URL fingerprint

one-page URL health card · SHA-256, length, flags

Diagnostic snapshot of a URL: SHA-256 of normalized form, length, character-class histogram (alpha / digit / symbol / Unicode), suspicious-pattern flags (very long, lots of %XX, mixed scripts, suspicious eTLDs, lookalike characters, encoded keywords), and a printable share card.

URL

Ready.

How to use

Paste a URL.
The card appears with: Normalized form, SHA-256, Length (with average comparison), Char-class histogram (visual bars), Flags (red / amber / green per check).
Each flag is clickable — click to see why it triggered and what to do.
Copy as Markdown dumps a printable card you can paste into a ticket, Copy as image generates a PNG screenshot of the card.

What the flags mean

Very long URL (> 200 chars) — often a tracking redirect chain.
Many %XX sequences — may hide the destination from casual readers.
Mixed-script domain — almost always a phishing attempt (see IDN homograph check).
Suspicious eTLD — domains under .tk, .ml, .zip, etc. are over-represented in abuse.
Raw IP address — legitimate sites use names, not numbers.
Phish-y keywords — login, secure, verify, wallet, account in a path are common phishing signals.

FAQ

Is a clean fingerprint a green light?

No — it's a starting point, not a verdict. A clean fingerprint doesn't mean the URL is safe (the host could still be compromised), and a suspicious fingerprint doesn't always mean it's hostile (some legitimate URLs use long tracking chains).

Why SHA-256?

So you can correlate the same URL across logs and reports without exposing it directly. Useful for sharing intel about a malicious URL without re-distributing it.

Does the hash include or exclude tracking params?

Current build hashes the URL as-pasted. Use the normalizer first if you want a canonical hash that strips tracking.

Anything sent to a server?

No — hashing uses the browser's built-in crypto.subtle; all checks run locally.