Phishing URL Checker
Paste any link and get an instant, browser-only phishing analysis: lookalike domains, homoglyphs, brand combosquats, IP hosts, sneaky TLDs and more, each red flag scored and explained. The link is never opened or sent anywhere.
Structural red-flag analysis runs in your browser. We also run a live threat-intelligence check via urlscans.com — the URL string is sent to that service, but the link itself is never opened by you.
What the checker looks for
Phishing URLs almost always carry structural tells. The checker scores the link against the same signals a SOC analyst would eyeball:
- Brand outside the real domain —
apple.find-device.supportputs "apple" in the subdomain, but the registered domain isfind-device.support. - Homoglyph / IDN characters — non-ASCII letters or
xn--punycode that mimic a brand. - Combosquats —
paypal-secure.com,microsoft-verify.net: the brand plus a reassuring keyword. - IP-address hosts, @-credentials, low-trust TLDs, shorteners, and missing HTTPS — each a known abuse pattern.
Reading the result
The risk score weights each finding by severity. A high score means multiple strong signals stacked up; a low score means none of the common structural tricks were present, which is reassuring but never a guarantee. Treat the explanations as the real output: they tell you why a link is risky so you can make the call yourself. For the patterns behind these checks, see typosquatting, homoglyph attacks, and lookalike domains.
Phishing link checker, malicious URL checker, or site checker?
These are the same job under different names — a phishing link checker for a link in an email or text, a malicious URL checker for a URL you found, or a phishing site checker for a whole domain. This tool covers all three: paste the full link or just the domain to check it for phishing without visiting it. It complements your browser and antivirus warnings rather than replacing them — it explains why a link is risky. To trace a suspicious email end to end, pair it with the email header analyzer; to monitor your own brand for lookalike domains at scale, see typosquatting protection. Learn the detection patterns in how to detect typosquatting domains, and what to do with a confirmed phish in how to take down a phishing website.
Frequently asked questions
How does the phishing URL checker work?
It runs two layers. First, structural heuristics parse the link in your browser — IP-address hosts, homoglyph/IDN characters, brand names placed outside the real registered domain, combosquats (brand-secure, brand-login), low-trust TLDs, URL shorteners, embedded @ credentials, and missing HTTPS. Second, a live threat-intelligence check against urlscans.com tells you whether the URL is already known to be malicious. Each finding is scored and explained.
Is it safe to paste a phishing link here?
Yes — the tool never opens or visits the link, so it can't infect you. The structural analysis happens in your browser. The URL string (not your click) is sent to urlscans.com for the live threat-intelligence verdict; it isn't stored by this site. If you'd rather keep the URL entirely local, the structural red-flag analysis still works on its own.
Does a low score mean the link is safe?
No. A low score means the URL didn't trip common structural red flags, but a careful attacker can register a clean-looking domain. Always confirm you're on the genuine site (type the address yourself) before entering a password or payment details.
What is a homoglyph or IDN phishing domain?
An internationalized domain name (IDN) can include non-Latin characters that look identical to Latin ones — for example a Cyrillic 'а' or a dotless Turkish 'ı'. A domain like docusıgn.net can render almost exactly like docusign.net while pointing somewhere else. Browsers show these as punycode (xn--…); this tool flags both.
How do I check a shortened link without clicking it?
Many shorteners let you preview the destination by adding a '+' to the end of the link (for bit.ly) or using their preview page. This tool flags shorteners so you know to expand them; never trust a shortened link from an unexpected message.
Can I check a domain for phishing without visiting it?
Yes. Paste either the full URL or just the domain — the checker analyzes the string in your browser and never opens the site, so it's safe to check a link from an unexpected email or text before you click. It works as a phishing link checker, a malicious URL checker, and a domain checker in one.
Related free tools
One link is manual. Thousands is a platform.
PhishEye continuously discovers lookalike and typosquat domains targeting your brand, then ships evidence and takedowns automatically.
