90+ engines · AI analyst · sandbox render

Is this website a scam?

One URL in. One clear verdict out. We cross-check 90+ antivirus engines, render the page in a sandbox, run an AI analyst against open-web evidence, and tie it all together into an answer you can actually act on. Typical result in 20–45 seconds. Free. No account.

90+ AV enginesSandbox renderAI verdictNo IP storedCached 24h — instant on repeat
Free · 20 scans / hour·Results cached 24h·We never store your IP in results
Cross-checked against
Google Safe BrowsingVirusTotalURLScanPhishTankURLhausOpenPhishAbuseIPDBSpamhausCloudflare RadarTrancoGoogle Safe BrowsingVirusTotalURLScanPhishTankURLhausOpenPhishAbuseIPDBSpamhausCloudflare RadarTranco
How a scan flows

From URL to verdict in 20–45 seconds.

No dashboards. No tables. Just the pipeline that turns a pasted link into a clear answer with receipts.

Threat engines
95+ AV + blacklist networks
Sandbox render
Full visual capture
Open-web research
Reviews, press, scam reports
AI analyst
Multimodal reasoning
Verdict
Human-readable, shareable
What we analyze

Six layers of signal. One clear answer.

Most URL scanners throw raw data at you and call it a day. We do the synthesis — so you get an answer you can act on, not a dashboard you have to decode.

01

Threat intelligence

Cross-checked across 90+ antivirus engines and real-time blacklists. If it's known-bad, we surface it in seconds.

02

Visual inspection

We render the page in a sandbox and a vision model looks at what an ordinary visitor would see — layout, logos, deception.

03

Open-web research

An AI agent searches reviews, press, scam reports and brand mentions on the public web before weighing in.

04

Domain history

Registration age, owner privacy, expiry, registrar — the boring details that quietly unmask most scams.

05

Encryption

Certificate validity, issuer, protocol, self-signing. A green padlock is the floor, not the ceiling.

06

AI synthesis

A multimodal reasoning model weighs every signal and issues a single clear verdict — with its work shown.

What you get back

A report, not a dashboard.

Here's a live report from the last malicious URL a visitor scanned. Click through to see the full forensic view.

Scanner FAQ

Things people ask

Seven common questions about the URL scanner specifically.

Is paste-and-go safe? Can I trust it with a link I think is a scam?
Yes. We never execute the URL on your machine — scanning happens in sandboxed infrastructure on our side. Your IP is not stored against the scan; it's used only for anti-abuse rate limiting and discarded once the quota window passes.
Why does it take 20–45 seconds?
Three of the six layers are genuinely slow: spinning up a URLScan sandbox to render the page (7–15s), getting vendor verdicts back from ~90 AV engines (variable, up to 20s), and the AI analyst doing open-web research (5–10s). We run them in parallel and tail-latency-cap each one so a single slow source doesn't hold up the rest.
Is the scan cached?
Yes. Every URL's verdict is cached by host for 24 hours by default, with tier-aware TTLs — phishing verdicts cache longer (30 days), inconclusive results cache briefly (6h) so they can be re-examined. Scanning a URL that's been scanned in the last day returns instantly.
Should I use this or the Phishing Link Analyzer?
If you just need a yes/no on whether a link is phishing, the Phishing Link Analyzer is 10× faster (sub-3s). Use this full scanner when you want the forensic deep-dive — AV engine consensus, sandbox render, domain-history context, brand reputation — or when the fast check returns suspicious and you want a second opinion.
Can I scan a URL behind a login or paywall?
The sandbox render will see whatever an unauthenticated visitor sees — usually the login wall or paywall page. That's useful for catching credential-harvest pages, but it means we can't scan content behind auth. For paywalled-only threats, attach a screenshot to the report comment thread and moderators can weigh in.
What if I disagree with the verdict?
Every report page has a comment thread — leave a note there. Moderators triage comments and can apply overrides when warranted. For suspected false positives, we cross-check against the AV vendor's own database and reach out if the misclassification is clear-cut.
Is there a bulk API or rate limit?
Guests get 20 scans per hour; signed-in members get higher quotas. A bulk API is on the roadmap — today the scanner is designed for one-at-a-time interactive use. If you need bulk access for research or SOC work, open a forum thread and we'll work with you directly.
Ready when you are

Run it. It's free.

20 scans per hour for guests. Results cached for 24 hours. Your IP is never stored against a scan.

Free · 20 scans / hour·Results cached 24h·We never store your IP in results