URL Risk Signals: What CheckLink Looks For
A practical explanation of HTTPS, redirects, final domain mismatch, punycode, IP hosts, deep subdomains, and lookalike patterns.
Signals are clues, not proof
A URL signal is a clue that helps estimate risk. One signal rarely proves that a link is safe or unsafe, but several signals together can guide a better decision.
Transport and destination
HTTPS is useful because it protects the connection, but it does not prove legitimacy. The final domain matters because redirects can send a user somewhere different from the visible link.
Structure and encoding
Raw IP hosts, punycode, unusual encoding, very deep subdomains, and strange URL structure can all deserve caution when the context is sensitive.
Lookalike patterns
Misspelled brands, number substitutions, and support or billing words attached to a brand can indicate possible impersonation. Similarity is a signal that needs context.
How CheckLink helps
CheckLink shows signals and reasons so users can decide whether to proceed, verify elsewhere, report the link, or request manual review.
Checklist
FAQ
Does one bad signal mean phishing?
Not always. It means the link deserves closer review.
Why show reasons?
Reasons help people understand the verdict and take safer next steps.
Related guides
Related glossary terms
Use CheckLink before the next click
CheckLink provides risk signals and review paths. It does not guarantee that a website is risk-free.