Loading…
Paste raw email source. We parse headers, check SPF/DKIM/DMARC results, extract URLs, and compute a risk score. URLs link straight into the IOC checker.
Paste a suspected phishing URL. The page content is fetched server-side, then a structural fingerprint (stripped of text/scripts/styles) is hashed in your browser. The hash and the submitted URL are sent to aggregate sightings; the URL is retained for up to 30 days and may be shown to others as a sample URL.
Enter a URL to fetch and scan for phishing indicators — form extraction, password fields, suspicious keywords, scripts/iframes, external links, DNS resolution, and auto risk score.
11 more articles also backlink to this tool — browse the full wiki.