How to Tell If A Website Is Dangerous

 

These days it can be very difficult to tell if a site is trustworthy or not. Many nefarious sites are being designed to look respectable. Thus you should always make sure that a site is not dangerous by using multiple approaches. This is especially important to consider before providing a site with sensitive information such as credit card numbers, banking information, your email address, etc...

 

In general you may want to be wary of a site if it asks you for unnecessary personal information, a credit card number, or a bank number when it's not necessary. This could be evidence of them phishing for your sensitive information. You should also be wary of sites with offers that seem too good to be true, have very intrusive ads, have multiple popups, tell you that you need to install a plugin to view content, etc... For sites such as these you should definitely consider using the methods described below to make sure that the site is actually safe before proceeding further.

Recent Changelog:

5/23/2014-Removed dead link and added link to Best Free Antivirus Software article.

6/9/2014-Replaced http links with https links wherever possible.

 

Index

1. How To Investigate A Site Before Visiting It

2. General Approach To Analyzing Sites

    A) Check Site With Zulu URL Risk Analyzer and Comodo Web Inspector

    B) Check Site With VirusTotal And URLVoid

    C) Check Reputation Of Site With Web Of Trust

3. Make Sure SSL Certificate Is Trustworthy Before Making Purchases

4. How To Report Dangerous Sites

 

1. How To Investigate A Site Before Visiting It

 

If the source of a link seems phishy, such as if it came in an unrecognized email or it is a suspicious link posted online, I would recommend that you don't click it until you've made sure the site is not dangerous. To copy the link for analysis, without ever visiting the site, you can right click on it and select the option to "Copy link address" (For Chrome), "Copy link location" for Firefox, etc... If this link appears to be a shortened URL, then you must first unshorten the URL before testing it. If you don't do this then your analysis will actually just test the site that shortened it. To unshorten the link you can go to this site and paste the shortened URL into the box. It will then provide you with the actual URL, which you can copy to use for the analysis below.

 

2. General Approach To Analyzing Sites

 

A) Check Site With Zulu URL Risk Analyzer and Comodo Web Inspector

The first thing I would advise doing is copying the website's URL and pasting it into Comodo Web Inspector. However, this analysis may take a while as it is running an in-depth real-time analysis of the site to check for any possibly malicious content. Thus, I would advise running Zulu URL Risk Analyzer at the same time. However, once Comodo Web Inspector is done it will present you with its findings. If the site is rated as High Risk it's very likely that the site is dangerous. If it rates it as Suspicious the site is probably dangerous, but you may want to see what the other services mentioned in this article rate the site.

 

Then also copy the URL into Zulu URL Risk Analyzer. If given the choice choose to reanalyze the site. This also uses multiple methods to analyze the site. After it is done analyzing the site it will present you with an overall risk score of how likely the site is to be dangerous from 0 to 100, with 100 being very dangerous. It will also provide you an interpretation of this in which it will rate the site as Benign, Suspicious, or Malicious. While I have seen it have some false positives on safe sites, in which it rated them as Suspicious, I have never seen it rate a safe site as Malicious. Thus, my advice for using this service is that if it rates the site as Malicious you can be relatively confident that the site is dangerous. However, if it rates it as Benign or Suspicious then you should move on to the following steps to further evaluate the site.

 

B) Check Site With VirusTotal and URLVoid

To check the site against the databases of many reputation engines and domain blacklists the next thing you should do is copy the website's URL and paste it into VirusTotal. If the site was previously rated you should select the option to Rescan. If the site is already known to be dangerous it will likely be flagged by at least a few services. However, even if they all come up clean it doesn't necessarily mean that the site is trustworthy. Remember what was discussed earlier about how the age of the site comes into play when interpreting these results.

 

Also copy the website's URL into URLVoid. This service is similar to VirusTotal in that it also checks the site against many blacklists. If presented, choose the option to "Update Report", as this will provide you with the most up-to-date results. Also, near the top it provides you with when the domain was first registered. Although this information by itself tells us very little, in general, if a site is new it may not mean much if it is not flagged as dangerous by any of the above services. It often takes a while for any of the services to locate, and analyze, new dangerous sites. Also, even old sites, which were previously safe, can be hacked and turned into phishing, or malware infested, sites. Thus, just because a site is old, and not flagged as dangerous, does not mean that it is certainly not dangerous.

 

C) Check Reputation of Site With Web Of Trust

At the bottom of the URLVoid results for the site it also presents you with the WOT ratings. This trust score, by itself, should be helpful for you in judging whether the site is trustworthy. However, clicking on the button in the third column brings up the WOT scorecard for the site, which provides even more information. This information includes people's comments about the site, assuming anyone has left comments. In terms of the comments, it should be noted that the comments of individuals may be biased for many reasons, but by reading through many comments you should be able to get an idea of whether the site is dangerous and the main problems people have with the site, assuming there are a lot of negative comments. This information can also be used to decide whether the site is actually dangerous.

 

Note that another very useful aspect of using WOT is that nearly all popular sites should already be rated. Thus, if you find yourself on a site which is popular, such as Paypal, Gmail, etc..., but WOT says that the site is unrated, it may be a phishing page.

 

3. Make Sure SSL Certificate Is Trustworthy Before Making Purchases

 

Even if none of the above methods indicate that the site is dangerous, before transmitting your sensitive information to the site there are additional issues to be aware of. One of these is to make sure that the page where you fill in your sensitive information, which may include credit card numbers or banking information, is secured with a SSL certificate. If the URL of the page you're on begins with https then an encrypted connection is being used and your information is probably safe, at least assuming that the site is trustworthy. As long as the site is secured then nobody other than you and the people operating the site can view the information you are submitting. I would strongly recommend that you do not transmit sensitive information through any site that is not secured in such a way.

 

However, there is one subtle danger to be aware of. There are actually many different types of SSL certificates. These provide varying levels of trust. An extended validation certificate will guarantee that the business is legitimate, while many other types are only validated with respect to the domain, but not the owners and operators of the domain. Do note that some phishing sites have been known to purchas low-level validation certificates in order to trick people into believing they are trustworthy. For more information about the differences between these certificates please see this page. I'd strongly recommend reading the information on that site. Only if the certificate itself guarantees that the site is safe, and belongs to a valid business, should you have complete trust in that domain.

 

4. How To Report Dangerous Sites

 

If you do find that a site is dangerous I would appreciate it if you could take a few minutes to report the site so that other people will be protected from it. To do this please read this article I've written about How to Report Dangerous Websites.

 

 

 

 

Please help by rating this article. Also, if you believe this article deserves anything less than 5 stars, please leave a comment below explaining how you think it can be improved or where you find fault. This article is written by me but fueled by the community. Thus your opinions and advice are not only much appreciated, but actually necessary in order for this article to grow and improve.

 

If you found this article useful then perhaps you'd like to check out some of my others.

Best Free Antivirus Software

How to Avoid Spam

How to Clean An Infected Computer

How to Fix a Malware Infected Computer

How to Harden Your Browser Against Malware and Privacy Concerns

How to Install Comodo Firewall

How to Know If Your Computer Is Infected

How to Protect Your Online Privacy

How to Report Dangerous Websites

How to Report Malware or False Positives to Multiple Antivirus Vendors

How to Report Spam

How to Stay Safe While Online

How to Tell if a File is Malicious

 

This software category is maintained by volunteer editor Chiron. Registered members can contact the editor with any comments or suggestions they might have by clicking here.

 

Share this
4.577235
Average: 4.6 (123 votes)
Your rating: None

Comments

by IgorN on 23. November 2013 - 17:16  (112484)

New to your site. I am finding it AMAZING! Thanks for the competence, clarity, scope...

by Chiron on 23. November 2013 - 17:51  (112486)

Thank you. Let myself, and any of the other editors, know if you have any questions and we'll do our best to answer them.

Thanks again.

by Jxxx (not verified) on 30. August 2012 - 6:22  (98487)

I dont know your rating system but I was very satisfied with your articles,my rating if 5 stars is tops your articles should get a sixth star in my book,a first,no loopholes,a sequentcially easy and logical direcet article,very thoughtful.Thank You P.S. I will go with the rating of 5 stars.

by Chiron on 30. August 2012 - 16:37  (98522)

Thank you.

Please let me know if you have any questions and I'll do my best to answer them and update the article accordingly.

by Chiron on 7. August 2012 - 18:05  (97352)

I've updated the article.

Please let me know what you think of the newest version.

by mainer (not verified) on 22. June 2012 - 14:23  (95228)

I have used Zulu URL Risk Analyzer to scan a couple of URL i received from Craigslist and worked quite well.Here is some info from their site.

"About Zulu

Zulu is a dynamic risk scoring engine for web based content. For a given URL, Zulu will retrieve the content and apply a variety of checks in three different categories:

Content Checks – Inspection of page content to identify potentially malicious code in a variety of categories
URL Checks – Inspection of the full URL to identify malicious patterns and check the URL/FQDN/TLD against third party and Zscaler block lists
Host Checks – IP, DNS and netblock reputation checks
All algorithms generate both a risk score between 0-100 and a risk categorization (Low, Medium, High). Individual scores are then consolidated and weighted to calculate an overall page score and deliver a final categorization of Benign, Suspicious or Malicious based on overall page risk. Meta data for the page is also provided along with a history of past scans.

It should be noted that Zulu is entirely separate system from Zscaler's commercial cloud. Zulu often employs experimental checks being tested out that may be added to the Zscaler cloud in future. As such, results between Zulu and the Zscaler cloud may not be and are not intended to be consistent."
http://zulu.zscaler.com/

by Chiron on 22. June 2012 - 18:28  (95233)

Thank you very much for pointing this out.

I checked out the service and have now added it to the article.

by machv5 on 11. June 2012 - 21:02  (94698)

From my own experience I would suggest getting WOT (Web of Trust). It is by far the best website rating system that I have come across. However that being said I have noticed lately that if a site has gotten itself a Verisign or similar certificate it can override multiple negative comments and ratings that have been submitted. But on a whole it is awesome for knowing at a glance whether or not a site is suspect or downright bad. The manual checking of a site through third party sites like DMOZ or Whois etc... can be a tedious task. The fastest way that I know to gather third party information about a site is to do a google search with the term "reviews" added to the sites url & or name. But as with anything there are also bad review sites out there too. So you have to be aware of that as well. But if you see one good review among many bad ones that in itself should be an indicator.

by GraveDigger on 18. June 2012 - 22:02  (95077)

I would also agree that getting WOT (Web of Trust) is worthwhile, but I also have to caution that it is sometimes used improperly. A while ago I was looking for employment here in Columbus and one of the sites I considered was the Ohio State University. Strangely enough it came up with a "red" rating on WOT - I notified the university's webpage designers and they must've contacted the people at WOT (it now comes up as "green").

Obviously someone must've filed a criticism of the school's employment site and caused it go be flagged incorrectly.

Be sure to have updated anti-malware/anti-virus programs that you run regularly, and having an active scanner wouldn't be a mistake either. I believe in safe computing - just to be on the safe side...

by Chiron on 12. June 2012 - 17:22  (94753)

Thank you. As you noted I do recommend that users use WOT to check sites. However, as I noted, sometimes users can be biased when rating sites. Thus I believe it's necessary to actually read the reviews to really understand if the site is dangerous or not.

As for doing a Google search, or similar, I agree with you that it could be helpful. However, as you noted, it's much too likely for users to run across unfair reviews or posts which could be very misleading. That's why I'm trying to keep this article more analytical, even if it takes a little longer to decide whether a site is safe or not.

For such a simple question it's actually a complicated procedure that needs to be followed in order to tell, in general, whether a site is dangerous or not.

Please let me know if you have any more questions.

Thanks.

by Chiron on 16. April 2012 - 22:08  (92183)

Okay, I just updated the article to include what I believe is more relevant advice.

You'll notice that WOT is still advocated but that now it has what I consider to be a very visible disclaimer. The problem is that in the right hands WOT is very useful. Therefore I am not willing to entirely remove it from the article.

Please let me know what you think.

Thanks.

by satrow on 16. April 2012 - 22:50  (92186)

Sorry Chiron, Comodo Site Inspector still looks like a flop in comparison to Google's Safe Browsing/URLVoid.
http://siteinspector.comodo.com/public/reports/1305379 - 1 total scan, clean.
http://www.google.com/safebrowsing/diagnostic?site=raptorpolitics.org.uk = clean since 2012-03-31.
Quite a difference in the number and frequency of scans.

by Chiron on 16. April 2012 - 23:38  (92188)

I didn't mean for it to sound like Comodo SiteInspector should be used instead of URLVoid. It's not a replacement, it's a different type of service and should be used along with URLVoid. Comodo SiteInspector also scans the site in real-time, which can therefore identify some dangerous sites which have not yet been known to be dangerous.

I would not recommend entirely trusting the result of Comodo SiteInspector without using other services. As with most things it's better to use multiple services and then interpret the results rather then just relying on a single one.

by Chiron on 31. March 2012 - 23:56  (91513)

Okay, I've got an idea for how to get around having to use reputation services such as Web of Trust. Give me a while to mull it over in my head (and then find the time to actually make the necessary changes to my advice).

In general the approach would use real-time malware/exploit scanning services (probably Comodo SiteInspector and another) and then also give advice on how to recognize most scam websites. Between that and the information from WOT and the age of the site I think most problems could be avoided.

As I said, I'll think this over some more and incorporate this advice into the article when I find the time, but I figured that you guys would like to know that I do have future plans for the article.

Thanks for voicing your concerns.

by satrow on 1. April 2012 - 14:06  (91536)

Comodo's Site Inspector flops when checking the raptorpolitics site I mentioned yesterday - "Can't resolve domain".

by Chiron on 13. April 2012 - 15:10  (92021)

I just checked the site again on Comodo Site Inspector and it seems fine now. Perhaps it was a small hiccup when they were upgrading it.
http://siteinspector.comodo.com/public/reports/1305379

by satrow on 13. April 2012 - 15:41  (92024)

Worth checking that again in a few weeks: "History Info
This page has been scanned 1 times in total." If the scan rate doesn't increase = useless!

by Chiron on 13. April 2012 - 15:53  (92026)

So far I've only seen that problem with that page. For example here's the report for the Comodo forums:
http://siteinspector.comodo.com/public/reports/1307245

As you can see it's been scanned successfully 10 times.

by satrow on 13. April 2012 - 15:56  (92029)

Check your last link again ;) "Report for ‘http://forums.comodo.com/’ index page."

by Chiron on 13. April 2012 - 16:57  (92039)

I don't understand what it is you're trying to say. The history does show that it was successfully scanned 10 times.

by satrow on 13. April 2012 - 17:08  (92041)

The history page for "Report for ‘http://forums.comodo.com/’ index page." has been scanned 10 times.

by Chiron on 31. March 2012 - 4:52  (91463)

I've updated the article, so please let me know what you think.

However, I am not currently aware of a good alternative to using WOT. I do understand the possible problems, but I have also seen firsthand that WOT often warns me of fraudulent sites, and other types, I've been linked to from my own spam-trap. Thus I am not yet willing to remove that advice from the article unless someone can recommend an alternate method which will accomplish much the same goals.

I'd really appreciate if if you could let me know of any ideas anyone has. I'd really like to improve the article in any way that allows me to better ascertain whether a site is safe (and not just probably not dangerous).

Thanks.

by satrow on 31. March 2012 - 18:27  (91506)

Google's "Safe Browsing" http://www.google.com/tools/firefox/safebrowsing/index.html feature is the closest I've found to a 'live' test that's readily available, Here's a "diagnostic" page from a site I checked out today: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Pa... (note that this can change slightly each time Google visits it; last time I looked, a few hours ago, it was still 'clean' for the 31st, now it's infected again).

The above diagnostic page does take some understanding: http://25yearsofprogramming.com/blog/2009/20091124.htm

Firefox, Pale Moon, Waterfox, Chrome, SRIron, etc. needed to utilize Google Safe Browsing; IE, Safari and non-Mozilla/Chrome-based browsers don't have it built-in.

WOT is very variable in that many spammers/malware/crapware distributors also comment and vote up their own sites and vote down those of rival and anti-malware sites, completely throwing the results. Interpretating WOT results can be very tricky - they're often wrong.

by Chiron on 13. April 2012 - 15:35  (92023)

URLVoid already uses Google's blacklisting. Thus I wouldn't think there would be much advantage to using that.

Also, I'm going to downgrade my use of WOT in my next rewrite.

Thanks for the advice.

by MikeR on 30. March 2012 - 18:50  (91443)

As the innocent author of the original post that seems to have sent this thread off topic, I stand by my earlier comment that I wouldn't trust WoT as far as I could throw it. Whether it's Made In Finland or not.

The best people to pronounce on how reliable WoT is are those who've tangled with its pompous self-image and sought -- legitimately -- to get a WoT rating revised because it was plain wrong. I'm one of those (the many?) who have done so. So, unlike so many of WoT's unblinking adherents, I know whereof I speak.

I complained to WoT in respect of a website 'judgment', and thus a judgment on the manufacturer behind it, who has no connection whatsoever with me but who was being dissed by Chinese competitors and all the pathetic me-too WoT commenters who really should get out more (and whose contributions should, at the very least, be moderated.)

WoT did nothing at all about my request for a reappraisal -- but then, why should it? As far as I can tell, WoT makes no qualitative judgment of its own, only quantitative. And when the quantity is high enough -- even if it's the quantity of a mob -- then that's it: if statistically something is said to be wrong / bad / evil, then, ergo, it must be wrong / bad / evil.

Yeah. Right. WoT was A Good Idea. Once. Now? It's a devalued 'authority' in which trust is misplaced.

PS: off track again, but it would be really *good* if Gizmo / TechSupport could sort out this log-in process for registered users. I get a Techsupport email saying there's a follow up comment and I come to the thread and post. Only. . . I can't. My post is in the name of a registered user. "Please type in the letters in the Captcha below." So I do that and I still can't post. So I log in, but, but, but. . . I'm not returned to the thread at all. Instead, I have to go back to the original email. Click the link. Open another browser page. And start over. Is there not a better way of achieving user i8nteraction with this esteemed site but without all the hoopla???

by MidnightCowboy on 31. March 2012 - 4:30  (91461)

So long as you're prepared to have WOT's response to your own situation published here (excluding personal details of course) please send these to me by PM and I'll follow it up.

We're sorry you've encountered a few issues with our log in procedure. As the site becomes ever more popular, so it's attraction to be hit by various types with varying agendas also increases. It is for this reason we have recently had to introduce additional security measures which unfortunately can sometimes lead to the issues you describe. These are currently still being worked on and refined so please bear with us.

by A__nonymous (not verified) on 26. March 2012 - 15:03  (91203)

Here is something to consider.

I bought a lot of books from PubWest a couple of years ago. I asked for a quote for books and shipping (I am not in the US so this is important to me) before paying and I got back an Excel file with 50+ other companies emails, credit card details including exp date. on one of the Excel pages, not the front one which was for me.

I was horrified and contacted the accounts department who didn't seem to care. Contacted the rep in charge of my account who didn't believe me. Sent her the file back. She said she would sort it out.

I got an Excel proforma from them - same thing...

PubWest is a huge company and looks trustworthy on every site, but obviously it wasn't at that time.

by Chiron on 26. March 2012 - 18:11  (91211)

This sort of problem is very difficult to guard against, but I believe that your best bet to defend against this sort of thing is to thoroughly read the comments left by people on WOT. Hopefully others will have already reported incidents such as this so that you would know to be careful.

by MikeR on 26. March 2012 - 15:03  (91202)

I actually wouldn't trust Wot to tell me the time of day. It started off with good intentions but is too open to abuse by me-too posters looking for immortality in the ether or vested interests serving only their own purposes.

by rroberto on 30. March 2012 - 15:10  (91431)

WOT does not use its own members' posted comments to come up with its safety ratings. So their color-coded 'results" are questionable. Many warnings are only the result of web competitors dissing their rivals with bad ratings, no explanations required. You can get a better safety result reading the comments.

WOT also offers new sites business affiliate contracts for better ratings. If you don't sign up and pay, you pay the price in grey or red ratings. What a scam.

Gizmo's Freeware is Recruiting!

Gizmos Needs YouShare your knowledge of free software with millions of Gizmo's readers by joining our editing team.  Details here.