Is this site safe? What this checker actually tells you
When you're about to click an unfamiliar link or hand over details to a site you don't recognise, the honest question is "has anyone reported this domain as malicious?" This tool answers exactly that: it checks the domain against curated community malware and phishing blocklists — feeds maintained by security researchers who catalogue domains involved in phishing, malware distribution, and scams — and tells you whether it's currently flagged, and by which sources.
What it does not do is declare a site "safe." That distinction is the whole point, and most "safety checker" tools get it dangerously wrong, so let's be clear about it.
Why "not flagged" does not mean "safe"
Blocklists are lagging indicators. A domain only appears on them after someone has encountered it, recognised it as malicious, and reported it — which takes time. A brand-new phishing site set up this morning, or a scam narrowly targeted at a small group, will be invisible to every blocklist for hours or days, even though it's dangerous right now. So a "not found on our blocklists" result means only that — nobody has flagged it yet. It is genuinely useful information, but it is not a clean bill of health, and this tool will never pretend otherwise by stamping a site "safe." Anyone who tells you a website is definitively safe based on a blocklist check is misleading you.
Equally, a domain being flagged is a strong signal to stay away — but even that isn't infallible. Community lists carry occasional false positives, and a domain can linger on a list after the problem behind it was cleaned up. So a flag means "verify carefully before trusting this," not "this is certainly a criminal." We name the sources so you can check their evidence yourself.
How to check if a website is safe — the full picture
Because no single tool is definitive, checking whether a website is safe means weighing several signals together. Use this checker as one input, alongside:
- Blocklist status (this tool) — is the domain reported as malware or phishing by community feeds?
- How old is the domain? Most scam and phishing domains are days or weeks old. Check the registration date with a full WHOIS/RDAP lookup — a domain registered yesterday that's asking for your password deserves deep suspicion.
- Does it use HTTPS with a valid certificate? Not proof of safety (scammers use HTTPS too), but its absence on a site asking for data is a red flag. A lookup shows the certificate details.
- Does the domain name look right? Watch for lookalikes —
paypa1.com,arnazon.com, or unicode homograph tricks. See our guide on homograph attacks. - Is it flagged on email reputation lists? A blacklist check shows whether the domain or its mail server has a poor sending reputation.
- Does anything feel off? Urgency, pressure, requests for unusual payment methods, or too-good-to-be-true offers are classic scam signals no automated tool replaces.
Is this link safe to open?
If you've been sent a link and want to check it before clicking, paste it above — the checker extracts the domain and looks it up. The same rules apply: a clean result means the link's domain isn't currently on the blocklists we check, not that the link is guaranteed harmless. When in doubt, don't click. Navigate to the organisation's website directly instead of following a link from an email or message, especially for anything involving login credentials or payment.