Frequently Asked Questions
Answers to the questions we hear most about how 2check.click works, what it can check, how it protects your privacy, and how to help make it better.
What is 2check.click?
2check.click is a free, privacy-first tool that helps you understand whether a link, message, QR code, or email looks like a phishing attempt — before you click. Everything runs in your browser, with no account required.
Is 2check.click really free, and do I need to create an account?
Yes — completely free, with no account, registration, or payment of any kind. Just paste a link, message, or QR image and get a result immediately.
Is my data sent to your servers when I check something?
No. URL, message, and QR analysis all run directly in your browser — nothing you check is transmitted to our servers. The only exception is an optional, SSRF-protected request to resolve shortened links, which never downloads the destination page.
What kinds of things can I check with 2check.click?
You can analyze links, QR codes, emails, and text messages for phishing indicators — brand impersonation, lookalike domains, suspicious redirect chains, and hidden or encoded content.
How does 2check.click decide whether a link is risky?
It evaluates dozens of signals at once — domain and subdomain structure, lookalike or typosquatted brand names, dangerous file extensions, redirect chains, and hidden or encoded content — and combines them into a single weighted risk score with a plain-language explanation.
What do the risk levels — Low, Medium, High, Very High — actually mean?
Results are grouped into four levels based on a weighted 0–100 score. Each result also explains in plain language exactly which signals contributed, so you're never just shown a number without context.
Can 2check.click guarantee that a link is 100% safe?
No tool can guarantee that — phishing techniques change constantly, and new scam sites appear every day. 2check.click is designed to surface warning signs so you can make an informed decision, not to replace your own judgment.
2check.click flagged a link I trust as risky — why?
Detection rules can occasionally catch legitimate sites that happen to share characteristics with scam patterns — a long redirect chain, an unusual TLD, or a brand name appearing in a subdomain. If that happens, please report it.
2check.click missed a scam I recognized — what now?
Report it through the Report a Problem page. Reports of missed phishing patterns are exactly how new detection signals get added.
How does the QR code scanner work, and is it private?
QR decoding happens entirely in your browser — the image is never uploaded anywhere. Once decoded, the destination link goes through the same client-side analysis as any other link.
I checked a shortened link — does 2check.click visit the destination page?
No. To resolve a shortened link, 2check.click sends a single SSRF-protected HEAD request — it never downloads or renders the destination page itself.
Does 2check.click keep a history of what I've checked?
No. There is no persistent storage anywhere in the stack — nothing about the links, messages, or images you analyze is saved. Each check starts fresh.
How does 2check.click detect lookalike or typosquatted domains?
It compares domains against a database of well-known brands using several signals — visual lookalike (homoglyph) detection, edit-distance typo matching, and brand-keyword analysis.
I already clicked a suspicious link before checking it — what should I do?
Act quickly: close the page, avoid entering any information, change your passwords if you logged in, and contact your bank if payment details were entered.
How do I give feedback, report a bug, or suggest an improvement?
Use Report a Problem for detection feedback — false positives, missed scams, or rule ideas — and Contact Us for general questions, site bugs, and feature requests.
Still have a question, found something that doesn't look right, or want to suggest a detection improvement? Report a problem or get in touch.