You can’t. You can, however tell if a particular URL is believed to be dangerous by any of several organizations that track such things.
Your browser probably has something built in; Firefox and Chrome do, for example. If you attempt to visit a known-bad URL, the browser will warn you and make you click through the warning before you do. Some other comments in this thread suggest third-party services that will also do this, and may even attempt to check the content found at the URL for known malware.
You don’t really, other than checking certificates.
URLs are just an address to access content, they don’t have much inherent connection to the content that is there. Most legitimate websites use signed certificates to demonstrate validity, but certificates won’t tell you if someone infiltrated a legitimate site and uploaded malware to it, for instance.
Avoid http:// connections in favor of https://, as http:// is unsigned, unencrypted, open traffic that anyone with access to your network can snoop on.
Also certificate does not ensure the website is safe, only that you are really talking with the server the URL points to, and not a man-in-the-middle trying to hijack your information (like passwords or payment details).
Nothing stops a malicious site to have a valid https certificate. Sure, more spam-friendly Certification Authorities like Let’s Encrypt might revoke spammy certificate, but that’s not nevesserily always true.
Also it’s no indication that the server itself is secure - if I manage to get access to… say Amazon’s webserver, I could modify it to send all credit card details, usernames, passwords, etc. to me when someone buys something/logs in. The certificate wouldn’t indicate any of that
There are a couple ways, safest is most dns or online toolboxes have checkers, I use this one a lot https://easydmarc.com/tools/phishing-url, really helpful when you’re checking quarantined message links.
If you are dealing with a business you could check, if their adress and tax number are the same as in any official records and sound plausible.
