Even if the file is clean, it may be copyrighted. Use the following checks:

If you cannot confirm a lawful status, consider it unverified and avoid distribution.

| Action | Why it matters | How to do it | |--------|----------------|--------------| | Use a sandbox or virtual machine (VM) | Isolates any potential malware from your main OS. | Install VirtualBox / VMware, create a fresh Windows/Linux VM, and perform all downloads inside it. | | Run a URL safety scan | Detects phishing, malicious domains, or known malware distributors. | Paste the link into services like URLVoid, VirusTotal URL, or Google Safe Browsing. | | Check the domain reputation | Mirror sites often use obscure or newly registered domains. | Use WhoisXML API or DomainTools to see the creation date and registrar. Older domains (>5 years) are slightly more trustworthy. |

| ✅ | Action | |----|--------| | 1 | Verify URL reputation (URLVoid, VirusTotal). | | 2 | Download inside a sandbox/VM. | | 3 | Scan with antivirus and VirusTotal. | | 4 | Compute checksum and compare with a trusted source. | | 5 | Use MediaInfo/ffprobe to confirm codec, resolution, bitrate. | | 6 | Play a short segment in a sandboxed media player. | | 7 | Confirm legal status (public domain, Creative Commons, official release). | | 8 | If any step fails, delete the file and look for a legal alternative. |