Free · No login required · Results in seconds

Scan a QR before you trust it

Point your camera at any payment or wallet QR and we'll check the address or link it contains against the major scam, phishing, and sanctions databases — before you send a thing. No wallet connection, ever.

Scanning is free — no account needed. Create a free account to save your checks.

or paste an address or URL below

0/128

What a check looks like

Three real result types — run any address or URL to see yours.

Ethereum 0x71C7656EC7ab88b098defB751B7401B5f6d8976F
2
✓ No threats detected Score out of 100 — lower is safer
  • Not on any blacklist
  • No sanctions match
  • No mixer activity
  • Active wallet — 4 years old

GoPlus · OFAC · ChainAbuse ran

Ethereum 0x3fC91A3afd70395Cd496C647d5a6CC9D4B2b7FAD
45
⚠ Proceed with caution Score out of 100 — lower is safer
Flagged for: wallet age under 30 days
  • Not on any blacklist
  • No sanctions match
  • Wallet created 12 days ago
  • No mixer activity

GoPlus · OFAC · ChainAbuse ran

Ethereum 0x8589427373D6D84E98730D7795D8f6f8731FDA16
92
✕ High risk — do not send Score out of 100 — lower is safer
Flagged for: on global blacklist, OFAC sanctioned
  • On GoPlus global blacklist
  • OFAC sanctions match
  • No mixer activity
  • Wallet established (2019)

GoPlus · OFAC · ChainAbuse ran

Want to track everything you own?

SusuFinance connects your wallets, DeFi positions, and exchange accounts in one place — and automatically tracks your capital gains, holdings, and realized gains.

Get started free →

What we check

🔍 Wallet Address checker

🚨

Known scam databases

Cross-referenced against GoPlus Security's global blacklist of reported scam, phishing, and drainer wallets.

🍯

Honeypot detection

Checks whether tokens associated with this address can actually be sold — or if they're designed to trap your funds.

🌑

Dark web activity

Flags addresses with known connections to dark web marketplaces and illicit transaction patterns.

🔀

Mixer / Tornado Cash

Detects use of crypto mixers like Tornado Cash — a common way scammers launder funds before a rug pull.

📅

Wallet age

New wallets (< 30 days old) are a major red flag. Scammers create fresh addresses for each operation.

💰

Token holdings

Shows what's actually in the wallet. Scam wallets often hold worthless tokens designed to look valuable.

⚖️

Sanctions check

Checks against OFAC and international sanctions lists for addresses involved in financial crime.

🔑

Multi-sig detection

Identifies if the address is a multi-sig contract. Legitimate investments never ask you to deposit into theirs.

🌐 dApp / Website checker

🦊

MetaMask blocklist

Checks against MetaMask's own eth-phishing-detect list — over 198,000 crypto phishing domains maintained by the MetaMask security team.

🕵️

ScamSniffer database

The largest web3 phishing domain list available, with over 345,000 reported sites. Updated daily by the ScamSniffer security team.

🛡️

GoPlus Security

Real-time lookup against GoPlus's live web3 phishing API — the same engine used by MetaMask, Trust Wallet, and other major wallets.

🔬

URLScan.io

Searches prior security researcher scans of the domain to surface any malicious verdicts from the global security community.

🎣

OpenPhish feed

Cross-references against OpenPhish's actively-maintained list of live phishing URLs updated in real time.

🔍

Google Safe Browsing

When configured, queries Google's threat database — one of the largest phishing and malware URL repositories in the world.

🦠

VirusTotal

When configured, checks the URL against 70+ antivirus and security engines simultaneously for a comprehensive verdict.

⚠️

Attribution, not verdict

We report what third-party databases say. We do not independently declare any site a scam. Always verify before connecting your wallet.

Is your wallet connected to something it shouldn't be?

Every time you connect MetaMask (or any wallet) to a dApp and approve a transaction, you're granting that contract permission to move tokens on your behalf — sometimes with no spending limit and no expiry date. These approvals stay active even after you stop using the site. A compromised or malicious dApp can drain your wallet months later using a permission you forgot you gave.

⚠️ What an approval actually means

When you click "Approve" on a token swap or NFT mint, you're signing a smart contract call that says "this contract can spend X amount of my tokens." Many dApps default to unlimited approval — meaning they can take everything you have of that token, any time, forever, until you revoke it.

If that dApp is later exploited, rug-pulled, or turns out to have been malicious from the start, the attacker can use your existing approval to empty your wallet — no second signature required.

🔍 How to see and revoke your approvals

These free tools connect to your wallet (read-only) and show every active approval across all chains — then let you revoke the ones you don't recognize or no longer need.

Best practices

✂️
Revoke after every interaction

Once you're done with a dApp, revoke its approval. There's no downside — you can re-approve the next time you use it.

🔢
Set exact amounts, not unlimited

When approving a swap, some wallets let you set a custom amount. Always approve only what you need for that transaction.

🗓️
Audit your approvals regularly

Run a revoke.cash check every few months — especially after any news of a DeFi exploit, since attackers often target old approvals.

🦊
Read what MetaMask is actually asking

Before clicking Confirm, expand the transaction details. If it says "Unlimited" next to a token amount — that's a red flag worth pausing on.

Common questions & scam patterns

What is the dApp / Website checker?

It's a free tool that takes any URL or domain and checks it against 7 independent security databases — MetaMask's own phishing blocklist, ScamSniffer, GoPlus, URLScan.io, OpenPhish, Google Safe Browsing, and VirusTotal. It returns a red, yellow, or green result based on what those databases report. We do not make our own determination — we surface what the security community has already flagged.

Do you store the wallet addresses or websites I check?

No — not in readable form. The checker needs no account and no wallet connection. To keep it fast, a repeated check of the same address or URL is served from a short-lived cache, but that cache is keyed to an irreversible one-way fingerprint of what you entered, not the address or URL itself. The usage counter records only that same fingerprint. There is no way to work backward from what we store to what you checked — consistent with our rule that SusuFinance never links an address to a person.

What does a red result mean for a website?

It means one or more of the security databases we query has reported that domain. It does not mean we are calling it a scam — that determination comes from the third-party database. You should treat a red result as a serious warning, do your own additional research, and not connect your wallet until you are certain the site is legitimate.

What does a yellow result mean?

Yellow means the site is not in any blocklist, but it also has little or no security scan history — so there's not enough data to give a clean bill of health. New sites, obscure domains, or recently registered addresses often show yellow. Proceed with caution and verify the site through official channels before connecting.

Can I trust a site just because it shows green?

No. A green result means the site hasn't been reported to any of the databases we check — not that it's definitively safe. Brand-new phishing sites get a few hours before they're added to blocklists. Always double-check the exact URL in your browser bar, look for the official social media accounts, and never connect a wallet from a link sent in a DM or email.

How do wallet drainer sites work?

A wallet drainer is a website that mimics a legitimate dApp — a fake NFT mint, a fake token claim, or a fake airdrop. When you connect your MetaMask and sign a transaction, you're actually signing a permission that lets the attacker transfer every token out of your wallet in one move. The entire balance can be gone in seconds. The site often disappears within hours.

What is a honeypot scam?

A honeypot is a token you can buy but never sell. The scammer promotes it, you buy in, the price appears to rise — but when you try to sell, the contract blocks you. The scammer then drains the liquidity and disappears with your ETH.

What does "too good to be true" actually look like in crypto?

Guaranteed daily returns of 1–10%, "just stake your tokens in our wallet," airdrop claims that require sending tokens first, or someone in DMs offering to double your crypto. If the return sounds impossible in traditional finance, it's a scam in crypto.

Why would a wallet use Tornado Cash?

Tornado Cash is a mixer that breaks the on-chain link between wallet addresses. While some users value privacy, it's heavily used by scammers and hackers to hide the origin of stolen funds before cashing out.

Should I trust a wallet just because it has a large balance?

No. Scammers often seed wallets with worthless tokens or inflated "paper" balances to create the appearance of legitimacy. Always check if those tokens can actually be sold and what they're truly worth.

Is a new wallet always suspicious?

Not always — but in the context of someone pitching an investment, a wallet created in the last 30 days is a major red flag. Legitimate protocols and businesses have established on-chain history.

What should I do if this tool flags a wallet address?

Do not send funds. Screenshot the results. If someone is pressuring you to send crypto to a flagged address, that pressure itself is part of the scam. Report the address on chainabuse.com and walk away.

What should I do if the dApp checker flags a website?

Do not connect your wallet. Close the tab. Find the official project through a trusted source — their verified Twitter/X account or a well-known aggregator like DeFiLlama or CoinGecko. Report the site to MetaMask's phishing database at github.com/MetaMask/eth-phishing-detect.

What happens if I send crypto to the wrong chain?

It depends on the mistake. Sending to an address on the wrong blockchain — ETH to a Bitcoin address, or BTC to a Solana address — means those funds are gone. The two networks have no way to communicate and no one can reverse an on-chain transaction. The most common version on EVM chains is sending on the wrong network: an Ethereum address and a Polygon address look identical (both start with 0x), so ETH sent to the right address on the wrong network is inaccessible unless you or the recipient can access the wallet on that other chain. Always confirm the chain before sending, not after.

Wallet check results are sourced from public databases including GoPlus Security, Etherscan, Alchemy, and honeypot.is. dApp / website results are sourced from MetaMask eth-phishing-detect, ScamSniffer, GoPlus Security, URLScan.io, and OpenPhish. All findings are reported from third-party databases and are not independently verified by SusuFinance. This tool does not constitute financial or legal advice. Always do your own research.
A free tool by SusuFinance — crypto portfolio tracker & bookkeeping tool.