Fast · Phishing-tuned

Is this link phishing?

Paste a suspicious URL. We check Google Safe Browsing, match against typosquats of protected brands, inspect the domain for lookalike characters, and score 9 URL patterns commonly used in phishing. Typical result in under 3 seconds.

Sub-3s verdictNo IP trackedFree · no account9 URL patterns
Need a forensic deep-dive?Open URL Scanner
Fast · typical result in <3s·No storage of your IP against results·For a full engine sweep, use our URL Scanner
The four checks

What we look at, in parallel

Every scan runs all four in parallel. No AI wait, no sandbox, no engine sweep — just the signals that matter for phishing.

01
URL patterns
Punycode, excessive subdomains, IP-in-URL, credential-harvest paths, suspicious TLDs, shorteners, hex soup, and 3 more.
02
Typosquat check
Edit-distance + character substitution against our protected-brand list — catches paypa1, micrcsoft, g00gle, app1e.
03
Homoglyph detection
Mixed-script lookalikes where a Cyrillic а or Greek ο is dressed up as Latin. Punycode gets decoded so you can see it.
04
Google Safe Browsing
Cross-checked against Google's consolidated phishing + malware blocklist — the most authoritative real-time signal we can query in a second.
Deep scan

Want the forensic deep-dive?

The full URL Scanner runs 90+ antivirus engines, a real sandbox render, AI-powered verdict synthesis, and a scam-network cross-reference. 20-45 seconds instead of 3, but catches brand impersonation on freshly-hydrated pages, credential harvesters that look normal at the URL level, and scam-family members the fast check can't see.

Open URL Scanner
Privacy by design

We never store your IP next to the result.

The link is scanned, not you. Results are keyed by a SHA-256 hash of the URL so every visitor hitting the same link sees the same cached report — with no personal identifier attached to it. You can rescan any report without logging in.

/phishing-scan/<64-hex>