← Back to Tools

🎣 Phishing URL Analyzer

Analyze any URL for structural phishing signals — no HTTP request is made to the target site. Safe to use on suspicious links.

🔒

Analysis is done on the URL string only — your browser never connects to the target. No request is made to the suspicious site, so there is no risk of loading malware or tracking pixels.

Paste any URL — analysis is done on the URL structure only. No HTTP request is made to the target.

🕵️ Spot the Scam — URL Quiz

Can you tell which URL is the phishing link? Click to reveal.

📚 How Phishing URLs Work — Attacker Techniques

Lookalike domains

Attackers register domains that look like real brands: paypa1.com (the l is a 1), paypal-secure.com, or account.paypal.phishing.com (the brand is in the subdomain, not the domain).

IDN Homograph attacks

Unicode characters can look identical to ASCII. Cyrillic "а" (U+0430) is visually indistinguishable from Latin "a" (U+0061). A domain like pаypal.com (Cyrillic а) is a completely different domain to paypal.com.

@ trick

In a URL, everything before @ is treated as credentials, not the domain. So https://[email protected] actually goes to evil.com — the browser ignores paypal.com@.

Open redirects

Some legitimate sites accept a destination URL as a parameter: https://trusted.com/go?url=https://evil.com. Attackers use these to craft a link that starts on a trusted domain but sends victims to a phishing page.