Looking deeper: URLScan and WhereGoes

Sometimes the domain alone doesn't settle it — the link is a shortener (bit.ly/…), or a "Click here" button whose real destination you can't see, or a page you'd need to visit to judge. Two more free tools let you investigate without ever putting yourself in harm's way: the tool takes the risk, not you. Use them alongside VirusTotal (reputation/age) and WHOIS (ownership).

WhereGoes — "where does this link actually go?"

Attackers love redirects: a short link or a button that quietly bounces through several hops before landing on the malicious page. wheregoes.com follows that chain for you, hop by hop, and shows the final destination — without you clicking it.

How to use it:

  1. Copy the suspicious link (a bit.ly/t.co short link, or the real target behind a "Click here" — right-click → Copy link address).
  2. Go to wheregoes.com, paste it, and run the trace.
  3. Read the final URL, and apply the right-to-left rule to its domain (see Reading domains and URLs).

This is the fastest way to unmask a shortener. If "track your USPS package" resolves through three hops to secure-verify[.]top, you're done — it's not USPS.

URLScan.io — "what is that page, and is it a known scam?"

urlscan.io visits a URL inside a safe sandbox so you don't have to, then shows you: a screenshot of the page, every domain it contacted, the redirect chain, and whether the page is impersonating a known brand. Crucially, you can also just search a domain to see scans other people already ran — often with screenshots — so you can eyeball a credential-harvesting page without going anywhere near it.

How to use it:

  1. Go to urlscan.io. To inspect a link, paste it and submit a scan (set visibility to Unlisted if it might contain anything personal). To look up a domain, use the search box.
  2. Look at the screenshot (is it a fake login?), the domain/IP it really runs on, and any "targeting/brand" notes.
  3. A page that screenshots as a Microsoft login but lives on secure-auth[.]ru is your answer.

Which tool, when

Question Tool
Where does this short/redirecting link actually end up? WhereGoes
What does the destination page look like — is it a known phish, who's it impersonating? URLScan.io
Is this domain flagged as malicious, and how old is it? VirusTotal
Who actually registered and owns this domain? WHOIS

You rarely need all four. Most of the time the domain plus one lookup settles it. But when a link is hidden behind a shortener or you want to see the trap without springing it, WhereGoes and URLScan are how the pros look — safely, from a distance.

No cookie banner. You’re welcome  👏  
We don’t track you, and nothing here leaves your device. Your card filter is the only thing saved — and it lives in your browser, not on a server.