Free & Instant

Detect threats before they catch you

Scan URLs, emails, files, and domains for threats. 7+ security checks per tool, zero sign-up, completely free.

Paste any URL. We analyze it in real-time without visiting from your device.

Enter the fields from your email client's "Show Original" / "View Headers" view.

Check if your email has been exposed in data breaches. Powered by Have I Been Pwned.

We send a k-anonymity hash prefix to HIBP. Your full email never leaves this page.

Scan 8 data broker sites for your personal info. Get step-by-step opt-out instructions for each listing found.

Scans 8 brokers (~20 seconds). We don't store any personal information.

Check if a file is malicious by its hash. Powered by VirusTotal (70+ antivirus engines).

Get a file hash: Windows: certutil -hashfile file.exe SHA256 · Mac/Linux: sha256sum file

Comprehensive domain security audit. Checks DNS, email auth (SPF/DMARC), TLS, WHOIS, security headers, and threat intelligence.

Enter a domain name without http:// — we check DNS, certificates, headers, and more.

Upload a QR code image to extract and analyze the URL inside. Detects phishing QR codes ("quishing") before you scan them with your phone.

Drop a QR code image here or click to upload

Supports PNG, JPG, GIF. All processing happens in your browser — images never leave your device.

How It Works

Comprehensive threat detection in seconds

Step 1

🔍

Input

Paste a URL, email headers, file hash, domain name, or upload a QR code image.

Step 2

🔬

Analyze

Our servers run parallel checks: DNS, TLS, content scanning, VirusTotal, domain age, headers, and more.

Step 3

🛡

Results

Get a clear risk score with detailed breakdown. 7 tools, zero sign-up, always free.

What We Check

Every scan runs these security checks automatically

🔗

URL Decomposition

Scheme, domain, path, params. Flags suspicious TLDs, IP addresses, and homograph attacks.

🌐

DNS Resolution

Resolves A/AAAA records, identifies hosting providers, checks reverse DNS.

🔒

TLS Certificate

Validates certificates. Flags expired, self-signed, and mismatched certs.

🔁

HTTP Response

Follows redirect chains, audits 7 security headers, captures status codes.

📄

Content Scan

Regex scan for password fields, external forms, executable links, obfuscated JS, urgency language.

📋

Domain Registration

RDAP lookup for registrar, creation date, and domain age. New domains are high risk.

🚨

Threat Intelligence

Cross-references VirusTotal and Google Safe Browsing databases.

✉

Email Authentication

SPF, DMARC, and MX record validation. Header consistency and spoofing detection.

🔒

Breach Check (Pwned)

Checks emails against Have I Been Pwned for data breaches and paste exposures. See exactly what was leaked.

👁

Data Broker Opt-Out

Scans 8 data broker sites for your personal info. Step-by-step removal instructions with direct opt-out links.