TLDR: You can use Browserling (that I and my team built) to check if a URL is safe or not. We run browsers in the cloud in virtual machines and you get a remote connection to a browser. This way, you can open any bad URLs without the risk of infecting your device as everything runs in this this remote browser.
As the world has become digitally interconnected, the importance of being able to discern between safe and unsafe URLs has never been more relevant. Unsafe URLs can lead to malware infections, phishing attempts, and breaches of personal data. In this article, I'll tell you everything I know (I have 20 years of experience in web security) about how to distinguish between safe and unsafe URLs and how to use Browserling to spot and avoid these digital landmines.
Understanding the URL structure
Before delving into the signs of an unsafe URL, it's crucial to know the basic parts of a URL. A URL can be broken into seven parts: protocol scheme, subdomain, domain, top level domain (TLD), path, query string, and anchor. Let's look at each part.
This is the initial part of a web address that determines the communication protocol or a program that will be used to open it.
In the URL
https, which is secure version of the HTTP protocol used for online communication, ensuring data is encrypted and transmitted safely between a user's device and a website.
The main part of a web address. It's a human-readable address that uniquely identifies a website or online resource.
In the URL
This is the optional part before a domain name.
In the URL
www, which is a commonly used prefix in web addresses, denoting "World Wide Web", and it serves as a standard subdomain for almost all websites.
Top-Level Domain (TLD)
The ending segment of a web address, indicating the domain's type, category or country of origin.
In the URL
A specific page on a website.
In the URL
/blog, which leads users to the blog section or another page of a website.
This part starts with a question mark
? and allows sending parameters to a page, and it's often in the format of
In the URL
?q=puppies, which loads the search query for puppies.
An anchor is used to direct you to a specific section of a page.
In the URL
#top-posts, which scrolls the webpage to the top posts section of the blog.
Full URL Example
- Domain Name:
- Top-Level Domain (TLD):
- Query String:
Spotting Unsafe URLs
Here are 15 signs that can help you identify and avoid unsafe URLs.
1. Mismatched URLs
You can hover over a link to see where it leads to. If the hover link doesn't match the URL or the title in the text, be cautious.
Example of a ligature used in place of a letter
The text says
Bank of America but hover is
bankofarnerica.com (the letters "rn" are combined together to create a ligature that looks like letter "m").
Example of a number used as a letter
The text says
PayPal but it hovers as
paypa1.com (digit "1" is used in place of the letter el - "l").
2. Misspelled Domains
Typos or slight variations of popular domain names can lead to malicious websites.
Example of misspelled Amazon
You search for a book and click on a link that seems to lead to
amazon.com, but a closer look reveals it says
amazom.com (last letter is "m" and not "n").
Example of misspelled Facebook
You try logging into
facebook.com but find yourself at
facebokk.com instead (instead of "book", it says "bokk").
3. Unicode characters in URLs
URLs that contain fake Unicode characters pose a great danger.
Example of a homoglyph attack
While searching for a Samsung phone update, you find a link to
ѕаmѕung.соm. It turns out this address is fake as it replaces standard characters with visually similar Unicode characters (called homoglyphs).
Example of a Punycode deception
You're searching for a security product and visit
security.com but after visiting, your browser shows
xn--scurity-w4a.com in the address bar. The real address was
sécurity.com and the browser converted it to an international domain name (IDN) encoding called Punycode.
4. Unusual Top-Level Domain
Uncommon TLDs that don't align with the site's supposed purpose.
Example of a government website at a .kim domain
Searching for a government service, you stumble upon
GovernmentAgency.kim, which doesn't feel official.
Example of a clothing brand's website at a .horse domain
You're looking for an Italian clothing brand's site but land on
ItalianBrand.horse, which seems inconsistent with their product line.
5. Excessive Redirects
URLs that send you through multiple sites rapidly.
Example of a fake online deal
You're hoping to snag an online deal at
greatoffer90.com, but you find yourself being bounced between multiple unrelated websites.
Example of a fake movie website
You're trying to watch a movie on
freemoviesnow.com but the page keeps shifting and redirecting, never settling on the content you wanted.
6. URL Shorteners
Services that conceal the end destination of a link.
Example of a bit.ly link
A friend sends you a
bit.ly link (such as
bit.ly/XXXXX and you can't determine its destination.
Example of a tinyurl.com link
An email offers a great discount, but the link is a shortened
tinyurl.com/XXXXX, hiding its true endpoint.
7. Generic Greetings
Emails or messages that come with vague salutations instead of personalized greetings.
Example of an impersonal account update email
An email asks you to update your account details
for security reasons with a link reading
accountupdate.com and an impersonal greeting of
Dear valued member (instead of your name).
Example of a lucky visitor popup
A notification pops up, claiming you're a lucky visitor and you've won a prize and urging you to visit
surprisewin.com with the salutation
Hello user (instead of your name).
8. Unsolicited Invitations
Unexpected URLs from known and unknown senders can be suspicious.
Example of an invitation to an unknown photo site
An email from an unknown sender urging you to see an amazing photo at
Example of an invitation to view a PDF file
You receive a message saying a colleague has shared a PDF document on
seemyresume.net, but you weren't expecting any such thing.
9. Too-Good-To-Be-True Offers
Promising deals or prizes that seem too generous.
Example of a link to huge winnings
An ad claims you can win a million dollars instantly, directing you to
Example of an unexpected prize
You receive an email promising a free top-end smartphone for every form that you fill at
10. Alarmist Messages
Sites that induce panic to make you act quickly.
Example of a popup asking you to act quickly
A pop-up warns of suspicious activity on your account and insists you visit
urgent-account-alert.com to resolve it or else your account will be suspended.
Example of an alert telling your PC has been infected with a virus
An alert pops up saying your PC has been infected with a virus and asks you to fix your PC by visiting
11. Grammar and Spelling Errors
Mistakes in the URL and link text can indicate deceit.
Example of a login page with a typo
You're trying to access a login page and you find the link reads
officiall-login.com, with a duplicate letter "el".
Example of a grammar and spelling error in text surrounding the link
You receive an email from an online payment service but it says
Varifay, your acount to login, with terrible grammar and spelling errors.
12. Inconsistent Branding
The website's design or URL structure doesn't match the known branding of a reputed entity.
Example of a broken logo on Google's login page
You click on a Google login page, but something feels off. The page URL
google-securelogin.com and the logo is broken.
Example of a fake Apple support page
Seeking Apple support, the site you land on has a web address
applesupports.org, which is nicely made, but doesn't align with Apple's official domains.
13. No Contact Information
Absence of genuine contact details on a website.
Example of a fake product support site
Having an issue with a product, you try reaching out via
contactsupportnow.com, but the site has just one page and lacks any genuine contact details.
Example of a page with no contact details
Needing customer care,
customercareinfo.net appears to offer support but has no phone number or physical address listed.
14. Unexpected Software Downloads
URLs that initiate unsolicited software or file downloads.
Example of an unexpected download
Hoping to listen to some new music tracks, you click on
freemusicdownloader.com, only for it to start downloading an unexpected executable file.
Example of a download without your consent
A friend suggests a cool new app, but
getthisappnow.com initiates an unsolicited software download without your consent.
15. Lack of HTTPS
A missing secure protocol can indicate the site isn't encrypted, which can lead to personal data and credit card exposure.
Example of an unsafe banking website
A banking website that doesn't use https:
http://yourbanklogin.com. Here instead of
https it uses
Example of an unsafe payment portal
A secure payments portal that doesn't use HTTPS:
http://secure-paymentportal.com. Here, again, it uses unsecure
http protocol instead of secure
How Browserling Can Help You Spot Unsafe URLs
While I dove deep into 15 key signs that can help you identify potentially malicious URLs, it's essential to understand that the digital landscape of unsafe URLs is vast and ever-evolving. In many respects, I've just skimmed the surface of the complex world of cybersecurity threats related to URLs. Fortunately, my service Browserling stands as a bulwark against these diverse threats and offers a secure layer of protection.
What Is Browserling?
Browserling is a web-based service that offers real-time remote access to sandboxed browsers that allow users to run browsers from different operating systems directly in their own browser. As the browsers are sandboxed, the browsing sessions are isolated, making it especially useful for testing potentially unsafe URLs without risking one's own system or data.
Browserling isn't just a passive tool. It offers a live and interactive browsing experience that can help security professionals recognize unusual site behaviors, from unexpected redirects to aggressive pop-ups, and other potential red flags not covered in the initial 15 signs.
Cybercriminals sometimes exploit browser-specific and platform-specific vulnerabilities. For example, they might target Chrome version 115 that runs on Windows 10. Browserling's capability to test URLs across multiple browsers and platforms means you're not just looking for general threats, but also those that are browser-specific.
Zero Additional Risks
With no required downloads, installs, or extensions, Browserling ensures that your safety isn't compromised by adding potential vulnerabilities. Every interaction is web-based, keeping a safe distance from potential threats.
Clean State Every Time
Each session with Browserling is temporary and wiped clean after use. This clean up of session data guarantees that no malware, viruses, cookies, or trackers linger post-investigation.
Browserling prioritizes user data privacy and security with SSL-encrypted connections. This ensures that, while you're investigating a URL, your connection remains invisible to potential eavesdroppers.
Who Uses Browserling?
Browserling has now become the tool of choice for testing link safety and it's used by hundreds of thousands of users around the world every month. Browserling's customers include governments, states, cities, banks, stock exchanges, universities, newspapers, Fortune 100, Fortune 500 companies, and private multi-billion dollar companies.
The scope of unsafe URLs extends far beyond the 15 signs I initially outlined. With Browserling, users are equipped with an advanced tool offering both breadth and depth in analysis and defense against the countless URL-based cyber threats. Give it a try and browse safe!