Paste a page URL and page HTML or source. This runs the same trust-borrowing signal the extension uses to catch fake pages that lean on real brand assets, policy pages, and support links.
Phishing pages often borrow legitimacy by linking to real brand-owned assets: a privacy page, a support link, a hotlinked logo, or a script from a known brand domain. That does not make the page real. It just makes the fake page feel more believable.
If the tested page lives on an unrelated domain but links out to PayPal, Google, Microsoft, Apple, or bank-owned resources, the mismatch matters. If the page also contains a password field, the risk score rises because the borrowed trust is now supporting a likely credential flow.
Paste the page URL and the saved HTML or source. The checker resolves relative links against the page URL the same way the browser does, then compares those outbound references against the trusted-brand map bundled into the extension.
A clean result only means this specific signal stayed quiet. It does not guarantee the page is safe. The extension combines this with other signals like domain mismatch, hidden iframes, suspicious password forms, and exposed token patterns.