Phishing Link Checker
Paste a suspicious URL. We'll cross-reference it against URLhaus, PhishTank, and Google Safe Browsing, run heuristics on the hostname, and give you a verdict before you click.
What this phishing link checker does (is this link safe?)
This phishing link checker inspects a URL without opening it in a browser. It resolves the hostname, looks at the domain's age and registrar, and cross-references the link against public threat feeds (URLhaus, PhishTank, and Google Safe Browsing) alongside heuristics that flag lookalike and newly registered domains. You get a verdict and the evidence behind it before you click.
Why it matters
Phishing links are how most account-takeover and credential-theft campaigns reach a victim. The dangerous ones are designed to look ordinary, often using a typosquat of a brand you trust. Checking a link in a safe, read-only way lets you make a call without risking the click, which is exactly when a real phishing kit would fire.
How to read the result
A "likely phishing" verdict means the URL appears in a threat feed or matches strong heuristics, so do not click it. "Suspicious" means heuristic red flags worth reading the findings for. A clean result is not a promise of safety: it means no feed hit and no obvious red flag, but a brand-new phishing page may not be in any feed yet. When the stakes are high, sandbox the link rather than trusting a clean result.
Related
- How DNS-based phishing works, the background behind this check.
- What typosquatting is, the lookalike-domain technique most phishing links rely on.
- WHOIS / RDAP Lookup to see who registered the domain and when.
- Scan your domain to find the lookalike domains an attacker could weaponize against your brand, and get a guided plan to lock them down.
Frequently asked questions
Is this link safe to click?▾
Paste the URL above and this checker cross-references it against URLhaus, PhishTank, and Google Safe Browsing, then runs heuristics on the hostname. It never opens the link in a browser (it only resolves DNS and queries threat feeds), so it is safe to paste a live phishing link.
How do I spot a phishing link?▾
Look for a hostname that is close to but not exactly a brand you know (a swapped letter, an extra word, or a different extension), a long random path, or a link whose visible text does not match where it actually points. When in doubt, do not click: paste it here first.
Can I check a suspicious email link from Microsoft, Apple, Amazon, or DocuSign?▾
Yes. Copy the link out of the email without clicking it and paste it here. Brand-impersonation phishing usually sends you to a lookalike domain rather than the real one, which this checker is built to catch.
The link looks clean here, is it definitely safe?▾
A clean result means the URL is not on the threat feeds we query and shows no obvious red flags, not a guarantee. Brand-new phishing pages can appear before feeds list them. Treat the result as one strong signal and still avoid entering credentials on a site you did not navigate to yourself.
Want ongoing monitoring?
This tool is a one-shot check. PhishFence watches your domain with automated hourly monitoring (daily on Free) for DMARC changes, new lookalike registrations, and spoofing attempts.