feed can skew the verdict.

Results cached for performance

Recently scanned URLs return instantly from cache. Results are refreshed automatically as cache entries expire.