Methods and systems are presented for detecting attacks to a computer network based on analyzing access of external script through a web server. When an HTTP request is directed to a web server, the HTTP request is analyzed to determine whether the HTTP request refers to an external network address. External content that includes executable script code may be obtained from an external server based on the external network address. The external script code may be modified to transform the external script code to be inexecutable by a computer. The modified script code may be subsequently stored. The modified script may also be analyzed to determine whether the script is associated with an attack to the web server or an associated computer network.