Malicious URLs deliver over 90% of cyberattacks (Verizon DBIR 2025). One wrong click can install malware, steal credentials, or drain accounts. This guide covers every free method to check a URL before clicking.
Have a suspicious link? Paste it into IsThisAScam.to for a comprehensive free safety check.
Manual URL Analysis
Read the Domain
- Subdomain tricks:
amazon.com.fake-site.xyz— real domain is fake-site.xyz - Typosquatting:
arnazon.com,paypa1.com,go0gle.com - Homograph attacks: Cyrillic characters that look identical to Latin letters
Check Protocol
HTTPS does not mean safe — 83% of phishing sites use it. But HTTP on any login or payment page is an immediate red flag.
Got a suspicious email?
Paste it here for an instant analysis.
Free · No signup required · Cmd+Enter to scan
Free URL Checking Tools
IsThisAScam — most comprehensive. 6-layer detection: domain age, SSL, content patterns, threat databases, AI detection. isthisascam.to.
Google Safe Browsing — transparencyreport.google.com. Only catches already-flagged sites. See limitations.
VirusTotal — 70+ vendor databases. Good for known threats. See VirusTotal guide.
URLVoid — 30+ blacklist engines plus domain data.
PhishTank — community-verified phishing database.
Norton Safe Web — Norton's threat intelligence.
URL Expanders for Shortened Links
CheckShortURL.com, Unshorten.it, GetLinkInfo.com — reveal destinations hidden by bit.ly, tinyurl, etc.
Browser Protection
Enable Enhanced Protection in Chrome, phishing protection in Firefox, SmartScreen in Edge. Layer these with dedicated tools. See best Chrome security extensions.
Common Malicious URL Patterns
microsoft-365-login.secure-verify.com— domain is secure-verify.combit.ly/3xK9pRz— shortened links in "official" emails192.168.1.100/paypal/login.html— IP address instead of domain
When in doubt, type the address yourself instead of clicking.
Received something suspicious? Check it now for free →