Phishing URL Detector
Analyze any URL for 15+ phishing indicators instantly
Received a suspicious link? Paste it below. Our phishing detector analyzes the URL structure for known phishing tactics — brand impersonation, lookalike domains, IP-based URLs, suspicious TLDs, and more — without your browser ever visiting the site.
What Is a Phishing URL?
A phishing URL is a web address crafted to deceive users into thinking they're visiting a legitimate website — such as a bank, government agency, or popular online service. The goal is to steal login credentials, payment card details, or personal information. Phishing URLs typically impersonate real domains through slight misspellings, added words (like "secure" or "verify"), or lookalike characters.
What Phishing Indicators Does This Tool Check?
IP-based URL — Legitimate businesses use domain names, not raw IP addresses. A URL like http://192.168.1.1/login is a major red flag. Lookalike domains — Common phishing technique replacing letters with similar-looking characters (0 for o, 1 for l, rn for m). Brand keywords in wrong position — "paypal-secure.xyz" uses a brand name to look legitimate while the actual domain is xyz. Suspicious TLDs — Top-level domains like .xyz, .top, .click, .work are heavily used by phishing campaigns due to low cost. Excessive subdomains — Legitimate sites rarely use more than 2 subdomain levels. Encoded characters — URL encoding (%40, %2F) in the domain name is a tactic to confuse automated filters.
What to Do If You Find a Phishing Link
Do not click the link. Run a full safety check using our Website Safety Checker. Report the link to the Anti-Phishing Working Group at [email protected], to Google at safebrowsing.google.com/safebrowsing/report_phish, and to your national cybercrime authority. If you already clicked the link and entered information, change your passwords immediately and contact your bank if payment details were shared.