Scan URLs, domains and IP addresses

Malicious links are everywhere: in text messages pretending to be your bank, in emails about parcels you never ordered, in ads at the top of search results, and in shortened URLs that hide their true destination. The whole point of a phishing link is to look trustworthy. Scanning it removes the guesswork.

What a URL scan reveals

When you paste a link, domain or IP into the scanner, it analyses the destination server-side — so you never have to load it yourself. The report surfaces:

• Reputation. Whether the address has been reported for phishing, malware distribution, spyware command-and-control, or aggressive tracking.
• Host and domain detail. Where the site is hosted and, where available, how old the domain is. Brand-new domains impersonating established brands are a major red flag.
• Suspicious patterns. Risky top-level domains, look-alike spellings, and tell-tale phrases like "verify-account" or "secure-update" in the path.
• A risk score and verdict from 0 to 100, plus which engines flagged it and why.

The anatomy of a dangerous link

Once you know what to look for, many malicious links betray themselves:

• Look-alike domains. paypa1.com, app1e-id.com, amaz0n-support.net — a swapped letter or an extra word is the oldest trick in the book.
• Odd top-level domains. Free or cheap TLDs like .tk, .top, .xyz, .gq and .click are disproportionately used for abuse.
• Urgent, fear-driven paths. URLs containing "account-locked", "login-verify" or "free-gift" are engineered to make you act before you think.
• Shorteners hiding the real address. A bit.ly or tinyurl link could point anywhere — scan it to expand and inspect the true destination.

Why scanning beats "just being careful"

Even security-conscious people get caught, because modern phishing is convincing and arrives at vulnerable moments — a fake delivery text while you are expecting a parcel, a "suspicious login" alert when you are already worried about security. A scanner does not get tired or rushed. It checks the address against current threat data dispassionately, every time.

Domains, IPs and the bigger picture

You can scan more than full URLs. Enter a bare domain to check a site's overall reputation, or an IP address to investigate a server you have seen in logs or network alerts. This is invaluable for anyone triaging suspicious activity — a strange connection in your firewall logs, an unfamiliar host your phone keeps contacting, or a domain referenced in a phishing email's headers.

What to do with the result

1. Malicious or suspicious? Do not visit the link, do not enter any credentials, and report the message that contained it.
2. Already clicked and entered a password? Change that password immediately from a different device and enable two-factor authentication.
3. Clean but you are still unsure? Trust your instincts — a clean verdict means no known threat, not a guarantee. When in doubt, navigate to the real site directly instead of through the link.

Part of a connected defence

Link scanning pairs naturally with file scanning — many attacks start with a link that leads to a malicious download. And every URL you check feeds the community database, so reporting a bad link protects thousands of other people. Start with a single scan and see what a link is really hiding.