MalwareTips
sys://tools.malwaretips.com
Security intelligence · live

Before it catches you,
we catch it.

A precision security toolkit for a hostile internet. Scan any URL or file through 70+ engines and an AI analyst. Free. Private. Fast.

Free · 20 scans / hour·Results cached 24h·We never store your IP in results
Or pick your weapon
FilePhishing linkfastEmailSMSPassword
Command center
Verdicts shipped
0
to date
URLs
5.8k
Files
108
Last six verdicts
All
engines online
70 / 70
Cross-checked against
Google Safe BrowsingPhishTankURLhausOpenPhishMalwareBazaarThreatFoxAbuseIPDBSpamhausCloudflare RadarTrancoGoogle Safe BrowsingPhishTankURLhausOpenPhishMalwareBazaarThreatFoxAbuseIPDBSpamhausCloudflare RadarTranco
LIVE · Recent verdicts
CLEAN·megadrivingschool.comBAD·sp10ct6-dravrix-biz-fralnor-pluntex.pages.devBAD·https-www--roblox.comBAD·ip1238199153.itupdatealert.comBAD·softwarecrackguru.comSKETCHY·fluxtv.qzz.ioCLEAN·purobakery.comBAD·haxpc.netBAD·s.teams-ml.comBAD·sp10ct6-glurnor-biz-platem-dravnik.pages.devCLEAN·esta.cbp.dhs.govSKETCHY·anitaku.toSKETCHY·gog-games.toCLEAN·steelcityrun.comSKETCHY·peptidespower.comCLEAN·allservicepestcontrol.inCLEAN·Hotfix.batBAD·keylog.sysCLEAN·megadrivingschool.comBAD·sp10ct6-dravrix-biz-fralnor-pluntex.pages.devBAD·https-www--roblox.comBAD·ip1238199153.itupdatealert.comBAD·softwarecrackguru.comSKETCHY·fluxtv.qzz.ioCLEAN·purobakery.comBAD·haxpc.netBAD·s.teams-ml.comBAD·sp10ct6-glurnor-biz-platem-dravnik.pages.devCLEAN·esta.cbp.dhs.govSKETCHY·anitaku.toSKETCHY·gog-games.toCLEAN·steelcityrun.comSKETCHY·peptidespower.comCLEAN·allservicepestcontrol.inCLEAN·Hotfix.batBAD·keylog.sys
Threat of the day

Caught in the wild — flagged dangerous.

sp10ct6-dravrix-biz-fralnor-pluntex.pages.dev
Dangerous32m ago

This entry tripped multiple engines and our AI analyst within the last day. Open the report for the full chain — URL, hosting, IOCs, and the engine breakdown.

Open the reportBrowse URL reports
threat score
80/100
danger meter80%
seen
32m
kind
URL
AV engines
0+
URLs scanned
0
Files analyzed
0
Always free
$0
Anatomy of a scan

Five layers. One clear answer.

Every URL runs through the same pipeline. No dashboards to decode, no tables to untangle — just the verdict and the receipts.

See the scanner
Threat engines
95+ AV + blacklist networks
Sandbox render
Full visual capture
Open-web research
Reviews, press, scam reports
AI analyst
Multimodal reasoning
Verdict
Human-readable, shareable
The live feed

Latest verdicts.

The most recent URLs and files passed through our scanner. Every card is a crawlable link to a permanent report.

URL reports
5.8k indexed
Browse all
File reports
108 indexed
Browse all
The arsenal

Eight precision instruments.

Each tool does one thing with obsessive focus. Mix and match — they compose.

View all tools
Live
Scanner·AI + threat intel

Scam URL Scanner

Threat intelligence, AI vision, live web research, domain history, and encryption — in one clear verdict.

Is this link safe?Open
Live
Scanner·AI + 70+ engines

File Scanner

Drop any file up to 32 MB. 70+ antivirus engines and an AI analyst, pass-through — we never store your file.

Is this file malware?Open
Live
Scanner·AI + 10+ checks

Email Scanner

Paste any address — get deliverability, breach history, brand-lookalike radar, domain reputation, and AI phishing analysis in one report.

Is this email real?Open
Live
Scanner·AI + URL intel

SMS Scanner

Paste a suspicious SMS — we parse the sender, follow shortener redirects, cross-check every link against our URL scanner cache, and ask an AI analyst to categorise the scam.

Is this text a smishing scam?Open
Live
Scanner·Decoded in-browser

QR Code Scanner

Drop a QR image or screenshot — we decode it in your browser (zero upload), then hand any URL to the 15-stage URL scanner before you let your phone open it. Quishing first-line defence.

What does this QR really go to?Open
Live
Generator·Zero-logs

Password Generator

Generate strong, memorable passwords — 100% client-side, zero logs, zero server calls.

Unbreakable passwordsOpen
Live
Checker·Real user reports

Reverse Sender Lookup

Paste a phone or email and see how many people have flagged it. Aggregated from real reports submitted to our SMS and email scanners — verdict, dominant scam pattern, recent activity.

Has anyone reported this number/email?Open
Coming soon
Checker·Breach lookup

BreachRadar

Check email + password exposure across multiple breach databases — with K-anonymity password hashing.

Has your email been pwned?Soon
Coming soon
Analyzer·AI-powered

Fake Review Detector

AI + pattern analysis flags suspicious reviews on Amazon, Trustpilot, Google, and more.

Spot bought praiseSoon
Coming soon
Analyzer

TechStack Checker

Detect frameworks, CMS, analytics, CDN, and ad networks used by any public website.

What's this site built with?Soon
Coming soon
Analyzer·Redirect tracing

Phishing Link Analyzer

Follow redirect chains, detect homograph attacks, and see where suspicious links really lead.

Trace the trapSoon
Coming soon
Checker·CSV export

IOC Bulk Checker

Paste hundreds of IPs, hashes, or domains — get a clean CSV with reputation scores.

Analysts, this one's for youSoon
Common questions

Answered up front.

Nine things people ask most often about these tools. Written as if you're the one pasting a suspicious link at 11pm.

Is MalwareTips Tools really free?
Yes — every scanner on this site is free to use and requires no account. Sign-in only unlocks higher rate limits and the ability to comment on reports. We don't sell data, we don't run ads, and the community has funded the forum since 2011.
How is this different from VirusTotal?
We cross-check URLs and files against 70+ AV engines plus URLScan's sandbox, Google Safe Browsing, AbuseIPDB, PhishTank, URLhaus, and an AI analyst that reads engine output in plain English. Reports are permanent, shareable, and optimised for reading rather than dashboards to decode.
Do you store my IP or the content I submit?
IPs are used only for anti-abuse rate limiting — never linked to a scan result. Emails and SMS bodies are SHA-256 hashed before persistence so the same submission from anyone lands on the same cached report. Passwords never leave your browser — the generator runs entirely client-side.
What's the Phishing Link Analyzer?
A fast, phishing-tuned URL checker that answers 'is this a phishing page, yes or no' in under 3 seconds. It runs Google Safe Browsing, typosquat detection against a brand list, homoglyph (Cyrillic/Greek lookalike) detection, and 9 URL pattern heuristics. Use it when you need an instant call; use the full URL scanner when you need the forensic deep-dive.
How fast are the scanners?
Phishing Link Analyzer: sub-3s. SMS scanner: under 10s. URL scanner: 20–45s (it waits for URLScan sandbox + AI verdict). File scanner: 30–60s for fresh uploads, instant for files we've seen before. Every scan is cached by content hash so repeat submissions are immediate.
Can I trust the AI analyst?
The AI is one of several signals — never the only one. If 50 AV engines clear a file and the AI disagrees, we flag the disagreement rather than blindly following the model. The AI's job is to explain WHY the signals disagree and categorise the threat (credential harvest, smishing, brand impersonation, etc.), not to override the engines.
Where can I report a false positive?
Every report page has a comment thread — leave a note there. Moderators triage comments and can apply overrides when warranted. For urgent cases, use the forum's 'Malware Analysis' section where staff research false-positive claims and contact the relevant AV vendor.
Can I use these tools as a bulk API?
Bulk scanning is on the roadmap. Today the scanners are designed for one-at-a-time interactive use with rate limits that respect shared infrastructure. If you need bulk access for research or a SOC workflow, open a thread on the forum — we work directly with members who have legitimate need.
How does the community fit in?
MalwareTips has been a malware-research forum since 2011 with over 100,000 members trading samples, running manual analysis, and reporting scams. These tools surface the signal the community already produces — every scan is a contribution back to a shared corpus.
Why this exists

Security shouldn't cost anything.

Most security tools are paywalled, ad-poisoned, or quietly harvest what you paste. These aren't. They're free, ad-free, and their logic is open to inspection. We're a community, not a funnel.

Private by default

We don't store your IP against any scan. Password checks never leave your browser. Nothing about you is sold.

Multi-signal verdicts

Every answer is cross-checked across 70+ AV engines and an AI analyst — not one opinion dressed up as many.

Built by the community

Ten years of malware research from the MalwareTips forums. Every tool here exists because members needed it.

Join us

The hunters have a forum.

Over 100,000 members trade malware samples, scam reports, and field-tested defense. Free to join. Been running since 2011.

Create a forum accountBrowse the forum