Hackers often hide malicious domains inside subdomains (e.g., paypal.secure-login.evil.com). Our Anatomy Bar visually deconstructs the link into color-coded blocks. If the Domain block doesn't say the company name you expect, it is a scam.

We utilize a Hybrid Analysis Engine. While your browser checks the text structure, our secure backend (scan_engine.php) pings the target server to analyze Live HTTP Headers, check for hidden redirects, and verify the SSL certificate chain in real-time, resulting in a highly accurate confidence score.

This module checks for Homograph Attacks. Hackers use foreign characters that look like English letters (e.g., a Cyrillic 'a' instead of a Latin 'a') to trick you. If we detect mixed-scripts or "Punycode" (xn--), we flag it immediately as a high-risk impersonation attempt.

Our backend acts as a secure proxy to query multiple threat intelligence feeds simultaneously (including URLhaus and Google Safe Browsing). This ensures we can check the link against millions of blacklisted sites without exposing your IP address to the malicious server.

Yes. We operate on a strict Ephemeral Processing model. The URL is sent to our scanning server solely to perform deep forensic checks (DNS/Headers) that a browser cannot do alone. Once the scan is complete, the data is discarded from memory. We do not store, log, or share your scanned links.

If you paste a link and realize it contains sensitive personal data (like a password reset token) or is highly dangerous, the CLEAR DATA button instantly sanitizes the input fields and disconnects the active session to prevent accidental clicks or shoulder-surfing.