Is the URL sent to a server?

No. All analysis is done with local JavaScript pattern matching — no external API is called.

Does "safe" mean the URL is definitely safe?

No. This is a static pattern analysis tool with limitations. Always exercise judgment before visiting an unknown URL.

Can I scan QR code images directly?

This tool analyzes URL text only. Use a separate QR scanner app to extract the URL first.

Can it reveal the destination of a shortened URL?

It detects shortener patterns but cannot resolve the final redirect without external API calls.

🛡️

qr safety checker,

QR Code Safety Checker

Analyze URLs from QR codes for phishing, shorteners, and suspicious patterns.
All checks run in your browser — no URL is sent to external services.

🔍

Risk Analysis

Detects phishing and suspicious domains

⚠️

Short URL Detection

Flags bit.ly and other URL shorteners

🔒

Browser-Only

URL is never sent to external APIs

Paste URL from QR code

🔒URL analysis uses local pattern matching — no external API calls are made.

⚠️This tool uses pattern-based analysis. Even a "safe" result does not guarantee safety — exercise caution.

about,

About

A free tool that analyzes URLs from QR codes for phishing indicators, URL shorteners, suspicious TLDs, raw IP addresses, and Punycode (homograph) domains — entirely within your browser.

Quishing (QR code phishing) is a growing attack where fraudulent QR codes redirect victims to phishing sites. Always verify a URL before tapping. This tool provides a fast, privacy-respecting pre-check with no external API calls.

how to use,

How to Use

STEP 1

Copy the URL

Copy the URL from your QR scanner without tapping it yet.

STEP 2

Paste and Check

Paste the URL here and click "Check".

STEP 3

Review Results

See a Safe / Caution / Danger verdict with detailed check results.

glossary,

Glossary

Quishing: QR code phishing — a technique where attackers replace or fake QR codes to redirect victims to phishing pages.
URL Shortener: Services like bit.ly that shorten URLs, hiding the actual destination. Commonly exploited in phishing campaigns.
Phishing Site: A fake website mimicking a legitimate one to steal login credentials, credit card numbers, or personal data.
IDN (Internationalized Domain Name): Domains containing non-ASCII characters. Homograph attacks use look-alike characters (e.g. Cyrillic а vs Latin a) to deceive users.
HTTPS vs HTTP: HTTPS encrypts traffic. URLs using plain HTTP lack transport security and warrant extra scrutiny.
Redirect: Automatically forwarding a user from one URL to another. URL shorteners often use multiple redirect hops.

faq,

FAQ

Q.Is the URL sent to a server?: No. All analysis is done with local JavaScript pattern matching — no external API is called.
Q.Does "safe" mean the URL is definitely safe?: No. This is a static pattern analysis tool with limitations. Always exercise judgment before visiting an unknown URL.
Q.Can I scan QR code images directly?: This tool analyzes URL text only. Use a separate QR scanner app to extract the URL first.
Q.Can it reveal the destination of a shortened URL?: It detects shortener patterns but cannot resolve the final redirect without external API calls.