Investigation & Threat Analysis Tools
Welcome to the Investigation & Threat Analysis Tools — a curated collection of tools designed to help security analysts, blue teamers, students, and curious users safely investigate potential threats without exposing their devices to harm.
Use these tools to safely inspect suspicious websites, files, and indicators—without needing to interact with threats directly.
They’re free, browser-accessible, and widely used by defenders, threat hunters, students, and security professionals.
Suspicious URL & Domain Analysis
-
Browserling
Disposable cloud-based browser for interacting safely with suspicious websites. Great for testing forms, pop-ups, or dynamic behavior that passive scans might miss. -
URLHaus
IOC feed for live malicious URLs and phishing infrastructure. Great for checking if a domain is part of a known malware campaign. -
URLScan.io
Visual breakdown of website behavior, requests, and embedded objects. Safe way to “look” at a website without visiting it directly. -
VirusTotal
URL scanning with results from multiple antivirus engines. Provides reputation, detection counts, and detailed analysis.
File & Malware Sample Analysis
-
AnyRun
Real-time, interactive malware sandbox. Upload a file or search by hash to watch execution live with full behavior tracking. -
Hybrid Analysis
Sandbox analysis platform to observe runtime behavior, file system changes, and dropped payloads. Free with account. -
MalwareBazaar
Repository of real-world malware samples. Search by hash, file type, or signature; includes pivot links to vendors and sandbox results. -
VirusTotal
Also used for file scanning. Upload or lookup hashes to get multi-engine detection and behavioral insights.
IOC Search & Threat Enrichment
ThreatFox
Community-driven platform for sharing and searching IOCs like IPs, hashes, and URLs. Useful for enriching alerts and building blocklists.
Know another useful tool?
Contribute to the list or suggest additions below.
How to Contribute