Fraud & Integrity Analyzer v0.5 FREE

Checks for WebDriver, headless browsers, automation frameworks (Selenium, Puppeteer, Playwright, etc.), and tampered browser APIs. These are the primary signals used by bank fraud teams.

22-vector detection: prototype getter bypass, cross-frame navigator mismatch, canvas/audio noise injection, userAgentData vs UA version, WebGL renderer cross-check, Date.now() / performance.timeOrigin clock desync, Intl locale desync, enumerable navigator properties, speechSynthesis absence, hollow window.chrome, and more. Detects Octo Browser, Linken Sphere, Dolphin Anty, MultiLogin, GoLogin, AdsPower, Kameleo, and generic anti-detect profiles.

Canvas, WebGL, and Audio fingerprints are used to create a persistent unique device identifier, even across incognito sessions. VM and software-rendered GPUs are detected here.

Enumerates media devices to detect virtual cameras (OBS, Snap Camera, ManyCam, iVCam, XSplit, DroidCam, mmhmm, Camo, etc.) used to bypass liveness checks and video KYC verification.

WebRTC STUN leak detection reveals real IP addresses even through VPN tunnels. All major fintech security teams run WebRTC leak tests.

Probes 10 unique subdomains to identify which DNS resolvers handle your traffic. If your DNS exits through a VPN provider or a different country than your IP — it's a strong VPN indicator used by all tier-1 fraud systems.

Scans 30 commonly exploited ports (SSH, RDP, databases, VNC, etc). Open ports on a consumer device are a critical security red flag. Banks use this to detect exposed APIs, databases, or remote access services.

Reads the effective MTU from the server's active network interfaces (via PowerShell on Windows, ip link on Linux). A VPN virtual adapter reports its own reduced MTU — if VPN routes internet traffic, the VPN adapter's MTU is the effective ceiling for the connection.

requestAnimationFrame (rAF) timing reveals whether a real display is driving the browser. Headless environments produce near-zero or perfectly uniform frame intervals — statistically impossible on real hardware.

CSS media queries expose pointer type, hover capability, color gamut, and update speed. Contradictions between these values and the User-Agent string expose UA spoofing.

The Network Information API reports connection type, speed, and latency as seen by the OS — not the VPN. High RTT on a "4G" connection is a classic VPN proxy-chain artifact.

Real mobile devices continuously stream accelerometer and gyroscope data via DeviceMotion events. Absence of motion data on a mobile UA is a strong emulator indicator.

Hardware metrics like CPU core count, RAM, and screen dimensions help detect virtual machines and devices inconsistent with their claimed User-Agent.

Cross-reference checks between browser-declared parameters. Timezone/IP mismatch is the strongest single signal of VPN use — all tier-1 banks flag it.

Incognito mode, disabled cookies, ad blockers, and storage restrictions are used to evade device fingerprinting systems deployed by banks and payment processors.

Bot traffic has no mouse movement, scrolling, or human interaction patterns. Banks' behavioral biometrics engines analyze interaction cadence, typing rhythm, cursor entropy, and velocity patterns.

Session depth and navigation context reveal whether a browser is driven by automation or a real user. Banks analyze paint timings, history depth, and resource load patterns as primary bot-detection signals.

Video and audio codec support is a unique browser fingerprint. Missing H.264 or VP9 indicates a headless build or VM. AudioContext sample rate (44.1 kHz / 48 kHz) and base latency reveal whether real audio hardware is present.

Browser storage quota is allocated from available disk space (~60% in Chrome). A quota above 50 GB is typical of a VPS or VM with large disk allocation — not a consumer laptop or smartphone.

All detected signals sorted by severity. Each entry includes the reason it matters to financial institutions or anti-fraud systems.

Step-by-step remediation for every flagged signal, sorted by priority. Follow these to improve your trust score with financial platforms and anti-fraud systems.