TLDR: You can use Browserling (that I and my team built) to check if a URL is safe or not. We run browsers in the cloud in virtual machines and you get a remote connection to a browser. This way, you can open any bad URLs without the risk of infecting your device as everything runs in this this remote browser.


As the world has become digitally interconnected, the importance of being able to discern between safe and unsafe URLs has never been more relevant. Unsafe URLs can lead to malware infections, phishing attempts, and breaches of personal data. In this article, I'll tell you everything I know about how to distinguish between safe and unsafe URLs and how to use Browserling to spot and avoid these digital landmines.

Understanding the URL structure

Before delving into the signs of an unsafe URL, it's crucial to know the basic parts of a URL. A URL can be broken into seven parts: protocol scheme, subdomain, domain, top level domain (TLD), path, query string, and anchor. Let's look at each part.

Protocol Scheme

This is the initial part of a web address that determines the communication protocol or a program that will be used to open it.

Examples: http, https, ftp, or mailto.

In the URL, it's https, which is secure version of the HTTP protocol used for online communication, ensuring data is encrypted and transmitted safely between a user's device and a website.

Domain Name

The main part of a web address. It's a human-readable address that uniquely identifies a website or online resource.

Examples:,, and

In the URL, it's


This is the optional part before a domain name.

Examples: www, blog, or shop.

In the URL, it's www, which is a commonly used prefix in web addresses, denoting "World Wide Web", and it serves as a standard subdomain for almost all websites.

Top-Level Domain (TLD)

The ending segment of a web address, indicating the domain's type, category or country of origin.

Examples: .com, .org, .net, .it, or .onion.

In the URL, it's .com


A specific page on a website.

Examples: /blog, /account, or /resources/free/downloads.

In the URL, it's /blog, which leads users to the blog section or another page of a website.

Query String

This part starts with a question mark ? and allows sending parameters to a page, and it's often in the format of key=value pairs.

Examples: ?id=123 or ?search=python&sort=date.

In the URL, it's ?q=puppies, which loads the search query for puppies.


An anchor is used to direct you to a specific section of a page.

Examples: #footer or #tools.

In the URL, it's #top-posts, which scrolls the webpage to the top posts section of the blog.

Full URL Example
  • Scheme: https
  • Subdomain: www
  • Domain Name:
  • Top-Level Domain (TLD): .com
  • Path: /blog/post
  • Query String: ?id=123
  • Anchor: #tools

Spotting Unsafe URLs

Here are 15 signs that can help you identify and avoid unsafe URLs.

1. Mismatched URLs

You can hover over a link to see where it leads to. If the hover link doesn't match the URL or the title in the text, be cautious.

Example of a ligature used in place of a letter

The text says "Bank of America" but hover is "" (the letters "rn" are combined together to create a ligature that looks like letter "m").

Example of a number used as a letter

The text says "PayPal" but it hovers as "" (digit "1" is used in place of the letter el - "l").

2. Misspelled Domains

Typos or slight variations of popular domain names can lead to malicious websites.

Example of misspelled Amazon

You search for a book and click on a link that seems to lead to, but a closer look reveals it says (last letter is "m" and not "n").

Example of misspelled Facebook

You try logging into but find yourself at instead (instead of "book", it says "bokk").

3. Unicode characters in URLs

URLs that contain fake Unicode characters pose a great danger.

Example of a homoglyph attack

While searching for a Samsung phone update, you find a link to ѕаmѕung.соm. It turns out this address is fake as it replaces standard characters with visually similar Unicode characters (called homoglyphs).

Example of a Punycode deception

You're searching for a security product and visit but after visiting, your browser shows in the address bar. The real address was sé and the browser converted it to an international domain name (IDN) encoding called Punycode.

4. Unusual Top-Level Domain

Uncommon TLDs that don't align with the site's supposed purpose.

Example of a government website at a .kim domain

Searching for a government service, you stumble upon, which doesn't feel official.

Example of a clothing brand's website at a .horse domain

You're looking for an Italian clothing brand's site but land on, which seems inconsistent with their product line.

5. Excessive Redirects

URLs that send you through multiple sites rapidly.

Example of a fake online deal

You're hoping to snag an online deal at, but you find yourself being bounced between multiple unrelated websites.

Example of a fake movie website

You're trying to watch a movie on but the page keeps shifting and redirecting, never settling on the content you wanted.

6. URL Shorteners

Services that conceal the end destination of a link.

Example of a link

A friend sends you a link (such as and you can't determine its destination.

Example of a link

An email offers a great discount, but the link is a shortened, hiding its true endpoint.

7. Generic Greetings

Emails or messages that come with vague salutations instead of personalized greetings.

Example of an impersonal account update email

An email asks you to update your account details for security reasons with a link reading and an impersonal greeting of Dear valued member (instead of your name).

Example of a lucky visitor popup

A notification pops up, claiming you're a lucky visitor and you've won a prize and urging you to visit with the salutation Hello user (instead of your name).

8. Unsolicited Invitations

Unexpected URLs from known and unknown senders can be suspicious.

Example of an invitation to an unknown photo site

An email from an unknown sender urging you to see an amazing photo at

Example of an invitation to view a PDF file

You receive a message saying a colleague has shared a PDF document on, but you weren't expecting any such thing.

9. Too-Good-To-Be-True Offers

Promising deals or prizes that seem too generous.

Example of a link to huge winnings

An ad claims you can win a million dollars instantly, directing you to

Example of an unexpected prize

You receive an email promising a free top-end smartphone for every form that you fill at

10. Alarmist Messages

Sites that induce panic to make you act quickly.

Example of a popup asking you to act quickly

A pop-up warns of suspicious activity on your account and insists you visit to resolve it or else your account will be suspended.

Example of an alert telling your PC has been infected with a virus

An alert pops up saying your PC has been infected with a virus and asks you to fix your PC by visiting

11. Grammar and Spelling Errors

Mistakes in the URL and link text can indicate deceit.

Example of a login page with a typo

You're trying to access a login page and you find the link reads, with a duplicate letter "el".

Example of a grammar and spelling error in text surrounding the link

You receive an email from an online payment service but it says Varifay, your acount to login, with terrible grammar and spelling errors.

12. Inconsistent Branding

The website's design or URL structure doesn't match the known branding of a reputed entity.

Example of a broken logo on Google's login page

You click on a Google login page, but something feels off. The page URL and the logo is broken.

Example of a fake Apple support page

Seeking Apple support, the site you land on has a web address, which is nicely made, but doesn't align with Apple's official domains.

13. No Contact Information

Absence of genuine contact details on a website.

Example of a fake product support site

Having an issue with a product, you try reaching out via, but the site has just one page and lacks any genuine contact details.

Example of a page with no contact details

Needing customer care, appears to offer support but has no phone number or physical address listed.

14. Unexpected Software Downloads

URLs that initiate unsolicited software or file downloads.

Example of an unexpected download

Hoping to listen to some new music tracks, you click on, only for it to start downloading an unexpected executable file.

Example of a download without your consent

A friend suggests a cool new app, but initiates an unsolicited software download without your consent.

15. Lack of HTTPS

A missing secure protocol can indicate the site isn't encrypted, which can lead to personal data and credit card exposure.

Example of an unsafe banking website

A banking website that doesn't use https: Here instead of https it uses http protocol.

Example of an unsafe payment portal

A secure payments portal that doesn't use HTTPS: Here, again, it uses unsecure http protocol instead of secure https protocol.

How Browserling Can Help You Spot Unsafe URLs

While I dove deep into 15 key signs that can help you identify potentially malicious URLs, it's essential to understand that the digital landscape of unsafe URLs is vast and ever-evolving. In many respects, I've just skimmed the surface of the complex world of cybersecurity threats related to URLs. Fortunately, my service Browserling stands as a bulwark against these diverse threats and offers a secure layer of protection.

What Is Browserling?

Browserling is a web-based service that offers real-time remote access to sandboxed browsers that allow users to run browsers from different operating systems directly in their own browser. As the browsers are sandboxed, the browsing sessions are isolated, making it especially useful for testing potentially unsafe URLs without risking one's own system or data.

Interactive Testing

Browserling isn't just a passive tool. It offers a live and interactive browsing experience that can help security professionals recognize unusual site behaviors, from unexpected redirects to aggressive pop-ups, and other potential red flags not covered in the initial 15 signs.

Cross-Browser Analysis

Cybercriminals sometimes exploit browser-specific and platform-specific vulnerabilities. For example, they might target Chrome version 115 that runs on Windows 10. Browserling's capability to test URLs across multiple browsers and platforms means you're not just looking for general threats, but also those that are browser-specific.

Zero Additional Risks

With no required downloads, installs, or extensions, Browserling ensures that your safety isn't compromised by adding potential vulnerabilities. Every interaction is web-based, keeping a safe distance from potential threats.

Clean State Every Time

Each session with Browserling is temporary and wiped clean after use. This clean up of session data guarantees that no malware, viruses, cookies, or trackers linger post-investigation.

Secure Connections

Browserling prioritizes user data privacy and security with SSL-encrypted connections. This ensures that, while you're investigating a URL, your connection remains invisible to potential eavesdroppers.

Who Uses Browserling?

Browserling has now become the tool of choice for testing link safety and it's used by hundreds of thousands of users around the world every month. Browserling's customers include governments, states, cities, banks, stock exchanges, universities, newspapers, Fortune 100, Fortune 500 companies, and private multi-billion dollar companies.


The scope of unsafe URLs extends far beyond the 15 signs I initially outlined. With Browserling, users are equipped with an advanced tool offering both breadth and depth in analysis and defense against the countless URL-based cyber threats. Give it a try and browse safe!