Should I click?
About us How does it work? API

What is Should I Click?

Should I Click is a free service to check if a website is safe to access. The great majority of attacks, including targeted attacks, start with a link in an email or chat. When you do not have enough time, or you do not know how to check the URL, should you click on it or not? Our Should I Click service could be helpful for you.

If you received a suspicious link or a website looks weird, Should I Click is the right and easy-to-use tool to analyse if it is safe to click. Should I Click uses a wide range of technologies, including machine learning, statistical analysis and security tools. The aim of this project is to help people at risk around the world (such as Journalists, NGOs, political activists) against targeted cyber attacks. However everyone can use this service.The shouldiclick.org project is a tool created in Civilsphere laboratory (https://www.civilsphereproject.org/) at the Czech Technical University in Prague to help to protect the civil society for free. This project is part of the diploma thesis of František Střasák that will be finished in May 2020.

How does Should I Click work?

When a URL is submitted to Should I Click, the URL is validated, and information about the website is collected. The first information about the website is taken from urlscan.io , a service that provides a very complex analysis of a submitted website. urlscan.io collects information such as the screenshot of a website, HTML DOM, but the most important part is the description of websites and its behaviour in JSON format. In the next step, images and external javascript links are found in the HTML file of the website and then downloaded. When all data is downloaded, features are extracted from urlscan JSON, from the images downloaded from the website, and from the HTML files in the website. Finally, an ensemble of algorithms (machine learning, static-feature algorithms, etc.) predicts if the website is safe to click or not.
Algorithms behind Should I Click concentrate on these four following areas:

  1. Evil twin websites
  2. Scam websites
  3. Danger behaviour
  4. Websites with Bad HTTPS Practices

All results are from trained ML models and relevant static features. Should I Click does not use any whitelist, blacklist or third-party tools for final verdict ("you can click" or "you should not click").

1. Evil twin websites

Evil twin websites are phishing techniques to steal emails, passwords, credit card numbers and other sensitive data by creating a copy of the website that looks the same and shares the same design as the original one. Evil twin attacks are very hard to detect, as users need to check the URL of the website they visit every time to make sure it is the correct website they want to visit.

In the picture below, there is an example of an evil twin website. It tries to imitate a Google identity verification page. However we can see that the domain of the URL is not Google, is: "minivale.com". If we try to analyse this domain, we can find out that it is not related to Google.

Figure 1. Evil twin website example

2. Scam websites

As Evil twin websites, Scam websites are also phishing techniques. However the scam websites do not imitate the view of a real, targeted website. They often offer fake products to users with the aim to steal their credentials. In most cases all this happens under time pressure. For instance, “You won a new iPhone7 and you have only 60 seconds to fill this information to get this phone.”)

Figure 1. Scam website example

3. Dangerous Behaviour of a Website

ShouldIClick tries to detect harmful JavaScript code and cryptojacking attacks by different approaches. Primarily it uses a honeyclient to detect if a website tries to exploit the browser of the user. However, this function is still under development and it will be released in the next version of Should I Click.

4. Websites with Bad HTTPS Practices

Ideally, the entire website you are accessing should use HTTPS because if not that website can be a potential risk to your privacy. ShouldIClick check how many of the requests generated by the website are encrypted. Another threat verified is the validity of the certificate of a website and html "Log in" forms without HTTPS. For these websites we declare that "You should not click", because it is transferring private data between you and the webserver without encryption.

How to use Should I click

The usage of Should I click website is very simple. Just copy the URL of a website you want to analyse on the Should I Click website, and wait for a few minutes until the analysis is completed. If the analysis was successful, Should I Click will tell you if the URL is safe to click or not. Should I Click uses your feedback to get better. If you know a website is malicious or benign, and the verdict by Should I Click is wrong, we urge you to use the feedback form to give us feedback. This helps adjust our algorithms and be able to provide better verdicts in the future.

If you find an error (CSS bugs, 404 error, wrong results, etc), write us!

Is Should I Click private?

We only store your submission (URL to analyse, your IP, timestamp and our result). For the feedback, if you gave any, we also store the same information. We use the private API of urlscan.io , so any link submitted will not be publicly shared on the urlscan.io website.