Skip to main content

Phishing Link Checker

Paste a suspicious URL. We'll cross-reference it against URLhaus, PhishTank, and Google Safe Browsing, run heuristics on the hostname, and give you a verdict before you click.

We never visit the URL with a browser. We only resolve DNS and query public threat feeds, so it's safe to paste a live phish.

What this phishing link checker does (is this link safe?)

This phishing link checker inspects a URL without opening it in a browser. It resolves the hostname, looks at the domain's age and registrar, and cross-references the link against public threat feeds (URLhaus, PhishTank, and Google Safe Browsing) alongside heuristics that flag lookalike and newly registered domains. You get a verdict and the evidence behind it before you click.

Why it matters

Phishing links are how most account-takeover and credential-theft campaigns reach a victim. The dangerous ones are designed to look ordinary, often using a typosquat of a brand you trust. Checking a link in a safe, read-only way lets you make a call without risking the click, which is exactly when a real phishing kit would fire.

How to read the result

A "likely phishing" verdict means the URL appears in a threat feed or matches strong heuristics, so do not click it. "Suspicious" means heuristic red flags worth reading the findings for. A clean result is not a promise of safety: it means no feed hit and no obvious red flag, but a brand-new phishing page may not be in any feed yet. When the stakes are high, sandbox the link rather than trusting a clean result.

Related

Frequently asked questions

Is this link safe to click?

Paste the URL above and this checker cross-references it against URLhaus, PhishTank, and Google Safe Browsing, then runs heuristics on the hostname. It never opens the link in a browser (it only resolves DNS and queries threat feeds), so it is safe to paste a live phishing link.

How do I spot a phishing link?

Look for a hostname that is close to but not exactly a brand you know (a swapped letter, an extra word, or a different extension), a long random path, or a link whose visible text does not match where it actually points. When in doubt, do not click: paste it here first.

Can I check a suspicious email link from Microsoft, Apple, Amazon, or DocuSign?

Yes. Copy the link out of the email without clicking it and paste it here. Brand-impersonation phishing usually sends you to a lookalike domain rather than the real one, which this checker is built to catch.

The link looks clean here, is it definitely safe?

A clean result means the URL is not on the threat feeds we query and shows no obvious red flags, not a guarantee. Brand-new phishing pages can appear before feeds list them. Treat the result as one strong signal and still avoid entering credentials on a site you did not navigate to yourself.


Want ongoing monitoring?

This tool is a one-shot check. PhishFence watches your domain with automated hourly monitoring (daily on Free) for DMARC changes, new lookalike registrations, and spoofing attempts.

Start free monitoring