Free Phishing URL Scanner and Website Screenshot Tool
Check a suspicious URL without opening it directly in your browser. Review the website screenshot, redirect path, domain information, DNS records, forms, scripts, and common phishing indicators.
Analysis results will appear here after scanning.
Scan QR Code
Point your camera at a QR code. Decoding happens locally in your browser.
By submitting a URL, you agree to our Terms and Conditions and Privacy Policy.
Need help understanding the findings? Review the Phishing URL Scanner Result Reference Guide.
What the Phishing URL Scanner Checks
The IT Knowledge Bases phishing scanner analyzes a submitted URL from a remote scanning environment. This allows you to investigate a suspicious link without intentionally loading it on your own workstation.
- Website screenshot: Captures the page so you can review its appearance without visiting it directly.
- Redirect chain: Shows whether the submitted link forwards visitors to another website or domain.
- Login forms: Identifies password fields, form destinations, and forms that submit information to another domain.
- Domain information: Reviews available registration and RDAP details for the destination domain.
- DNS records: Displays records that can help identify the infrastructure behind the website.
- IP information: Provides available hosting, network, geolocation, and autonomous system details.
- Page scripts: Reviews external scripts and selected indicators of potentially obfuscated JavaScript.
- Security headers: Checks for controls such as HTTPS, Content Security Policy, HSTS, and frame protection.
How to Check a Suspicious Link
- Copy the suspicious URL without opening it.
- Paste the complete URL into the scanner.
- Start the scan and allow the remote analysis to finish.
- Review the final destination and redirect chain first.
- Inspect the screenshot, domain details, forms, scripts, and detected indicators.
- Compare the displayed domain with the organization the page claims to represent.
Do not enter passwords, payment details, multifactor authentication codes, or other sensitive information into a suspicious page. A convincing logo or familiar login screen does not prove that a website is legitimate.
How to Interpret the Scan Results
No single finding proves that a URL is malicious. The results are designed to help you investigate several signals together.
- A redirect to an unrelated domain may indicate tracking, link masking, or phishing.
- A login form that submits credentials to a different domain deserves additional investigation.
- A recently registered domain can increase concern, especially when combined with impersonation or credential collection.
- Obfuscated scripts can be used legitimately, but they can also make malicious behavior harder to review.
- Missing security headers do not automatically make a website malicious.
- A low-risk result does not guarantee that a website is safe.
For explanations of individual fields, severity levels, and indicators, use the scanner result reference guide.
Common Reasons to Scan a URL
- An unexpected Microsoft 365, Google, banking, shipping, or password-reset message
- A shortened URL that hides its final destination
- A QR code that opens an unfamiliar website
- A link sent through email, SMS, Teams, Discord, or social media
- A domain that resembles a legitimate company but contains misspellings or extra words
- A login page hosted on an unrelated domain
Related Phishing Investigation Tools
Use these tools to continue your investigation:
- Microsoft Safe Links Decoder — Extract the original destination from a rewritten Microsoft Safe Link.
- DNS Lookup — Review common DNS records for a domain.
- RDAP Domain Lookup — Review available domain registration information.
- IP Geolocation Lookup — Review available network, ISP, ASN, and location information.
Phishing URL Scanner Limitations
This scanner is an investigation aid, not a guarantee that a website is safe or malicious. Some pages behave differently based on location, browser type, cookies, authentication state, device type, or the time of the visit. A website may also change after the scan is completed.
Do not rely on one automated score when making a security decision. For business or organizational incidents, preserve the original message and follow your incident-response or security-escalation process.
Frequently Asked Questions
Can I check a link without opening it?
Yes. Paste the URL into the scanner rather than navigating to it directly. The remote scanner attempts to load and analyze the destination on your behalf.
Does a low-risk result mean the website is safe?
No. A low-risk result means that the scan did not identify enough supported indicators to assign a higher risk level. It is not proof that the website is trustworthy.
Can the scanner detect every phishing website?
No automated scanner can detect every phishing website. Attackers can hide content, restrict access, delay malicious behavior, or show different pages to different visitors.
Should I submit private or authenticated URLs?
Do not submit URLs containing passwords, access tokens, session identifiers, private document links, or other confidential information. Remove sensitive query-string values before submitting a URL whenever possible.
Support the Development of ITKB Tools
This scanner is independently developed and maintained by IT Knowledge Bases. You can support continued development through Buy Me a Coffee or by using our affiliate links.
Affiliate disclosure: IT Knowledge Bases may earn a commission from qualifying purchases made through affiliate links, at no additional cost to you.