QR Code Checker
Analyze QR codes before scanning and verify where they actually lead. Upload a QR code image — we decode it in your browser and run a full safety analysis of the destination.
Examples: a short link from a text message, a delivery notification SMS, or an email asking you to "verify your account"
🔒Privacy details— no data stored, no tracking
Analyzed locally
- ✓Message text
- ✓URL parsing
- ✓Brand detection
- ✓QR image decoding
- ✓Risk scoring
Sent to server
- →Redirect resolution — HEAD request only, page not downloaded
- →Domain age lookup — domain name only, no URL path or message
Never sent
- ✓Message content
- ✓QR image or screenshot
- ✓Email attachments
- ✓Personal information
Paste a suspicious link, message, or QR code to begin analysis.
Try an example:
Your links never leave your browser.
Everything runs locally. We never see what you paste.
Know in seconds whether to trust it.
Results appear immediately — no waiting, no loading screens.
Get answers without creating an account.
No email. No password. No sign-up. Just open and use.
How it works
- 1
Upload the QR code
Take a screenshot or photo of the QR code and upload it using the image upload tab in the analyzer.
- 2
We decode and analyze
We extract the URL from the QR code entirely in your browser, then run our full URL analysis on the destination.
- 3
Get your verdict
See the full destination URL, risk level, and specific explanations before deciding whether to follow the link.
What we analyze
- QR code decoding (client-side, no upload)
- Destination URL risk analysis
- Brand impersonation in decoded link
- Domain age and registration signals
- Redirect chains and shortened URLs
- Phishing patterns in URL structure
- Suspicious domain extensions
- Lookalike character detection
- Dangerous file download destinations
- Open redirect detection
Examples
Parking enforcement phishing
QR code in a windscreen notice → parking-fine-payment.net
Fake parking notices with QR codes are common. The QR code leads to a fake payment page that harvests card details.
Tampered restaurant menu
QR code sticker placed over legitimate code → restaurant-menu-login.com
Attackers place stickers over real QR codes in public places. If a QR code leads to a login page, it is almost certainly malicious.
Email QR code bypass
Email claiming to be from Microsoft with embedded QR → microsoft-verify-account.net
QR codes in emails are designed to bypass email security scanners that inspect links but cannot read images.
Frequently Asked Questions
What is QR phishing (quishing)?
Quishing (QR code phishing) is an attack where a malicious QR code is used to direct someone to a phishing website. Because most people cannot visually read a QR code, the attack bypasses normal visual link-checking habits. QR codes are used in phishing emails, fake parking fines, replacement posters, and tampered restaurant menus.
Can QR codes be dangerous?
QR codes themselves are not dangerous — they simply encode a URL. But the URL they lead to can be a phishing site, malware download, or fake login page. The risk is that QR codes make it impossible to read the URL before following it, which is why checking them before scanning is important.
How do I check a QR code safely?
Take a screenshot or photo of the QR code, then upload it to 2check.click. We decode the QR code in your browser (nothing is sent to a server) and run a full analysis of the destination URL before you visit it.
How do attackers tamper with QR codes?
The most common methods are: sticking a fake QR code sticker over a legitimate one (common in restaurants and parking meters), printing fake posters with a malicious QR code, and embedding QR codes in phishing emails where the QR destination leads to a fake login page. Attackers use QR codes in emails to bypass email security scanners that inspect links but not embedded images.
What should I do if I scanned a suspicious QR code?
If you scanned the QR code but did not enter any information, you are likely safe but should run the destination URL through 2check.click. If you entered personal information or login credentials, change those passwords immediately and enable two-factor authentication. If you entered payment details, contact your bank.
Is it safe to scan QR codes in public places?
Exercise caution. Legitimate QR codes in restaurants and public spaces are generally safe, but attackers do place tampered QR code stickers over real ones. Before scanning a QR code in public, check whether the code appears to be a sticker placed over something else. When in doubt, go directly to the website rather than using the QR code.