Behavior & Intent
Detecting malicious scripts by watching what they do, not just what they look like.
Some sophisticated attacks cloak their content until a user interacts with the page. Arx monitors the runtime behavior of the page to catch these evasive threats.
Evasion Detection
Does the page try to detect if the Developer Tools are open? Does it check for mouse movement before rendering the login form? These are signs of a phishing kit trying to hide from automated scanners.
Interaction Monitoring
We watch for scripts that automatically capture keystrokes in real-time (Keylogging) before the "Submit" button is even pressed.
Obfuscation Checks
Heavy use of hex-encoding, base64 blobs, or excessive JavaScript packing to hide the source code triggers a high-risk alert.
The "Click-Jack" Trap
Another behavior we detect is the use of invisible overlays (Clickjacking). If Arx detects an invisible <iframe> positioned over a legitimate button, it blocks the interaction immediately to prevent the user from unknowingly authorizing an action on a different site.