Home » Blog » Is the link secure? How to check
Is the link secure? How to check
3202 ,4 enuJ

Is the link secure? How to check

Imagine that you have received a link to some website, probably looking similar to your favorite or popular one. Is it official and legal or may it lead an innocent user to a phishing page? The risk of being infected by a virus by inadvertently  downloading malware is notoriously frequent and does not seem to decrease. Even links sent by your acquaintances or relatives may be dangerous.

However, there are no catch-22s without solutions. Some services offer users an ability to check links for security and fraud. Disregarding the type of link (standard URL starting from www and ending by .com, .net or another TLD name or short URL) the service will warn the user.

This double-edged weapon may harm not only users, but developers, too. If the website can fall within sanctions, the hoster will send a warning about the detection of malicious code, and users will start complaining about viral advertising and redirections to fake websites. When this happens, it’s high time to do some diagnostics. There are a couple of steps to be taken: to check databases and files for malicious server scripts and injections, and to investigate web pages for viruses, fake redirections and other issues undetectable with a common code scanner. Web-scanners will help here to perform dynamic (or behavioral) and static analyses (mostly searching for malicious injections in JavaScript) of web pages. Static analysis helps to spot spam links and content, phishing links and pages and other static elements. Dynamic analysis checks the changes which will happen if a real user visits the page or downloads a file, simulating an individual’s behavior. It collects data, analyzes it for suspicious activity (it even may load the same page in different browsers with different object value and document.referer, speed up the timer and detect suspicious redirections).

If suspicious code is already listed as ‘malicious’ and included into the black list, the web-scanner will see it. However, such code can be loaded from a third party source and run during page loading (the malicious script is added at this stage to commit a ‘drive-by download’ attack), when the user leaves the page (at this stage the malware loads ‘popunder’ with censored context) or when the user hangs up for a couple of seconds and after that is redirected to some page with paid subscription via sms.

An advanced web-scanner will check both the page code and its parts, before scripts being run and after, since some malware can add or hide JavaScript objects or perform background loading inside dynamic frames. 

Services for link checking

There are services and services. Do not fall for such simple things as offerings ‘to check the website online’. In most cases, this is a money grab for no actual gain. Desktop antiviruses generally do static analysis only and have limited databases with short blacklists. How to find and choose the one method which will suit your personal requirements? First, services checking links for malware and other security issues should not be confused with those which check dead links. The service should also be popular and with good reviews, which proves that the service does its job well. Among the most popular are the following:

  • VirusTotal. One of the most popular places, aggregating a huge number of antiviral services, which makes its virus database one of the largest. Users can scan links and files downloaded from suspicious sources for viruses, worms, trojans and other malware. It was awarded as one of the Top-100 scanning services by the PC World Magazine. It has localizations in languages and is absolutely free to use. It also has its own browser plugin to test links in mobile services such as messengers or social networks. However, due to its paranoid nature and a great number of scanning tools it might give false alarms, so if it is only a couple of tools sending warnings, there is probably nothing to actually worry about.
  • AVG Threatlabs. One of the leading services, which allows scanning all links at a certain website for possible issues and malware. The service website also contains a weekly updated list of fake and malicious websites, with the top-5 dangerous websites specifically highlighted in the list. All the user needs is to insert a suspicious link in a field and wait for the results.
  • Kaspersky VirusDesk. This service checks both links and files for viruses and malware and is very easy to use. All you need to do is copy and paste the suspicious file into a special field or insert a suspicious link into the field and press ‘scan’. Moreover, if the user is still unsatisfied with the results, they may press ‘I disagree with the scan results’ and the company owning the service will check the situation individually.
  • ScanURL. Quite a peculiar service, accepting check requests through HTTPS. It does its job honestly and thoroughly and provides ‘Whois’ information about the website in question. It has the ability to compare the results of different services (such as Google Safe Browsing or PhishTank) and assigns a permanent URL to the checking results, which users can share with relatives, friends and colleagues.
  • PhishTank. The name speaks for itself. It is a service which focuses more on phishing websites. The user has to appoint a suspicious website and the service checks it. If the link is already ‘marked’ as dangerous and stored in its database, the result will come out in no time. If it is something new, the service provides the user with a tracking number to follow the check and get results when the investigation is over. In case of a slightest suspicion that the link might be fake, it is a good idea to check it through this service. The ‘criminal database’ of the service is growing with the number of checks performed.
  • Google Transparency Report. Not a very famous but still useful service. All the user needs to do is to insert a suspicious URL into the appropriate field and wait for the result, which usually takes several seconds. It also can report phishing risks which can lead to sensitive information leaks.
  • Quattera. A very unusual service which searches the traces of malicious code by means of non-signature analysis and can analyze web-pages dynamically, which allows it to detect 0-day threats. It can check several pages at the same time, easily finds threats related to up- and downloading of trojans. However, being free and quite popular, it may take time to wait for the results.
  • ReScan. A completely free, useful service, performing both dynamic and static analyses. It helps to detect hidden redirections and spot infected fragments in files and on web-pages and addresses. It uses a ‘black list’ to find malicious resources, which may be loaded from the infected domains. The service can test a number of pages at the same time, using internal references and comparing the results against black lists of other services (such as Google or VirusTotal). However, the amount of requests is limited to three per day from one IP.
  • Sucuri. This service spots malicious code by means of heuristics. It uses User Agent / Referer parameters sending requests to various URLs and finds spam and fake links, doorway pages and malicious scripts. Moreover, it can check current CMS versions and web-servers. There are no limitations in the number of requests.
  • Redleg's File Viewer. The interface of this service may look antique and simple, but do not let the first glance fool you. It is effective in complete static analysis of a web site and attached files. Like the previous one, Sucuri, it can utilize User Agent / Referer parameters to scan the web pages. Moreover it can study the pages in Google cache. The number of requests is not limited, either.

We use cookies on our website to improve user experience and analyze website traffic. By clicking “Accept“, you agree to our website's cookie use as described in our Privacy Policy.