Paste any link or domain. We check it against 10+ security engines, its registration age, SSL certificate and lookalike patterns — free, in seconds, no signup.
A link, a phone number, an email or an IBAN — whatever you were sent.
Security blocklists, domain age, SSL, scam-prone prefixes and our own scam-report history — in parallel, in seconds.
A clear risk score with the exact red flags, plus an optional AI deep-dive. Share the report link with whoever needs convincing.
Every domain you submit is tested against more than ten independent sources: Google Safe Browsing, Quad9 and Cloudflare threat intelligence, the Spamhaus and SURBL blocklists, the OpenPhish, Phishing Army and URLhaus phishing feeds, plus Digiscam's own database of AI-confirmed scam messages. On top of that we look at the facts scammers can't hide: how recently the domain was registered (most scam sites are days old), whether it impersonates a known bank, delivery company or government service, whether it hides behind a URL shortener, and whether its SSL certificate is valid.
Legitimate businesses have history. Scam websites are created in bulk, used for a few weeks, then thrown away when blocklists catch up. A domain registered 12 days ago that claims to be a bank, a customs office or a big brand's outlet store is a scam until proven otherwise. Our checker reads the WHOIS record and shows you the exact age, so you don't have to take the site's word for it.
Don't enter your card number, passwords or ID documents. Don't download anything from it. If you already paid, contact your bank immediately and ask for a chargeback, then change any password you typed there. Report the site to your national cybercrime portal, and share the Digiscam report link with the person who sent it to you — it's the fastest way to stop the chain.
Yes — every check runs against free, open security sources and our own database. No account, no card, no limits for normal use. The optional AI deep-dive shares the same free daily quota as the message checker.
No checker can promise that. Brand-new scam sites take hours or days to appear on blocklists. That's why we also show domain age, SSL and lookalike signals — and why a "clean" verdict still says "stay vigilant" for very young domains.
Google Safe Browsing, Quad9, Cloudflare Security DNS, Spamhaus DBL, SURBL, OpenPhish, Phishing Army, URLhaus, VirusTotal, and Digiscam's own scam-message database. Engines that don't respond in time are marked "unavailable" rather than guessed.
Yes — that's the whole point. Copy the link (long-press → copy, never tap it) and paste it here. You get the verdict without ever visiting the site. You can also forward the whole message to our WhatsApp bot.