Behavior & Intent

Detecting malicious scripts by watching what they do, not just what they look like.

Some sophisticated attacks cloak their content until a user interacts with the page. Arx monitors the runtime behavior of the page to catch these evasive threats.

Evasion Detection

Does the page try to detect if the Developer Tools are open? Does it check for mouse movement before rendering the login form? These are signs of a phishing kit trying to hide from automated scanners.

Interaction Monitoring

We watch for scripts that automatically capture keystrokes in real-time (Keylogging) before the "Submit" button is even pressed.

Obfuscation Checks

Heavy use of hex-encoding, base64 blobs, or excessive JavaScript packing to hide the source code triggers a high-risk alert.

The "Click-Jack" Trap

Another behavior we detect is the use of invisible overlays (Clickjacking). If Arx detects an invisible <iframe> positioned over a legitimate button, it blocks the interaction immediately to prevent the user from unknowingly authorizing an action on a different site.