01
Break down the link
Record domain, path, parameters, and redirects without signing in.
Check: No credentials or sensitive data are entered.
Back to workflows
Phishing
Review a suspicious phishing domain defensively.
A workflow for checking a link without opening it in a risky way or entering data.
Goal
Assess phishing signals while protecting the user and the system.
Best for
SOC triage, awareness training, and defensive URL review.
Inputs
Suspicious URL, Email headers, Observation time
Steps
02
Check email context
Read SPF, DKIM, DMARC, sender alignment, and header anomalies.
Check: Header results are not treated as the only proof.
03
Read domain age and traces
Check RDAP, DNS, certificates, archives, and reputation sources.
Check: New registration or lookalike signals are dated.
04
Write a defensive note
Add confidence, false-positive limits, and a safe response option.
Check: No live exploitation or bypass step is included.
Output
Phishing assessment note, confidence level, sources, and suggested defensive action.
Report line
The URL shows phishing-like signals in passive sources; it should be handled as a defensive triage finding, not as a final attribution.