Is that QR code link safe to open?
Scanned a QR code and not sure about the link? Paste it below. This checker inspects the address for the tricks behind quishing scams — look-alike domains, shorteners, hidden redirects — entirely in your browser. It never opens or fetches the link, and nothing is uploaded.
Paste the link
On iPhone, open Camera, frame the code without tapping, and the link shows as a banner. Long-press to copy it, then paste here.
Everything runs in your browser. The link is never opened, fetched, logged, or uploaded. Reload and it is gone.
Verdict
—
Where it actually goes
—
Paste a link and tap Check this link. The checker breaks the address down, shows you the real destination domain, and lists every red flag it finds — with a plain-English reason for each.
Keep a history of every code you scan.
Swarmval QR Scanner adds scan-from-photo, searchable history, eight code formats, and built-in QR generation — on-device, no ads, no weekly subscription.
The QR scam red flags this checks for
Look-alike domains
A real brand name buried in a subdomain (paypal.com.secure-ru.app) or spelled with swapped letters or non-Latin characters. The checker shows the real registered domain — the only part that decides where you go.
Hidden destinations
Shorteners (bit.ly, tinyurl) and an @ in the address can hide the true host. The checker calls these out so you do not open a destination you cannot see.
Unsafe structure
No HTTPS, a raw IP address instead of a domain, risky download TLDs like .zip/.mov, or login/payment keywords in the path — the patterns that show up far more often in scams than in real links.
QR safety and this tool
How does this checker work, and does it open the link?
It never opens the link. You paste the URL a QR code points to (the Camera app shows it before you tap), and the checker inspects the address itself — the protocol, the real domain, any look-alike tricks, shorteners, and embedded redirects — entirely in your browser. There is no network request on the check path, so nothing is fetched, logged, or sent to a server. It tells you what to be suspicious of before you decide to open it.
What is "quishing" and why are QR codes risky?
Quishing is phishing delivered through a QR code — on fake parking meters, fake "delivery failed" notices, restaurant table tents, and email attachments. A QR code is opaque: the destination is hidden in the pixels, so you cannot eyeball it the way you would a typed-out web address. The code can route to a spoofed login or payment page, and by the time you see it you have already tapped through. Reading and checking the URL first is the single most effective habit against it.
What does the checker flag as suspicious?
Non-HTTPS links; raw IP-address hosts instead of a domain name; punycode/internationalized domains used for homograph attacks (apple vs аpple); URL shorteners that hide the real destination; an "@" in the address that hides the true host; brand names buried in a subdomain (paypal.com.secure-login.ru); risky or unexpected file-download TLDs like .zip and .mov; and credential or payment keywords in the path. Each flag is explained so you understand the risk, not just a red light.
If the checker says "looks OK", is the link definitely safe?
No tool can promise that. "Looks OK" means the address has none of the common structural red flags — but a clean-looking domain can still be a brand-new scam site, and a shortener can hide anything. Treat the result as a reason to slow down, not a guarantee. Never enter a password, card number, or 2FA code on a page you reached from an unexpected QR code; go to the organization’s official app or website yourself.
Why are so many QR scanner apps a subscription trap?
Scanning a QR code is a free operating-system call — iOS has done it in the Camera app since 2017 — yet the App Store is full of QR scanner apps charging $4.99–$9.99 per week for it, a category Apple has flagged as fleeceware since 2019. Swarmval QR Scanner keeps unlimited scanning free, adds scan-from-photo, searchable history, eight code formats, and built-in generation, and follows fair portfolio pricing: $4.99/month (3-day trial), $14.99/year, or $19.99 once — never weekly.
Where do I see the URL a QR code points to?
On iPhone, open the Camera app and frame the code without tapping — the detected link appears as a banner at the top or bottom of the screen. Read that address (or long-press to copy it) and paste it here before you open it. A scanner with searchable history, like Swarmval QR Scanner, also lets you review exactly what a past code pointed to.
Next steps: how to scan a QR code safely on iPhone, how to create your own QR code, or get QR Scanner for scan history and scan-from-photo.