How does Proofly check if a link is safe?

When you paste a URL, Proofly sends it through the same backend pipeline as our WhatsApp link scanner: Google Web Risk Lookup for known threat types, plus domain heuristics (e.g. typosquatting signals). We do not load the page in your browser.

Does Proofly open or visit my link?

No. The check uses reputation and pattern analysis on the URL string (and related lookups). You should still avoid clicking links you do not trust.

What is Google Web Risk?

Google Web Risk is Google's service for identifying unsafe web resources. Proofly uses it to see if a URL matches known malware, phishing, social engineering, or unwanted software patterns at scan time.

Are there scan limits?

Yes. Anonymous and signed-in users are subject to Proofly's daily rate limits (same as the main demo). If you hit the limit, create a free account or try again the next day.

Can I check links on WhatsApp instead?

Yes. Send the suspicious link to the Proofly WhatsApp number from our website. Pro subscribers get higher throughput; everyone gets the same core threat signals.

URL safety & phishing signals

Free malicious URL checker — paste a link, get a verdict

Check suspicious links before you click. Proofly queries Google Web Risk and runs domain heuristics — same engine as our WhatsApp link scanner — with explainable signals in seconds.

Scan a link now

Live tool

Paste any URL

Include https:// or type a domain — we’ll normalize common formats. You can paste multiple URLs (up to the server limit per scan).

Suspicious link or message snippet

Tip: paste the full string from chat or email — we extract URLs automatically when possible.

Limitations

What this check can (and can’t) do

List-based and heuristic. Results reflect Google Web Risk status at scan time plus Proofly domain heuristics. Brand-new phishing sites may not appear immediately.

Not a guarantee. A “clean” score means we didn’t find matching threat types on the checked signals — not that the destination is trustworthy.

Privacy. Your paste is processed like other Proofly scans (ephemeral handling per our Privacy Policy). Don’t submit secrets or private tokens in the URL bar.

How it works

From paste to verdict

Paste the link

Copy the URL from SMS, WhatsApp, email, or social — or paste a short message; we extract URLs when possible.

Backend threat check

Proofly classifies the input as a link scan and queries Google Web Risk, with extra domain heuristics as a fallback signal.

Read the score & signals

The percentage reflects threat confidence for URL scans. Expand the insight list to see what contributed to the verdict.

Decide safely

Use the verdict alongside context — sender identity, urgency tactics, and whether you expected the link.

Need full media forensics too?

Upload images, video, audio, or documents on the homepage demo — or verify on WhatsApp.

Try the full demo Phishing & fraud hub

FAQ

URL checker — common questions

We run your paste through the URL threat pipeline: Google Web Risk for known malware/phishing/social-engineering/unwanted-software signals, plus domain heuristics. The page is not loaded in your browser.

No. Analysis uses the URL string and reputation services — not a headless browser visit. Still treat unexpected links with caution.

It is Google’s API for unsafe web resources. Proofly uses it to see if your URL matches known threat types at scan time.

Yes — the same rate limits apply as the main site. Log in for account-based quotas or upgrade for higher daily caps.

Yes. Forward the link to our WhatsApp line — you’ll get a conversational flow with the same core detection stack.

No tool can guarantee safety. A low score means no match on checked lists and fewer heuristic warnings at scan time. New or targeted phishing pages may not yet appear on blocklists.