Phishing URL Checker: is this link safe to open?A phishing link is a web address that impersonates a trusted site to steal passwords, payment details or install malware.
Paste a link to see the structural red flags in the address itself and whether Google Safe Browsing has it listed. A clean result is never a promise that a link is safe, and this page is honest about what it cannot see.
This checker reads the link two ways: it inspects the address for known tricks (a look-alike domain, a raw IP, a hidden redirect, a shortener) and it asks Google Safe Browsing whether the URL is on its phishing or malware list. It then gives one of four honest verdicts. It does not open the page, follow the link, or scan the file behind it, so treat a clean result as "no obvious red flags", not "safe".
What this tool checks
Two things. First, the structure of the link itself: whether the domain is a punycode look-alike, a raw IP address, a link with credentials stuffed before the "@", a URL shortener that hides the real destination, a stack of subdomains built to look like a trusted brand, or an unusually long, heavily encoded address. Second, reputation: the URL is sent to Google Safe Browsing, which returns whether it appears on its list of phishing (social engineering) or malware pages. The tool combines both into a single verdict.
What it cannot tell you
No checker can promise a link is safe, and this one says so plainly. It cannot open the page or read its content, so a convincing fake with a clean-looking address can still pass. A brand-new phishing page is often not on any blocklist yet. It does not follow shortened links or redirects to their final destination. So a result of "no red flags found" means exactly that, not "this is safe to trust with your password".
How to tell if a link is safe yourself
The tool is a second opinion, not a substitute for judgement. Before you click, hover over the link and read the real domain from right to left: the true site is the part just before the first single slash. Be wary of look-alike spellings, extra words bolted onto a known brand, and links that arrive unexpectedly or push you to act fast. When a message claims to be from a bank, retailer or employer, open the site yourself from a bookmark or a search rather than the link you were sent. The how to tell if a link is safe guide walks through the full checklist.
Already clicked the link?
If you have already opened a link you now suspect, do not panic, but act promptly: disconnect if a download started, change the password for any account you entered credentials into (and anywhere you reused it), and turn on two-factor authentication. The step-by-step guide for what to do after clicking a phishing link covers it in order.
Phishing link checker FAQ
Can you tell me for certain whether a link is safe?
No, and be suspicious of any tool that claims it can. This checker surfaces structural red flags and reports whether Google Safe Browsing has the URL listed. Both are useful signals, but a clean result is not a guarantee: a new phishing page may not be listed yet, and no automated check can read intent from a page it never opens.
What counts as a red flag in the link?
Deterministic facts about the address: a punycode domain that can imitate a real one, a raw IP address instead of a name, credentials placed before the "@", a URL shortener that hides where the link really goes, many stacked subdomains, or an unusually long or heavily encoded URL. None of these prove phishing on their own, but each is worth a second look.
Does the checker visit the link?
No. It parses the address and sends the URL to Google Safe Browsing as data. It never opens a connection to the site, so it cannot be used to load a malicious page, and it does not follow shortened links or redirects to their destination.
It says no red flags were found. Is the link safe?
It means the address has no obvious structural warning signs and, if reputation was checked, the URL is not currently on Google Safe Browsing’s list. That is reassuring but not proof. If the message still feels off, or asks for a password or payment, treat the link as suspect and reach the site yourself instead.
I already clicked. What should I do?
Change the password for any account whose credentials you entered, and anywhere you reused that password, then enable two-factor authentication. If a file downloaded, do not open it and run a malware scan. Watch for unexpected sign-in alerts. The guide on what to do after clicking a phishing link has the full checklist.