How to Check if Website is Malicious using Online URL Scanners


A computer doesn’t just get infected with malware by itself and it has to come from somewhere. It can be from a medium such as an infected USB flash drive, or an infected file that is downloaded from a website, and also from attachments in emails. The person who created the malware normally wants to infect as many computers as possible turning them into slaves that can be used to perform other actions such as launching a DDoS attack, mining Bitcoin and etc.

One fast method of spreading malware is by hacking a popular website to gain administrative access and injecting exploits or malware that is easily downloaded onto the visitor’s computer. Instead of the hacker using a lot of Internet bandwidth and processing power to push the malware to thousands of people, this method is much less tedious because the hacker just sits and waits for the visitors to get infected when they visit the popular website that is hacked.



Download our Android App Best Computer Guide 



Although an antivirus software plays an important part to ensure that any file downloaded from the Internet is scanned, scanning the URL before hand adds another layer of defense. Most antivirus software has a link scanner but if for some reason you prefer not to enable it, here are 5 external URL scanners that can use to manually check if the website is clean from malware or exploits.


1. VirusTotal

Not only can you upload any file to have it scanned with 55 different antivirus, VirusTotal also has the ability to scan any URL using 63 different link scanning services. All you need to do is type the URL in the box and click the “Scan it!” button.



It may surprise you that the link scanning is very fast taking only a few seconds to complete scanning a URL with over 60 different services. This is not due to VirusTotal servers hosted under Google’s powerful infrastructure but it is because VirusTotal merely pulls the latest scan report out of each URL scanning service. So it is not necessary that each of the link scanning services available at VirusTotal are giving the most current scan results during the time of request.


2. URLVoid

URLVoid is another link scanning service by an Italian company NoVirusThanks that is similar to VirusTotal. Simply enter the domain name in the box and click the Submit Now button to receive the status of the hyperlink. Additional information such as when the domain was first registered, server location, Google Pagerank and Alexa Traffic Rank is accompanied together with the scan results.



Although URLVoid only supports up to 29 URL scanning engines, what we like about this service is the ability to conveniently access the official and more detailed report from the individual scanning engine website by clicking on the “View more details” link.


3. Sucuri

Sucuri is a well known company that offers services to protect websites against malware and DDoS attack while also offering services to clean up hacked sites. Sucuri has a free and remote scanner called SiteCheck to detect if there’s any injected malware, errors, blacklists and even outdated software on the website.



Unlike VirusTotal and URLVoid that use third party scanning results, Sucuri uses their own propriety method that specializes in detecting malware in the form of embedded Javascript and showing you the location of the payload. The results are cached for 24 hours and there is a link at the bottom to force a rescan to clear the cache.


4. Is It Hacked?

A hacked website can contain a malicious payload and it makes sense to check if a website has signs of being hacked so you can avoid visiting the dangerous website. Is It Hacked? uses a different approach which is to check if there is any cloaking which means a different web page is served to users and GoogleBot. This is to delay the hacked website containing malicious code being detected by Google SafeBrowsing.



It also looks for spammy looking links which are normally found on shady websites that have nothing great to offer to visitors, iframes which are normally used to inject payloads and finally perform blacklist checks from 3 well known sources (Google Safe Browsing, PhishTank, McAfee SiteAdvisor).


5. Web Inspector

Web Inspector is included in VirusTotal but the actual online scanner service reveals much more information about a scanned URL. The report page shows if the scanned URL is clean, suspicious or high risk with up to 7 days of scan history, checks the issuer and expiry date of SSL, and also checks up to 12 different categories of online threats ranging from the common blacklist checking to the dynamic heuristic virus detection.



Web Inspector is created by the same company that produces the popular Comodo Internet Security. Our only gripe on Web Inspector is it takes quite a while to complete scanning a URL.

No comments:

Post a Comment