Skip to main content

Phishing Check | URL Threat Inspection

image.png

The platform available at https://dash.niamonx.io/phishing_check β€” known as Phishing Check β€” is a URL threat inspection tool within the NiamonX platform. It checks submitted URLs against known phishing, malware, unwanted software, and social engineering indicators using NiamonX threat intelligence data and Google Safe Browsing signals.

Overview of the Service

Phishing Check helps users quickly evaluate whether a URL appears in known threat datasets.

The tool is designed for cybersecurity analysts, SOC teams, incident responders, fraud investigators, compliance teams, brand protection specialists, and general users who need to inspect suspicious links before opening, sharing, or escalating them.

Phishing Check returns a structured result that includes:

  • Safety status

  • Risk score

  • Risk level

  • Threat type matches

  • Platform matches

  • Match count

  • Threat URL

  • Cache information

  • Metadata availability

  • Source information

  • Local browser request history

  • Raw JSON when needed

The tool is informational. A SAFE result does not guarantee that the resource is harmless, and an UNSAFE result should be validated with additional sources before high-impact decisions.


πŸ” How the Tool Works

The user enters a full URL, including protocol.

Example:

https://example.com/

or:

http://testsafebrowsing.appspot.com/apiv4/ANY_PLATFORM/MALWARE/URL/

The tool checks the URL against threat intelligence sources, including:

  • NiamonX Database

  • Google Safe Browsing signals

The system then returns a result such as:

  • SAFE

  • UNSAFE

  • Unknown / no matches

  • Error or unavailable, depending on backend response

If matches are found, the tool displays threat type, affected platform, match details, risk score, and cache information.


🧩 What Can Be Checked

Phishing Check accepts full URLs.

Supported input format:

http://example.com/path
https://sub.example.com/login

The URL must include:

  • http://

  • or https://

Subdomains are taken into account during inspection.

Unsupported or invalid inputs:

example.com
sub.example.com/login
1.1.1.1
just-text

For accurate inspection, users should paste the complete URL exactly as received.


βš™οΈ Interface Structure

The Phishing Check interface contains several main areas.

URL for Inspection

The input field where the user enters the full URL.

Example:

https://example.com/

The interface reminds users to enter the full URL with http:// or https://.

Examples of Queries

The interface may provide example URLs for testing safe browsing behavior or known test patterns.

Result Panel

The result panel displays:

  • Safety status

  • Risk score

  • Risk level

  • Match count

  • Timestamp

  • Threat types

  • Platforms

  • Metadata keys

  • Detailed coincidences

  • Cache duration

  • Source

Request History

The request history stores previous URL checks locally in the browser.


πŸ“Š Result Status

The main result status indicates whether the submitted URL matched known threat intelligence data.

Common statuses:

Status Meaning
SAFE No known threat match was found
UNSAFE One or more threat matches were found
UNKNOWN The result could not be clearly determined
ERROR The check failed or backend response was unavailable

Example unsafe result:

UNSAFE
Risk 40
Elevated
Coincidences: 1

Example safe result:

SAFE
Risk 0
None

A safe result should not be interpreted as a guarantee of security. It means the URL did not match the known threat sources used for that check.


🚦 Risk Score

The tool calculates a heuristic risk score based on detected threats.

Example:

Risk 40 (Elevated)

Risk score may consider:

  • Threat type

  • Number of matches

  • Source confidence

  • Platform type

  • Metadata indicators

  • Threat weight

  • Known malicious classification

Example interpretation:

Risk Level Meaning
None No known threat match
Low Weak or limited indicators
Elevated Known threat match or moderate risk
High Strong threat evidence
Critical Severe or multiple high-confidence indicators

The exact score is calculated by the platform’s internal heuristic logic.


🧬 Threat Types

The Types of Threats section lists the threat categories found for the URL.

Possible threat types may include:

  • MALWARE

  • SOCIAL_ENGINEERING

  • PHISHING

  • UNWANTED_SOFTWARE

  • POTENTIALLY_HARMFUL_APPLICATION

  • SUSPICIOUS

  • Other backend-supported categories

Example:

Types of Threats
MALWARE

Threat type helps analysts understand the nature of the risk.

Malware

The URL may be associated with malware delivery, payload hosting, infection chains, or malicious downloads.

Social Engineering / Phishing

The URL may be associated with credential theft, impersonation, fake login pages, payment fraud, or deceptive content.

Potentially Harmful Application

The URL may be associated with harmful applications or mobile threats.


πŸ–₯️ Platform Types

The Platforms section shows which platform category the threat applies to.

Example:

ANY_PLATFORM

Possible platform values may include:

  • ANY_PLATFORM

  • WINDOWS

  • LINUX

  • OSX

  • ANDROID

  • IOS

  • CHROME

  • Other backend-supported platform categories

ANY_PLATFORM means the threat is not limited to a specific operating system or device type.


🎯 Coincidences / Matches

The Coincidences section displays detailed matches returned by the threat intelligence check.

A match may include:

Field Description
Threat type Malware, phishing, social engineering, or other category
Platform Affected platform category
Entry type URL or other supported indicator type
Threat URL URL that matched threat intelligence
Metadata Additional threat details, if available
Cache Cache duration, when returned

Example match:

Threat Type: Malware
Platform: ANY_PLATFORM
Entry Type: URL
Threat URL: http://example.test/malware/

The match details help analysts understand exactly what triggered the unsafe classification.


🧾 Metadata

The metadata section indicates whether additional metadata was returned.

Example:

Metadata: No

When metadata is available, it may contain additional context such as:

  • Threat labels

  • Provider-specific attributes

  • Match properties

  • Threat confidence

  • Campaign indicators

  • Source-specific fields

Metadata availability depends on the backend source and threat type.


πŸ•’ Cache

The tool may show cache duration for the result.

Example:

Cache: 300s

Cache duration means the result may be reused for a short period to reduce repeated lookups and improve performance.

Important notes:

  • Cached results may not reflect the very latest reputation state.

  • A URL’s reputation can change quickly.

  • Repeat checks may use cached data until the cache expires.

  • Cache duration may be absent in some responses.


🧾 Raw JSON

The tool can provide Raw JSON when needed.

Raw JSON may include:

  • Result status

  • Risk score

  • Risk level

  • Threat matches

  • Threat type

  • Platform type

  • Metadata fields

  • Cache duration

  • Source indicators

  • Backend response details

Raw JSON is useful for:

  • SOC workflows

  • Case management

  • Automation

  • Evidence preservation

  • Incident response

  • Threat intelligence pipelines

  • Internal reporting

Raw output should be handled carefully when it contains suspicious URLs, investigation notes, or threat indicators.


πŸ•“ Request History

Phishing Check stores URL check history locally in the browser.

History entries may include:

  • URL

  • Safety status

  • Risk score

  • Risk level

  • Timestamp

Example history item:

https://example.com/
SAFE
Risk 0
None

Important privacy behavior:

History does not go to the server.

Local history is useful for repeating checks and reviewing past inspections.

Because the history is browser-local, it may be cleared when users delete browser data or switch devices.

On shared devices, users should clear local history when checked URLs are sensitive.


🧠 Key Features

URL Threat Check

Checks full URLs against known threat indicators.

NiamonX Database

Uses NiamonX threat intelligence data.

Google Safe Browsing Signals

Uses Google Safe Browsing-style threat classifications.

Status and Risk

Shows SAFE / UNSAFE status, risk score, and risk level.

Detailed Matches

Displays threat type, platform type, entry type, and matched threat URL.

Aggregations

Shows threat type and platform aggregations.

Cache Awareness

Displays cache duration when available.

Metadata Support

Shows metadata when returned by the backend.

Local History

Stores previous URL checks locally in the browser.

Raw JSON

Provides structured technical data for advanced review.

Summary Copy

Allows copying a brief report for sharing or documentation.


πŸ”Ž Common Use Cases

Phishing Check can support many defensive workflows.

Check a URL before opening it.

SOC Triage

Inspect URLs from alerts, emails, chat messages, endpoint logs, or proxy logs.

Phishing Investigation

Confirm whether a URL is associated with social engineering or credential theft.

Malware URL Review

User Report Validation

Analyze URLs reported by employees or customers.

Brand Protection

Check suspicious domains or URLs impersonating a company.

Incident Response

Document known malicious URLs during security incidents.

Email Security Review

Threat Intelligence Enrichment

Add URL reputation information to internal cases or watchlists.


⚠️ Result Interpretation

Phishing Check results should be interpreted carefully.

Important points:

  • Absence of matches does not guarantee that a URL is safe.

  • New phishing pages may not yet appear in threat databases.

  • A safe result may become unsafe later.

  • An unsafe result should be validated if it will be used for legal, HR, or customer-facing action.

  • URL reputation can vary by path, subdomain, and query string.

  • Subdomains are taken into account.

  • Shortened links should be expanded and checked carefully.

  • Cache may temporarily return a previous result.

  • Some malicious pages show different content by region, device, browser, or time.

  • A URL may redirect after inspection.

For high-risk cases, combine Phishing Check with sandbox analysis, DNS review, WHOIS, certificate inspection, HTTP header review, screenshot analysis, and endpoint telemetry.


A practical phishing review workflow should follow these steps.

1. Copy the Full URL

Include the full http:// or https:// URL exactly as received.

2. Run the Check

Submit the URL for inspection.

3. Review Status

Check whether the result is SAFE or UNSAFE.

4. Review Risk Score

Use risk score and level for triage.

5. Check Threat Types

Identify whether the match is malware, phishing, social engineering, or another category.

6. Review Platform Types

Check whether the threat is platform-specific or applies to any platform.

7. Inspect Coincidences

Review detailed match objects and threat URL.

8. Copy Summary

Use the summary copy function for tickets or incident reports.

9. Use Raw JSON When Needed

Open Raw JSON for automation, evidence, or deeper analysis.

10. Validate With Additional Sources

Use multiple security sources before making final decisions.


πŸ›‘οΈ Security, Privacy & Responsible Use

Phishing Check is intended for lawful cybersecurity, fraud prevention, incident response, and URL safety analysis.

Acceptable use cases include:

  • Checking suspicious URLs

  • Investigating phishing reports

  • SOC alert triage

  • Malware link review

  • Email security analysis

  • Brand protection

  • Threat intelligence enrichment

  • Incident documentation

  • User safety checks

Users should follow responsible use rules:

  • Do not open suspicious URLs directly in a normal browser.

  • Do not submit private tokens, session URLs, or sensitive internal links unless authorized.

  • Do not use results as the only source for high-impact decisions.

  • Do not weaponize threat data for phishing, malware distribution, or social engineering.

  • Validate malicious classifications before public reporting.

  • Treat URL history as potentially sensitive on shared devices.

  • Use safe environments when investigating live malicious content.


βš™οΈ Technical Highlights

  • URL threat inspection tool

  • Available at dash.niamonx.io/phishing_check

  • Requires full URL with http:// or https://

  • Subdomains are taken into account

  • Uses NiamonX Database

  • Uses Google Safe Browsing signals

  • Detects known threats such as phishing, malware, social engineering, and PHA

  • Displays SAFE / UNSAFE status

  • Calculates heuristic risk score

  • Displays risk level

  • Shows threat type aggregation

  • Shows platform aggregation

  • Shows detailed match objects

  • Shows matched threat URL

  • Shows cache duration when available

  • Shows metadata when available

  • Supports Raw JSON

  • Supports brief summary copying

  • Stores request history locally in browser

  • History is not sent to server

  • Suitable for SOC triage, phishing investigation, malware URL review, and threat intelligence workflows


πŸ“Œ Usage Hints

  • Enter the full URL with http:// or https://.

  • Include the exact suspicious path when possible.

  • Subdomains are included in the inspection.

  • Risk is calculated heuristically based on threats.

  • matches may include threatType, platformType, and metadata.

  • CacheDuration may be absent.

  • A SAFE result does not guarantee that the resource is safe.

  • Use additional sources for final decisions.

  • Use summary copy for quick reports.

  • Use Raw JSON for technical workflows.

  • Local history stays in the browser and is not sent to the server.

  • Avoid opening suspicious URLs outside a safe environment.


πŸ“¬ Contact Information

support@niamonx.io β€” Technical Support
other@niamonx.io β€” General Inquiries
takedown@niamonx.io β€” Privacy or Data Removal Requests
legal@niamonx.io β€” Legal and Compliance Matters

Alternative contact channel:

πŸ”— Helpdesk: https://support.niamonx.io/


Summary

NiamonX Phishing Check is a URL threat inspection tool that checks full URLs against NiamonX Database and Google Safe Browsing signals.

It returns SAFE / UNSAFE status, heuristic risk score, risk level, threat types, platform types, detailed matches, cache information, metadata, local history, summary copy, and Raw JSON.

The tool is designed for phishing investigation, malware URL review, SOC triage, brand protection, incident response, email security analysis, and threat intelligence enrichment. Results are informational and should be validated with additional sources before final decisions.