Security
Phishing Link Detector
Paste any suspicious link to check it against live blocklists and 7 structural signals — domain age, homograph characters, redirect chains, brand spoofing, and more. The link is fetched server-side and analyzed — your browser never visits the destination.
The page is fetched by our server in an isolated environment — your browser never touches the destination.
Signal results
Signal
Finding
Status
Blocklist match
Waiting for a link…
Pending
Domain age
Waiting for a link…
Pending
Brand spoofing
Waiting for a link…
Pending
Homograph characters
Waiting for a link…
Pending
Redirect chain
Waiting for a link…
Pending
TLS certificate
Waiting for a link…
Pending
Login form detection
Waiting for a link…
Pending
What this test checks — 7 signals
Blocklist match
Checked in real time against Google Safe Browsing, PhishTank, and URLhaus — three independently maintained threat-intelligence feeds, not a single cached list. A match on any one of them is treated as confirmed, not just suspected.
Domain age
Looked up via public WHOIS/RDAP records. A domain registered days or weeks ago that imitates an established brand is one of the single strongest phishing signals there is — legitimate companies essentially never rotate their login domain.
Brand spoofing
Checks whether a well-known brand name appears somewhere in the domain without actually being the domain itself — most commonly as a subdomain (paypal.com.example-verify.info) or stuffed directly into an unrelated domain name.
Homograph characters
Detects look-alike characters borrowed from other alphabets — a Cyrillic "а" standing in for a Latin "a," for example — and shows the domain's real punycode form underneath the disguise.
Redirect chain
Every hop is followed server-side — shorteners, tracking links, meta-refreshes — so you see the true final destination before you ever click the original link yourself.
TLS certificate
Notes whether the certificate is valid, and how recently it was issued. A certificate is never treated as a safety signal on its own — free automated certificate authorities issue valid HTTPS certificates to phishing domains just as readily as to real ones — but a certificate issued days ago is corroborating evidence alongside domain age.
Login form detection
Flags whether the destination page contains a password field. A password field sitting on a domain that is also newly registered and imitating a brand name is a combination almost never seen on legitimate sites.
How the verdict is scored
0–29 · Low risk
No blocklist match and no meaningful structural red flags. Shown as "not currently known to be malicious" — this is a statement about what has been checked, not a guarantee.
30–64 · Suspicious
Structural red flags without a confirmed blocklist entry — commonly a very new domain, an unusual redirect chain, or brand-like naming. Worth extra caution before entering any information.
65–100 · High risk
A confirmed blocklist match, or several strong signals combined. Do not enter credentials, payment details, or personal information on this page.
A "low risk" result is never displayed as "verified safe" anywhere on this page. Automated detection has real, structural limits — the FAQ below covers exactly what those are.
Frequently asked questions