Instantly check any URL or domain against real-world threat intelligence databases. Get a trust score, redirect chain analysis, and phishing verdict, no signup required.
The Phishing URL Checker scans any URL or domain against threat intelligence databases, URL heuristics, redirect chains, and domain age signals.
Use it before clicking an unfamiliar link in email, chat, or social media to see if it is known phishing, malware, or a brand impersonation attempt.
Checks OpenPhish, URLhaus, and Google Safe Browsing in one scan.
Follows redirects safely to reveal the final destination URL.
Detects shorteners, suspicious TLDs, brand impersonation, and login keywords.
Synchronous check with no signup, results in seconds.
Paste a full URL (https://...) or bare domain like example.com.
The tool traces the redirect chain to find where the link actually leads.
Checks the URL against OpenPhish, URLhaus, and Google Safe Browsing.
Get a trust score, heuristic signals, and Clean / Suspicious / Phishing / Malware verdict.
Trust scores range from 0 (dangerous) to 100 (clean). Database hits and heuristic risk lower the score.
No known threats found. Heuristic analysis clear, but new phishing pages appear constantly.
Not listed in databases but heuristic signals raised concerns. Verify before visiting.
Listed in threat databases or strong impersonation signals. Do not visit the URL.
0-100 composite score based on threat databases, heuristics, and domain age.
Per-vendor status: Clean, Listed, or Unavailable.
URL-level checks like HTTPS, TLD risk, shortener, brand impersonation.
Each hop in the redirect path with the final destination highlighted.
Paste suspicious links here instead of opening them in your browser.
bit.ly and similar services hide the real destination, always expand and check.
Legitimate login pages use the official domain, not lookalike variants.
Submit flagged URLs to your email provider or national reporting centers.
The checker requires a valid domain (google.com) or full URL. Single words without a TLD are rejected.
The API may be unavailable or rate-limited. Other databases and heuristics still contribute to the score.
No. A site can be compromised after scanning. Re-check if the link came from an unexpected source.
Yes. The tool follows redirects to analyze the final destination.
Recently registered domains are more commonly used for phishing, young domains reduce the trust score.
SenderSignal monitors these signals continuously: 48 blacklists, SPF, DKIM, DMARC, TLS and more, with alerts in Slack, email and signed webhooks.