How to Safely Check Suspicious Links

How to Safely Check Suspicious Links

In case you weren't aware of it, your computer can become infected with malware by visiting an infected site, even if you don't click on anything upon hitting the site. It is called a drive by attack.

If you want to check out a link in an email or on a web site that seems suspicious to you without risk of infecting your computer, here are two sites that can help.

The first is Here are the steps:

  • Right click the link you want to analyze (if using Windows or Linux)
  • Select "copy url" from the pop-up menu
  • Paste it into the "Profile URL" form input box then click GO!

Profile URL input box:

urlQuery Input Box

urlQuery will analyze the link for you and provide a status and warnings if it finds anything suspicious.

urlQuery Status:

urlQuery status

urlQuery Warnings:

urlQuery warnings


You can use a similar process on a site called VirusTotal to check their take on the link.

  • Browse to VirusTotal
  • Click on the URL tab
  • Paste the URL into the form input box
  • Click "Enter URL".

If the URL has been analyzed recently, VirusTotal will tell you and ask if you want a new analysis.

VirusTotal Already Analyzed

If the last analysis is more than a few hours old, I recommend having it checked again by clicking Reanalyze.

The results will be shown after a few minutes of analysis.

VirusTotal bad site

The site I chose for this post was one of the locations that Petya ransomware hits. It was blacklisted according to urlQuery and had 7 out of 65 Antivirus vendors say it's bad, so you wouldn't want to go there.

[update]The ransomware has apparently been renamed NotPetya and there's no way to make payment or receive the decryption key, so protect yourself!

If only one Antivirus vendor says it's bad, it could be one of the Antivirus providers trying to make a name for itself, so it is a judgment call for you.

By checking out a suspicious URL in this way, you transfer all the risk of becoming infected to urlQuery or VirusTotal as applicable. Their servers are specifically configured to handle malware, and it never touches your computer.

/* Adding copy button to code snippet in Ghost */