Normalize safely
We parse HTTP and HTTPS addresses, expose deceptive hostname patterns, mask likely secrets, and reject private-network or credential-bearing targets.
Methodology
LinkWitness separates what was observed, what a third-party source reported, and what an automated model inferred.
We parse HTTP and HTTPS addresses, expose deceptive hostname patterns, mask likely secrets, and reject private-network or credential-bearing targets.
Technical, historical, reputation, and behavioral signals are timestamped. An unavailable source remains unavailable—it is never counted as a clean result.
Strong signals carry more weight than weak heuristics. AI can explain patterns, but it cannot independently determine a public risk status.
Reports state their coverage and limits. “No known risk found” never means “safe.”
Every historical report is retained according to policy so material changes and corrections are reviewable.
Owners and users can provide counter-evidence. Changes are logged; payment never influences findings.