AI-powered phishing detection. Open threat database.
Norn Labs builds tools to catch phishing pages that blocklists miss. Muninn is a Chrome extension that scans pages in real time using AI. Yggdrasil is the open database of reported phishing URLs that anyone can search and contribute to.
Muninn (Chrome extension)
- • Scans every page you visit automatically.
- • AI catches threats not on any blocklist yet.
- • Warns you before you enter passwords or payment info.
Yggdrasil (open database)
- • Look up any URL to see if it's been reported.
- • Submit suspicious links for AI analysis and review.
- • URLs clearly labeled: phishing / clean / pending.
Free during beta. Create an account to unlock all features.
Is this link safe?
Paste a URL to check it against the Yggdrasil database.
Not in the database? That doesn't mean it's safe, just that nobody has reported it yet. Create a free account to submit URLs for AI analysis and review.
See Muninn in action
This phishing page wasn't flagged by Chrome. Muninn caught it.
Recent entries in Yggdrasil
Open full view| URL | Status |
|---|---|
| https://ml-1901.pro/74946779 Entity: FRANCE COLIS | The domain name 'ml-1901.pro' has no relation to the 'France Colis' branding displayed on the page, which is a classic indicator of a phishing attempt.; The page uses a generic, suspicious domain to solicit sensitive personal information like a phone number under the guise of parcel tracking. | Phishing |
| https://prvr-rewards.xyz The website employs classic scam tactics such as a fake 'live' claim feed and a countdown timer to create a sense of urgency and false social proof.; The domain uses a low-reputation .xyz TLD and requests a wallet connection to claim an 'airdrop,' which is a primary indicator of a crypto-drainer phishing attack. | Phishing |
| https://claim-river.icu Entity: River | The domain uses a suspicious .icu TLD and the 'claim-' prefix, which are common indicators of phishing and crypto-drainer sites.; The website impersonates a known brand (River) while requesting wallet connections for an 'airdrop,' a classic social engineering tactic to steal digital assets. | Phishing |
| https://van.vanmirop.com Source: other | Phishing |
| https://corebridgefinance.dev | Phishing |
| https://alliantunion.credit | Phishing |
| https://bellcocu.credit | Phishing |
| https://covantagecredit.group/index.php Entity: CoVantage Credit Union | The domain covantagecredit.group is not the legitimate website for CoVantage Credit Union, which officially uses covantagecu.org.; The provided support line uses a New York area code (212), which is inconsistent with a regional credit union based in Wisconsin and Michigan. | Phishing |
| https://pinnaclebank.credit | Phishing |
| https://qrco.de/bggIoK | Phishing |
The Muninn extension checks against Yggdrasil plus AI analysis that can catch threats not in the database yet. Submitting URLs requires logging in.