Everything you need to triage an alert — analyse an email header, look up an IP or domain, check WHOIS, scan a link, decode a JWT, test a password and more. Free, in your browser, nothing stored by us.
Paste full raw email headers ("Show original" / "View source"). Extracts the sender path, auth results (SPF/DKIM/DMARC) and the originating IP.
Scan a suspicious link for common phishing red flags. Heuristic only — never log in via an unverified link.
Make indicators safe to share (hxxp, [.]) or restore them. Works on URLs, IPs and emails.
Geolocation, ASN, ISP and network type for an IPv4/IPv6 address.
A, AAAA, MX, NS and TXT records plus SPF/DMARC checks (Google DNS-over-HTTPS).
Registrar, creation/expiry, status and nameservers via RDAP. Young domains are a phishing signal.
Network, broadcast, mask, host range and count for an IPv4 CIDR block.
Check whether an email appears in known public breaches. Only the address is sent to the lookup service; we never store it.
See how strong a password is and roughly how long it would take to crack. Don't paste a password you actually use.
Create a random, hard-to-crack password and copy it to your password manager.
Decode the header & payload of a JSON Web Token. Signature is not verified.
Encode/decode Base64 and generate a SHA-256 hash — handy for CTFs, logs and integrity checks.
Convert a Unix timestamp (seconds or milliseconds) to readable UTC, local and ISO time.
All tools run in your browser. IP, DNS and WHOIS lookups call free public services (ipwho.is, Google DNS, RDAP) directly from your device. Use only on assets you're authorised to investigate. Heuristic checks (phishing, password) are guides, not guarantees.