Skip to main content
Check any site in 3 seconds · Free · No signup

Is This Website Scam Or Not?

Check before you buy, click or trust.

Instant scam check for any website. Domain age, brand impersonation, phishing patterns, payment red flags, transparency signals — in plain English.

No signup required. Results cached for 24 hours at the edge.

92
Trusted
example.com
Security
96
Infrastructure
90
Transparency
88
Content
84
Email
100
Performance
92
9
Independent modules
30+
Tech signatures
0
Paid APIs used
<50ms
Cached edge lookup
What we analyse

Every signal a legitimate site has.
Every gap a scam usually shows.

Categorized trust score

Not just one number — separate scores for Security, Infrastructure, Transparency, Content, Email and Performance so you know exactly where the risk lives.

Deep DNS + WHOIS

A/AAAA, MX, TXT, NS via DNS-over-HTTPS. Domain age, registrar and expiry via RDAP — new domains flagged automatically.

Security headers audit

HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy — with plain-language explanations.

Email spoofing risk

SPF, DMARC and DKIM verified from public DNS. Understand whether attackers can forge mail from a domain.

Transparency signals

Privacy policy, terms, contact, refund policy, social links, published email — the things reputable sites have and scams skip.

Technology fingerprint

WordPress, Next.js, React, Vue, Shopify, Google Analytics, Meta Pixel — 30+ signatures matched from live HTML.

Edge-cached (24h)

First scan is live; repeat lookups return in under 50ms from Cloudflare's edge. Cache layer is swappable — KV, R2 or DB later.

Free-only sources

Cloudflare DNS, RDAP, Certificate Transparency, native fetch. Zero paid APIs. Every signal is public and reproducible.

Security tips

Small habits that block most scams.

More on the blog →

Never trust a link in an email

Type the domain yourself or use a bookmark. Every serious phishing campaign starts with a link that looks right.

Use a password manager

It refuses to autofill on the wrong domain. That single behaviour blocks most lookalike-domain phishing outright.

Check the domain age

A three-day-old domain claiming to be a well-known brand is almost never legitimate. RDAP gives you the answer instantly.

Verify with a second channel

If your bank emails you, call the number on your card, not the one in the email. Costs 30 seconds; saves years of pain.

Latest articles

Deep dives on modern scams.

All articles →
More security tools

Ten free tools under one roof.

WHOIS, DNS lookup, SSL checker, HTTP header checker, IP lookup, email reputation, QR scanner, URL expander — all on the same $0 stack. Website Trust Checker is live now.

Browse tools
How it works

From URL to full report in about 3 seconds.

We fan out 9 independent scanners in parallel from Cloudflare's edge, aggregate the findings into weighted category scores, and render an explainable report — every signal shows why it raised or lowered the score.

  1. 1
    Normalize & resolve
    URL is parsed, host is validated, DNS-over-HTTPS resolves A/AAAA/MX/NS/TXT.
  2. 2
    Fetch primary HTML
    Single request follows redirects manually, records timings, headers, body sample.
  3. 3
    Fan-out scanners
    RDAP, Certificate Transparency, security headers, robots, tech signatures, transparency and email-security run concurrently.
  4. 4
    Score & explain
    Findings are weighted into six category scores. Each contributes to an overall trust score with its own reasoning.
  5. 5
    Cache at edge
    Full JSON report is stored at the edge for 24h. Repeat requests return instantly.

Frequently asked

How does Scam Lookup decide if a site is safe?+

Every scan runs 9 independent modules — HTTP, DNS, RDAP, SSL, security headers, robots/sitemap, technology detection, content transparency and email security — and combines their findings into six category scores using a deterministic weighted algorithm. The overall score is the weighted average. No randomness, no black box, no AI verdict.

Is this a replacement for antivirus or malware scanning?+

No. Scam Lookup evaluates trust signals — the things a legitimate site does and a disposable scam typically doesn't. It won't replace endpoint security. Combine it with your browser's Safe Browsing, an ad blocker and a password manager.

Is it free? What's the catch?+

It is free and there's no catch. The whole stack runs on Cloudflare's free tier and uses only public data sources (Cloudflare DNS, RDAP, Certificate Transparency, and live HTTP requests). No paid APIs.

Do you store what I scan?+

Scan results are cached at the edge for 24 hours to keep repeat lookups fast. Nothing personal is collected on the public scanner. If you create an account (coming soon) you can opt-in to save history and favorites.

Can I share a scan report with someone?+

Yes. Every scan has a permanent shareable URL at /check/{domain} — send the link, no signup needed on the other end.

How can I spot a fake website myself in 60 seconds?+

Check the domain age, look for real transparency (privacy policy, contact page, real address), verify the SSL certificate history, and reverse-image search the product photos. We have a full 60-second checklist in the blog.

Try it on a domain you're curious about.

Free, no signup. Cached at the edge so your team can share the URL.

No signup required. Results cached for 24 hours at the edge.