NetSight beta
IP

Safe Browser

Open suspicious URLs in a sandboxed headless browser. Screenshot, threat intelligence (Google Safe Browsing, VirusTotal, URLhaus, ThreatFox) and final-URL tracing without exposing your machine.

About the safe browser

Paste any URL and NetSight opens it in a sandboxed headless browser at our edge. You get a screenshot, the final URL after redirects, and a threat-intelligence roll-up from Google Safe Browsing, VirusTotal, URLhaus and ThreatFox. Your own machine never fetches the URL.

What we run

  • IP-logger detection - matches the link and its redirect destination against a curated list of 150+ known IP-grabber services and their custom-domain aliases.
  • URL-shortener detection - flags common shorteners that can mask any destination.
  • Brand-lookalike detection - catches typosquats of high-value targets like payment providers, gaming platforms and major mail services.
  • Multi-source threat intelligence - aggregated verdicts from several external reputation and malware-tracking providers.
  • Safe-browsing database - social-engineering, malware and unwanted-software flags.
  • Headless screenshot of the final page via our browser.
  • Redirect trace - where the URL actually lands after 301/302.

NetSight Score

Every analysis boils down to a single number from 0 to 100. The NetSight Score is an aggregate of all signals we find: IP-logger matches, brand lookalikes, threat-intel hits, URL shorteners, punycode tricks, suspicious TLDs, redirect chains and more. Higher means riskier.

  • 0-14 Safe - no signals beat the threshold. Green bar.
  • 15-34 Caution - minor signals (shortener, suspicious TLD, unknown brand). Orange bar.
  • 35-59 Suspicious - multiple signals or a single strong one (brand lookalike, 1-2 VT flags). Orange bar.
  • 60-100 High risk - IP logger, URLhaus/ThreatFox listing, Google Safe Browsing flag, or multiple scanner verdicts. Red bar.

The breakdown of every contributing signal is shown under the score so you can see why.

IP loggers and how they work

IP-logger sites (IPLogger, Grabify, 2no.co, Blasze etc.) turn a short link into a tracker. When you click the link, the logger records your public IP address, approximate city, ISP, browser user agent and referrer, then forwards you to an innocent-looking destination. Common shorteners like bit.ly or tinyurl can be chained in front to hide the logger.

The typical pattern in scam DMs: "Look at this photo of you!"https://iplogger.org/xxxxx → victim's IP ends up in an attacker's dashboard. Use this tool before you click.

NetSight maintains a curated blocklist and immediately flags matches with a red warning, even before the slower threat-intel scans complete.

When it's useful

  • Checking a link from a suspicious DM, email or game chat without risking your IP or browser.
  • Verifying a phishing landing page before reporting it.
  • Confirming a URL shortener's actual destination.
  • Investigating harassment links aimed at doxxing you or someone you know.

Questions

Is the page actually loaded?
Yes - fully rendered in a real Chromium instance at the edge. No JavaScript is skipped, the screenshot reflects what a normal user would see.
Can the target site see me?
They see our edge browser's IP and a generic user agent. They cannot fingerprint your machine.
Why sometimes no screenshot?
Some sites block headless browsers (Cloudflare challenges, custom fingerprinting). The threat-intel checks still complete.
How does the IP-logger list work?
Matches are done against the full hostname and all registrable parent domains. A link to a.iplogger.org matches the iplogger.org entry. The list covers 150+ known services including the Grabify custom-domain aliases users can pick (screenshare.pics, fortnitechat.site, yourmy.monster and more) and is baked into the tool for instant checks.
Why isn't iplocation.net blocked entirely?
iplocation.net has a legitimate public IP-lookup front page. Only its tracker subdomain (tracker.iplocation.net) is flagged - the root domain stays clean.
Can I add a domain I know is an IP logger?
Send the domain to the contact e-mail in the legal notice. Entries go in the curated list after quick verification.
IP Lookup
Instant geolocation, ISP, ASN, abuse history and reputation for any IPv4 or IPv6 address.
DNS Lookup
Query A, AAAA, MX, TXT, NS, SOA, CNAME, CAA and SRV records from authoritative resolvers.
WHOIS Lookup
Domain ownership, registrar, nameservers and key dates.
Subdomain Finder
Enumerate subdomains via Certificate Transparency and OTX.