Back to Blog
Guides

How to Check if a URL Is Safe

URLScans Team
6 min read

Not sure whether a link is trustworthy? The safest way to answer “is this URL safe?” is to check it before you visit — without ever loading the page. Opening a shady link even once can be enough to land on a phishing page or trigger a download, and you don’t always get a chance to back out. This guide shows you how to check if a URL is safe with a free URL checker, what a safety check actually looks at, and how to read a suspicious link yourself.

Check if a URL is safe now

Paste any link and get an instant Safe / Suspicious / Malicious verdict. Free, unlimited, no signup.

How to check if a URL is safe (free, no signup)

Verifying a link takes a few seconds and no account:

  1. Copy the link — don’t click it. Right-click and choose “Copy link address”, or long-press on mobile. Copying is safe; clicking is what puts you at risk.
  2. Open the URL checker (or paste it on the URLScans homepage).
  3. Paste the URL and check it.
  4. Read the verdict. You’ll get a clear Safe, Suspicious, or Malicious result, the score, and the exact reasons behind it.

That’s the whole process — a free URL check that runs against real threat intelligence instead of you gambling on a click.

What a URL safety check looks at

A good URL safety checker does far more than a single blocklist lookup. When you check a link with URLScans, it evaluates the destination across several independent signals:

  • Google Safe Browsing — Google’s database of known malware, phishing, and unwanted-software URLs.
  • PhishTank — a community-verified database of reported phishing pages.
  • Threat-intelligence feeds of known-malicious domains, refreshed daily.
  • Domain age & WHOIS — a domain registered days ago is far more likely to be a scam than one that has existed for years.
  • SSL / HTTPS — whether the site serves a valid certificate over HTTPS (note: a padlock alone does not prove a site is legitimate).
  • Typosquatting & look-alike domains — homoglyph and misspelled hostnames that impersonate a brand you trust.
  • Redirect chains — it follows shorteners and hops to the real destination and checks that, so a link can’t hide where it actually sends you. You can also trace them yourself with the redirect checker.

Because these signals are weighed together, a URL safety check catches risks that any single lookup would miss — and it explains why a link was flagged.

How to read a URL yourself

You can spot a lot before you ever run a check. The trick is knowing which part of a URL actually matters — scammers count on you glancing at the wrong piece.

  • Find the real domain. It’s the part just before the first single slash. In https://paypal.com.secure-login.xyz/verify, the real domain is secure-login.xyznot PayPal.
  • Watch for brand names in subdomains. Anything before the real domain is just a label the attacker chose. paypal.login.example.com is example.com, not PayPal.
  • Look for look-alike characters. paypa1.com (a digit “1”), rnicrosoft.com (“rn” posing as “m”), or accented letters that mimic the real name.
  • Be wary of cheap or brand-new TLDs. Plenty of scams live on .top, .xyz, .zip, or a domain registered this week.
  • Distrust an @ in the URL. In https://[email protected]/login, everything before the @ is ignored — you actually go to evil.site.
  • Expand shorteners. A bit.ly or t.co link hides its destination. Reveal it with the short URL expander, and confirm a look-alike with the typosquatting detector.

Red flags that a URL is not safe

Even a valid-looking link deserves a check when it comes with any of these:

  • Urgency or reward bait — “your account will be suspended”, “you’ve won”, “act within 24 hours”.
  • A credential or login prompt — an unexpected page asking for your password, banking, or payment details.
  • An unexpected download — a link that immediately tries to save an .exe, .apk, .scr, or password-protected .zip.
  • A mismatched domain — the link text says one brand but the real domain (before the first single slash) says something else entirely.

See any of these? Don’t click — check the URL first.

Check a URL on mobile

Most risky links now arrive on a phone — in an email, an SMS, a chat message, or behind a QR code — where the full address is easy to miss. Instead of tapping, long-press the link and choose Copy, then paste it into the URL checker in your mobile browser. It works exactly the same as on desktop, so you can verify a “delivery problem” text or a QR code on a flyer before it ever opens.

Frequently asked questions

How do I check if a URL is safe?

Copy the full link without clicking it, then paste it into a URL checker. URLScans checks the URL against Google Safe Browsing, PhishTank, threat-intelligence feeds, and dozens of signals (domain age, SSL, typosquatting, redirect chains) and returns an instant Safe / Suspicious / Malicious verdict at urlscans.com/url-checker — you never have to visit the page yourself.

Is there a free URL checker?

Yes. URLScans is a free URL checker with no signup and no daily limit. Paste any link at urlscans.com/url-checker and you get an instant verdict with the score and the exact reasons behind it. A free API key (1,000 checks/month, no credit card) is also available at urlscans.com/register.

Can I check a URL without clicking it?

Yes — that is the whole point. You only paste the link; you never load the page. The checker evaluates the URL against threat intelligence and structural signals, so you find out whether it is safe before you are ever exposed to a malicious page or drive-by download.

How do I check if a website is safe on my phone?

Long-press the link in your email, SMS, or chat app and choose Copy, then open urlscans.com/url-checker in your mobile browser and paste it. The checker works the same on mobile as on desktop, so you can verify a link from a text or QR code before you tap it.

What makes a URL unsafe?

A URL is risky when it hides its real destination (shorteners, redirect chains), imitates a trusted brand with a look-alike or subdomain trick, sits on a brand-new or cheap domain, prompts you to log in or download something unexpected, or uses urgency and reward bait. A URL safety checker weighs all of these together instead of relying on one signal.

Check any URL before you visit

Verify any link for phishing, malware, and scams — free and unlimited, no account required.

Check a URL now
    How to Check if a URL Is Safe (Free URL Checker) | URLScans