Frequently asked questions

LinkThreatScan is a free online security scanner that analyses any URL or domain for threats, scams, and vulnerabilities. When you submit a link, we run dozens of checks in parallel — including SSL certificate validation, DNS inspection, global blacklist lookups, open port scanning, HTTP security header analysis, and phishing detection — and combine the results into a single risk score from 0 (clean) to 100 (critical).

Yes. Core scanning is completely free and requires no account. You can scan unlimited URLs without signing up. Our optional Premium plan unlocks advanced features such as a full SSL/TLS breakdown, DNSSEC analysis, open port and vulnerability scanning, PDF export, scan history, and email alerts for monitored domains.

Most scans complete within 15–30 seconds. Some network-level checks — such as port scanning or connecting to slow/geographically distant servers — can take up to 2 minutes. We run all checks in parallel to keep wait times as short as possible.

The risk score is a weighted aggregate of all individual checks. A score of 0–25 is considered Low risk (the site passes most checks), 26–50 is Medium (some anomalies detected, proceed with caution), 51–75 is High (significant red flags present), and 76–100 is Critical (strong indicators of phishing, malware, or fraud). Each contributing check is displayed individually so you can see exactly what influenced the score.

LinkThreatScan queries multiple real-time threat intelligence sources including Google Safe Browsing, PhishTank, OpenPhish, URLhaus, and several regional threat databases. These are updated continuously, giving you up-to-date information on known phishing sites, malware distribution networks, and spam domains.

You can scan any publicly reachable HTTP or HTTPS URL. Localhost addresses, private IP ranges (such as 192.168.x.x or 10.x.x.x), and internal hostnames that don't resolve publicly are not supported. We also do not support scanning onion (.onion) addresses.

Scan results are stored temporarily to generate your report. If you are not logged in, scans are anonymous and are not linked to any identity. Registered users can optionally save their scan history in their account. We do not sell, share, or use scan targets for advertising purposes. See our Privacy Policy for full details.

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) encrypt the connection between a browser and a web server. We check whether a site has a valid certificate, whether it was issued by a trusted certificate authority, when it expires, which TLS versions it supports, and whether weak or deprecated ciphers are in use. An expired, self-signed, or missing certificate is a strong indicator that a site may be unsafe.

DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS records, making it much harder for attackers to redirect traffic via DNS spoofing attacks. Premium scans include a DNSSEC validation check that confirms whether a domain has signed its zone and whether the signature chain is intact from the root all the way to the target domain.

Network ports are communication endpoints. A server with many open or unexpected ports exposes more potential attack surface — for example, an open Telnet or FTP port on a web server suggests poor security hygiene. Our port scanner probes common ports and flags any that appear unusual for the type of site being scanned.

We inspect several headers that protect visitors from common web attacks: Content-Security-Policy (prevents XSS), Strict-Transport-Security / HSTS (forces HTTPS), X-Frame-Options (prevents clickjacking), X-Content-Type-Options (prevents MIME sniffing), Referrer-Policy, and Permissions-Policy. Missing or misconfigured headers are flagged and explained in plain language.

We verify whether the domain has correctly configured SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance) records. Together these three standards make it far harder for attackers to spoof emails from a domain. Missing or weak configurations are a common trait of scam and phishing domains.

Visit the Pricing page, choose your preferred billing cycle (monthly, quarterly, semi-annual, or yearly), and complete the secure checkout powered by Stripe. Your plan activates immediately. You can cancel at any time from your account settings — no questions asked.

Yes. You can cancel your Premium subscription at any time from the My Account page. Your plan remains active until the end of the current billing period, after which it reverts to the free plan. We do not charge cancellation fees.

Security scanners can produce false positives (flagging a safe site) or false negatives (missing a threat). If you believe a result is inaccurate, please contact us at [email protected] with the URL you scanned and the specific check you think is incorrect. We review every report and use them to improve our detection logic.