// tool reference · Incident & Response
Phishing URL Checker Free
Analyze a single suspicious link for phishing signals.
Open Phishing URL Checker → Engine: /security-tools/phish_url_analyzer
What it does
Statically analyses a URL for phishing indicators. It inspects the string and domain structure — it never visits the link, so checking is safe.
When to use it
- A user forwarded a link and you need a verdict without opening it.
Inputs
Field names are the actual form parameters, verified against source.
| Field | Type | Required | Notes |
|---|---|---|---|
| url | text | required | The suspicious URL. It is analysed, not fetched. |
What you get back
Verdict with per-indicator reasoning.
Worked example
Input
http://secure-login.paypa1.top/verify?account=user@example.com
Output (abridged)
VERDICT: PHISHING — high confidence · Lookalike: 'paypa1' substitutes 1 for l · Suspicious TLD: .top is heavily abused, not used by PayPal · Subdomain lure: 'secure-login.' front-runs the real domain · No TLS on a credential page · Victim address pre-filled in the query string
How it works
Deterministic string and domain analysis. No outbound request is made to the URL.
Privacy
Nothing is stored. The URL is never fetched.
Standards
MITRE ATT&CK (T1566.002)