HowSafeIsThis

Methodology

Updated March 18, 2026

How reports are generated

The site uses automated checks, public-source lookups, and rule-based explanations. This page describes the signals used today and the limits that matter when you interpret a score.

Link reports

Link analysis starts by normalizing the submitted URL, following redirects, probing TLS, resolving public IP data, and evaluating lexical risk signals. Those URL signals include obfuscation patterns, punycode, suspicious keyword combinations, unusual query strings, userinfo tricks, and repeated host changes across redirect hops.

When the page is reachable, the analyzer also inspects response headers and lightweight page content for clues such as password fields, deceptive prompts, and external credential-post behavior. Google Safe Browsing checks are used as an advisory signal, not as a blanket guarantee that a page is safe.

Place reports

Place reports combine search results from OpenStreetMap's Nominatim service with country-level indicators and encyclopedia context when available. These reports are useful for first-pass travel research, but they cannot replace current local reporting, embassy notices, or on-the-ground intelligence.

Business reports

Business reports use public entity lookups, encyclopedia summaries, and official website discovery to estimate whether a company appears established and whether its primary web presence looks coherent. This helps with basic legitimacy checks, but it does not prove solvency, licensing, delivery performance, or fraud-free operation.

How scores work

Scores are heuristic. They summarize agreement across signals rather than representing a universal truth. A single weak signal can be normal. Multiple weak signals pointing in the same direction usually deserve more attention.

  • `Safe` means the scan did not find strong negative evidence.
  • `Suspicious` means mixed evidence or limited trust history.
  • `Dangerous` means several high-risk signals align.

Current limitations

  • Short-lived phishing pages can disappear before scanners revisit them.
  • HTTPS alone does not prove legitimacy.
  • Public business and place data may be incomplete or stale.
  • Community comments can add context, but they are not a verified source on their own.

Primary references used in research and implementation