Got a link that feels off? Don't click it. Paste it here first. Our AI analyzes the domain, structure, and known threat patterns — and tells you whether it's safe before you risk a click.
scamanot.com — url safety checker
Works with full URLs, shortened links, and bare domains.
🔒 URLs you submit are never stored, visited, or shared. Analysis is performed server-side and the URL is discarded immediately after your result is returned.
Results are for informational purposes only. Scamanot does not guarantee the safety or legitimacy of any URL.
URL never visited by us
Analysis server-side only
No account required
Cloudflare protected
Know What You're Looking At
How scammers hide in plain sight.
Phishing URLs are designed to look legitimate at a glance. Here's how to read a URL — and the tricks scammers use to fool you.
Actual domain — always after the last dot before the first slash
Path — can be designed to look official
The real domain is always what appears immediately before the first / — not what scammers write before it. In the example above, PayPal has nothing to do with this URL.
Brand names in the subdomain
`paypal.evil.com` — PayPal is the subdomain, not the domain. The real site is evil.com.
Misspelled domains
`arnazon.com`, `paypa1.com`, `g00gle.com` — one character off from a trusted brand.
Unusual country code domains
`.ru`, `.cn`, `.tk`, `.ml` endings on URLs claiming to be US institutions are a major red flag.
Shortened or masked URLs
bit.ly, tinyurl, t.co — legitimate uses exist, but scammers use them to hide the real destination.
Random character strings
`xK9mP2-verify.com` — newly registered domains with no history, built specifically for one scam campaign.
Urgent path names
`/verify-now`, `/account-suspended`, `/urgent-action` — path names designed to create panic before you look closely.
Common Questions
Before you paste that link.
No — and this is a critical point. Submitting the URL to our checker does not cause your browser to visit it. All analysis is performed server-side through a Cloudflare Worker that examines the URL structure, domain registration, and threat intelligence without ever loading the page in a browser. You are never exposed to the destination.
Yes. Paste the shortened URL exactly as it appeared. Our analyzer resolves shortened links server-side to examine the final destination without exposing you to it — one of the most dangerous features of shortened URLs is that you can't see where they go until it's too late.
Trust your instincts. A clean result means no known threat signals were detected — not that the site is definitively safe. Brand new phishing sites won't yet appear in threat databases. If the context around the link is suspicious (unexpected message, urgency, request for personal info), don't click regardless of our result.
No — and this is one of the most dangerous misconceptions online. HTTPS means the connection is encrypted, not that the site is trustworthy. Scammers routinely use HTTPS on phishing sites. The padlock icon in your browser does NOT mean the site is legitimate. Always check the actual domain, not just the protocol.
Never. Per our Security Policy Framework §3.1, no user search queries — including URLs — are stored in our database. The URL is processed server-side and discarded immediately after your result is generated. We have no record of what you submitted.
The safest way to check a link before clicking is to paste it into a URL safety checker rather than clicking it directly. Scamanot's URL Safety Checker analyzes the domain structure, registration history, and known threat patterns entirely server-side — meaning your browser never visits the destination. You get a clear Likely Safe, Suspicious, or High Risk verdict in seconds, with a plain-English explanation of any red flags found.
The single most important thing to look at in any URL is the domain — the part immediately before the first forward slash. Everything before that can be manipulated by scammers to look legitimate. For example, in paypal-verify.scam-site.com/login, the real domain is scam-site.com — PayPal has nothing to do with it. Other red flags include misspelled brand names, unusual country code endings like .ru or .tk on sites claiming to be US institutions, and random character strings that look auto-generated.
Yes — clicking a malicious link can expose you to harm even without entering any data. Some phishing sites deploy drive-by downloads that install tracking scripts or malware the moment the page loads. Others use pixel tracking to confirm your device is active. The safest approach is always to check the URL before you click, not after. Scamanot's URL Safety Checker analyzes the link server-side so you get the truth without any exposure.
Scammers use shortened URLs specifically because they hide the real destination — you can't see where the link actually goes until it's too late. A shortened URL can make a malicious domain look completely neutral. Scamanot's URL Safety Checker resolves shortened links server-side to examine the final destination before you ever see it, which is one of the most important protections the tool provides. Always treat any shortened URL from an unexpected source as suspicious until verified.
HTTPS only means the connection between your browser and the site is encrypted — it says nothing about whether the site itself is legitimate or trustworthy. Scammers routinely obtain SSL certificates for phishing sites, which gives them the padlock icon in your browser. A secure connection to a fraudulent site is still a fraudulent site. Never use HTTPS status as a trust signal on its own — check the actual domain name carefully and run it through a URL safety checker if anything feels off.
Modern phishing sites can be operational within minutes using automated tools, and many are deliberately designed to exist for only 24 to 72 hours before being abandoned — long enough to capture victims, short enough to evade blacklists. This is why a clean result from any URL checker, including Scamanot, should always be combined with your own judgment. Brand new malicious domains won't yet appear in threat databases. If the context around a link is suspicious — unexpected message, urgency, request for credentials — treat it as high risk regardless of the checker's result.