Skip to main content
ScanURL analyzes a URL by processing it through multiple layers of checks.
Each layer focuses on a different aspect of the link, and together they provide a reliable final verdict.

High-Level Flow

1

Input URL

2

Quick Analysis

3

Deep Analysis

4

Reputation Checks

5

Final Verdict

1. Quick Analysis

The first step is a fast evaluation of the URL itself. At this stage, ScanURL looks at:
  • the structure of the URL
  • patterns commonly associated with phishing
  • domain-related information
This step provides an initial risk estimate and helps decide how the URL should be handled next.

2. Deep Analysis

If a deeper inspection is required, ScanURL analyzes the actual webpage by loading it in a controlled browser environment.

2.1 Behavioral Analysis

The system checks:
  • how the page behaves when opened
  • whether it contains login forms or input fields
  • if there are suspicious redirects or hidden actions
  • how the page content is structured

2.2 Visual Analysis (Vision Layer)

In addition to behavior, ScanURL analyzes the rendered appearance of the page. This includes:
  • detecting login interfaces visually
  • identifying credential collection layouts
  • analyzing page text using OCR
  • detecting browser warning or blocked pages

Why this matters

Some malicious pages:
  • look identical to trusted websites
  • hide intent in visual design rather than code
  • cannot be detected through URL or HTML alone
By combining behavioral and visual analysis, ScanURL can detect threats that would otherwise go unnoticed.

3. Reputation Checks

ScanURL also evaluates the domain’s infrastructure and configuration. This includes checks such as:
  • SSL certificate validity
  • DNS configuration (SPF, DMARC, etc.)
  • hosting and network characteristics
These signals help provide additional context about the trustworthiness of the domain.

4. Final Verdict

All signals from the previous steps are combined to produce a final result. The system does not rely on any single factor. Instead, it considers:
  • URL-level risk
  • page behavior
  • visual indicators
  • infrastructure signals
Based on this combined analysis, ScanURL returns:
  • a final verdict (e.g., Trusted, Elevated Risk, Potential Fraud Risk)
  • a confidence level
  • a structured breakdown of findings

Why This Approach Matters

Many unsafe links appear normal at first glance.
By combining multiple layers of analysis, ScanURL can identify risks that traditional URL checks often miss. This helps developers make more informed decisions when handling external links.

Key Idea

ScanURL evaluates both:
  • what the URL looks like
  • what the page actually does
This combination is what makes the analysis more reliable.