How to Tell if a Website is Dangerous

Learn how to use different tools to determine whether a site is dangerous.

How to Tell if a Website is Dangerous

While conducting your investigations it is not uncommon to fall down an Internet rabbit hole that leads you to a random website that you've never heard of and isn't quite sure if it is safe. If you find yourself in this situation there are several ways to check a website to see if it is dangerous.

You can “scan” the website infrastructure for telltale signs of danger. Find if known malware refers back to the website or check the downloadable files on the site itself. Investigate the website’s links or the SSL certificates for clues.

There are also blacklists of websites that are considered security threats and this is the best place to start. The easiest first step is to click here to use Virus Total, which has a tool (click here) to check suspicious URLs. Virus Total will check your URL against 60+ blacklists.

See the results below from searching on “search-ish.com”, and you can see the beginning of a list of different checks that came up clean for my website.

This is the results from searching my website

I also like that they have a nice “summary” section for those of us who do not have Ph.D.’s in Computer Science. See below:

You can also use the Threat Intelligence Platform for the same purpose. But keep in mind that it will not give you a simple “yes” or “no” answer. Instead, it will provide various kinds of evidence that the site is or is not safe.

To be extra careful, you can also check if the site’s IP address is blacklisted by looking up the IP on Ultra Tools and searching it at IPvoid.

Malware Affiliated With the Site

Another method is to look for malware that has been hosted on the website in the past, which is pretty damning of the site. You can also search for known malware that refers to the site, which is a sign that the website is affiliated with the processes of the malware. You can search for either of these on the aforementioned Virus Total and Threat Intelligence Platform. However, it is not clear where it obtains this information.

Suspicious File on the Website

If you want to check if a particular file is dangerous you can upload it to Virus Total for analysis and it will be checked against 60 virus databases. While it is definitely recommended that you do not download or in any way work with potentially dangerous files if you plan to do so it is recommended that you use a virtual machine.

Using a Virtual Machine

For a newcomer, dealing with a virtual machine is a bit of a hassle, so feel free to jump to the next section. Still reading? Okay so if you want to actually go to the suspicious website, maybe download suspicious files to upload them elsewhere for inspection, you can use a virtual machine to mitigate the danger to your computer.

The Intercepts guide for novices to set up a virtual machine

A virtual machine is basically an isolated computer within your computer. The idea is that if a malicious file infects your virtual machine it should not be able to infect your regular computer, though there are a few documented cases where this is possible. For a primer on how to set up and use, click here to see the guidance from The Intercept. I hate to pawn you off to another website to learn virtual machines, but I can’t do a better job than they did.

Additional Names on the SSL Certificate

One can also check the website’s SSL certificate for a sign that it could be dangerous. The SSL certificate is a type of digital certificate that authenticates the website so that when you go to cnn.com, you are actually going to CNN’s website. In general, you should expect the certificate to have one domain possibly with additional subdomains. Scammers often use many domains on the same certificate.

You can look up any website’s SSL certificate at censys.io, or if you scanned the website on Virus Total you can look in your results under the heading “Subject Alternative Names.” However, censys.io will give you more detailed findings.

Does It Use a Phishing Kit?

While many companies offer customers different kinds of pre-built websites (WordPress) some similar providers offer pre-built phishing websites to scammers. These are called “phishing kits” and they have several telltale characteristics. To check if a site was built with a phishing kit, you can send its URL to urlscan.io. UrlScan will find evidence of a phishing kit or if other sites use the same kit.

This is a bit long but you see the results below for a search on this website.

Right up top, you can click “similar”?

You click there and you can see specifically whether there are indications of a phishing kit (like in the website below that is not mine):

Additional Security Websites

In addition to the websites mentioned above, you find a list of websites that check the safety of suspicious sites by clicking here. It never hurts to see what other kinds of safety measures are available, especially as technologies continue to develop.

The methods described are not a catchall for every single threat existing online, but they are intended for most of the threats you might encounter.  With these tools, you will be equipped to thoroughly investigate the safety of a website without the risk of exposing your computer to most kinds of threats.

The Dolomites Inspired by Ansel Adams by Przemyslaw Kruk