Free Online Security &
Network Tools

The Link Checker tool lets you verify whether any URL is safe before you click it. It submits the URL to multiple threat intelligence engines and reputation databases, checking for phishing page indicators, malware distribution, blacklist status, and domain reputation score. Results include a clear safety verdict, raw signal data, and a screenshot preview where available. Use this tool any time you receive a suspicious link in email, chat, or social media.

The URL Sandbox opens any URL inside an isolated cloud browser environment and captures full behavioural telemetry, page screenshots, network requests, JavaScript execution, redirect chains, and resource fingerprints. Unlike simple reputation checks, the sandbox actually visits the page to detect sophisticated threats that only activate on interaction, such as drive-by downloads, browser exploits, or cloaked phishing pages.

The Threat Intelligence lookup aggregates data from dozens of threat intelligence feeds and blocklists to check any IP address, domain name, or file hash against known indicators of compromise (IOCs). Results show whether the entity appears in any threat databases, associated malware families, attack categories, geolocation data, and autonomous system information.

The What Is My IP tool instantly detects and displays your public IPv4 address along with enriched network context: your Internet Service Provider (ISP), Autonomous System Number (ASN), approximate geographic location (country, region, city), timezone, and PTR hostname if available. Unlike simple IP detectors, this tool pulls enriched ARIN/RIPE/APNIC registry data to give you the full picture of your network identity as seen by the internet.

Raw email headers contain a complete audit trail of every server an email passed through, from the sender's mail client to your inbox. The Email Header Analyser parses this metadata to trace the originating IP address, validate SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC authentication results, detect time delays, and identify relay servers. This is the definitive first step in any phishing or email spoofing investigation.

Verifying a downloaded file's cryptographic hash against the publisher's published checksum is one of the most reliable ways to confirm a file has not been tampered with or corrupted in transit. This tool computes MD5, SHA-1, SHA-256, and SHA-512 hashes for any file, entirely inside your browser without uploading the file to any server, protecting the privacy of sensitive documents while still providing complete hash verification capability.

A reverse IP lookup queries passive DNS data to enumerate all domains that currently resolve, or have historically resolved, to a given IP address. This is essential for discovering shared hosting co-tenants, understanding CDN configurations, identifying if malicious domains share infrastructure with legitimate sites, and mapping the full attack surface of an IP. Enter either an IP address or domain name to get the full shared-hosting map.

The DNS Lookup tool queries live DNS infrastructure for any record type associated with a domain: A (IPv4 address), AAAA (IPv6), MX (mail server), TXT (SPF, DKIM, verification tokens), NS (nameservers), CNAME (aliases), SOA (zone authority), CAA (certificate authority authorisation), PTR (reverse DNS), and SRV (service discovery). Data is fetched in real time, not from a cache, ensuring you always see the current state of a domain's DNS configuration.

While a forward DNS lookup resolves a domain name to an IP, a reverse DNS lookup resolves an IP address back to its associated hostname via PTR records. PTR records are set by IP block owners (ISPs and hosting providers) and are checked by mail servers to verify sending IP identity, a misconfigured or missing PTR record is a strong spam signal. Use this tool to verify PTR records for mail server troubleshooting or to identify the operator behind any IP.

WHOIS is the authoritative database for domain registration information. A WHOIS lookup returns the registrar name, registration date, expiry date, last updated timestamp, authoritative nameservers, and registrant contact details (where not redacted by GDPR privacy shields). WHOIS data is the starting point for any domain investigation: determining ownership, checking domain age (older domains are generally less suspicious), and identifying the responsible party for abuse reports.

Domain popularity rankings aggregate traffic data from web measurement panels, browser telemetry, and DNS query volumes to estimate the global ranking of any website. A lower rank number means higher traffic. In cybersecurity, domain rankings are a powerful signal: highly ranked domains like bank websites are far less likely to be phishing sites than newly registered, unranked domains. Use this tool to quickly assess whether an unfamiliar domain has any established web presence.

Subdomain enumeration discovers the full inventory of public-facing subdomains for any domain. Our tool uses passive data sources, certificate transparency logs, public DNS datasets, and web crawl data, rather than active brute-force queries. This means results are non-intrusive and do not generate traffic against the target. Security teams use subdomain enumeration to map their external attack surface, find forgotten development or staging environments, and identify misconfigured assets before attackers do.

Short links, affiliate tracking URLs, and marketing redirects can chain through many intermediate servers before reaching the final destination. The URL Redirect Tracker follows every HTTP redirect step-by-step and records the full chain: each intermediate URL, the HTTP status code at each hop (301 Moved Permanently, 302 Found, 307 Temporary Redirect, etc.), and the final landing page. Use this to unmask hidden destinations behind short links, detect open-redirect abuse, and verify affiliate link final destinations.

An IPv4 address is a 32-bit unsigned integer displayed in dotted-decimal notation (four octets, each 0–255). This tool converts between the human-readable dotted-decimal format and the underlying integer value, and vice versa. Some firewall platforms, database systems, and programming languages represent IP addresses as integers for efficient storage and comparison, this converter bridges both formats instantly.

Threat intelligence reports, security bulletins, phishing email bodies, and log files contain embedded indicators of compromise scattered through unstructured text. Manually identifying and extracting every IP, domain, URL, hash, and email address is time-consuming and error-prone. The IOC Extractor automatically parses any block of text and returns a clean, categorised list of all indicators, ready to be imported into your SIEM, threat intelligence platform, or blocklist.

Weak and reused passwords remain one of the top causes of account compromise. This generator creates cryptographically strong passwords using a configurable character set, uppercase, lowercase, digits, and symbols, at any length from 8 to 64 characters. Multiple passwords can be generated simultaneously for bulk provisioning. All generation happens server-side with a CSPRNG (cryptographically secure pseudorandom number generator), passwords are never logged or stored.

Base64 encoding converts binary data or text into a printable ASCII string using an alphabet of 64 characters. It is used extensively in HTTP Basic Authentication header values, JWT (JSON Web Token) payloads, data URIs, MIME email attachments, and API credential strings. URL encoding (percent encoding) replaces unsafe characters in URLs with %XX hex escape sequences. This tool handles both Base64 encode/decode and URL encode/decode in one place.

CIDR (Classless Inter-Domain Routing) notation compresses an entire IP address range into a concise network/prefix format. This converter calculates all properties of a CIDR block: network address, broadcast address, subnet mask, wildcard mask, first and last usable IP, total host count, and the full list of IPs within the block (for ranges up to /24). Also supports the reverse direction: given any IP and prefix length, calculate the containing CIDR block.