Paste a URL below and find out if it's safe before you click it.
Checking links is a good start, but a VPN adds another layer of protection. It encrypts your traffic so even if you do click something sketchy, you're harder to track.
This tool runs a series of checks on the URL you paste. Everything happens in your browser — nothing is sent to a server. Here's what we look at:
Is the site using HTTPS? Any site still on plain HTTP in 2026 is either ancient or shady. HTTPS doesn't guarantee safety, but its absence is a red flag.
Certain top-level domains (.tk, .ml, .ga, .cf, .gq) are handed out for free and have a long history of abuse. Legitimate sites rarely use them.
We check for misspelled brand names (like "paypa1" instead of "paypal"), login/security-themed paths, and other patterns commonly used in phishing URLs.
Extremely long URLs, excessive subdomains, and unusual characters are all signals that something might be off. Attackers use these tricks to hide the real destination.
Some characters from other alphabets look identical to Latin letters. Attackers use this to create domains that look like "apple.com" but actually point somewhere else entirely.
We follow the URL to see if it bounces through multiple redirects. Legitimate sites usually don't need more than one. Long redirect chains are often used to obscure the final destination.
That's literally why this site exists. Paste the URL above and we'll tell you what we find. No tool is 100% accurate, but we catch the most common tricks used by scammers and phishing sites.
No. Everything runs in your browser. We don't log, track, or store anything you paste in.
No tool can. A site could pass every check here and still serve malware. This catches structural red flags — the stuff visible in the URL itself. Think of it as a first line of defense, not a guarantee.
Don't click it. If you think it might be legit, navigate to the website directly by typing the address yourself. Never trust a link if you're not sure where it came from.