Phishing URL Detector

Check any URL for phishing indicators, suspicious patterns, and security red flags before you click.

  1. Home
  2. Hash & Security
  3. Phishing URL Detector

Paste any URL to analyze it for phishing indicators. Analysis is done entirely in your browser.

What Is a Phishing URL Detector?

A Phishing URL Detector is a security tool that analyzes URLs to identify potential phishing attempts. Phishing URLs are designed to trick users into visiting fake websites that look legitimate — often mimicking banks, social media platforms, email services, or payment processors — to steal sensitive information like passwords, credit card numbers, or personal data.

This tool examines URLs for common phishing indicators including:

  • Suspicious TLDs — Free domain zones often abused by phishers (.tk, .ml, .ga, .cf, .gq, .xyz, .top, .club, .work, .bid, .date, .win, .review, etc.)
  • IP address domains — URLs that use raw IP addresses instead of domain names
  • Lookalike domains — Domains that imitate well-known brands using typos, extra words, or alternate TLDs
  • URL shorteners — Services that hide the final destination of a link
  • Excessive subdomains — Multiple subdomains used to disguise the real domain
  • @ symbol in URL — A technique that treats everything before @ as credentials
  • Suspicious keywords — Words like login, verify, update, confirm, secure, and banking in the URL path
  • Missing HTTPS — Non-encrypted connections on login or sensitive pages
  • Non-standard ports — Unusual port numbers that might bypass security filters
  • Hyphen-heavy domains — Excessive hyphens often used to imitate brand names

How to Use This Phishing URL Detector

  1. Paste a URL — Enter or paste the full URL you want to check in the input field. Include the protocol (https://) for the most accurate analysis.
  2. Click Check URL — Press the button to start the analysis. The tool examines the URL entirely in your browser.
  3. Review the results — The tool shows a risk score (0-100) and lists all findings categorized by severity. Green items are normal, yellow items need attention, and red items are strong phishing indicators.
  4. Make an informed decision — Use the results to decide whether to visit the link. If the risk score is high, avoid the URL entirely.

Frequently Asked Questions

Is my URL sent to a server?

No. All analysis is performed locally in your browser using JavaScript. The URL you enter never leaves your device. No data is sent to any external server.

Can this tool guarantee a URL is safe?

No tool can provide 100% guarantee. This detector checks for known phishing patterns and red flags, but sophisticated phishing sites may evade automated detection. Always use your best judgment and check for other signs like poor grammar, urgent language, and unexpected requests for personal information.

What should I do if I find a phishing URL?

If you identify a phishing URL, do not visit it. Report it to the relevant organization being impersonated, and to anti-phishing services like Google Safe Browsing, PhishTank, or the APWG (Anti-Phishing Working Group).

What is the risk score based on?

The risk score (0-100) is calculated based on the number and severity of phishing indicators found. Each indicator has a weighted score — critical indicators like suspicious TLDs and lookalike domains add more weight, while minor indicators like missing HTTPS have less impact. The final score helps you quickly assess the overall risk level.