Safebrowsing utilizes a cloud-based virtual browser environment to analyze potentially risky websites. This isolated environment protects the local system from malicious activity encountered during browsing.
Users can manually explore suspicious URLs within this virtual session. Safebrowsing’s real-time analysis, powered by proprietary technology, identifies threats and generates a report after each session.
The report includes Indicators of Compromise (IOCs) and a detailed network traffic analysis encompassing connections, DNS/HTTP requests, and threats detected by the Suricata intrusion detection system.
It offers a three-step process for analyzing websites. First, users input a URL, which is then opened in a secure virtual browser. Users can then interact with the website as they would normally, while Safebrowsing monitors for malicious content.
Once finished, the service generates a report detailing detected threats and suspicious activities, including a list of Indicators of Compromise (IOCs) and exported packet data in PCAP format.
What are Possible use Cases for Safebrowsing?
Safebrowsing is a universal tool that can be of great help in different scenarios.
- Open URLs within a secure, isolated, and full-size virtual browser to prevent any potential threats from affecting your local system.
- Speed up the process of analyzing and responding to suspicious links.
- Make link checks safe, simple, and quick for non-security employees.
- Prevent infections and increase the general level of security in the organization.
- Demonstrate the risks of clicking on suspicious links as part of training on safe browsing practices.
- Observe network traffic for malicious activity to detect threats in real time.
- Improve detection of phishing threats thanks to ANY.RUN’s advanced capabilities.
- Download traffic data and the identified indicators of compromise.
- Share the completed session as evidence of malicious content.
How Safebrowsing Works
Submit URL
Safebrowsing, unlike ANY.RUN’s sandbox, analyzes URLs only within a pre-configured environment, offering a simpler interface for non-experts, which lacks in-depth system monitoring and file access capabilities.
Interact and Examine Threats
While similar to URL scanners that check against known malicious lists, Safebrowsing goes a step further by providing an interactive virtual browser to explore the website’s behavior in a controlled setting, which allows for a more comprehensive analysis beyond just identifying previously known threats.
Collect IOCs
It can be leveraged to enhance security across various aspects and enables the safe analysis of URLs within isolated virtual environments, preventing potential threats from compromising the local system, which streamlines the investigation of suspicious links, making it accessible even for non-technical users.
It also safeguards organizations by proactively blocking malicious websites and downloads, boosting overall security posture, and can also be used for educational purposes, allowing security teams to demonstrate the dangers of clicking suspicious links during training sessions.
Safebrowsing empowers organizations to proactively combat phishing threats. By enabling employees to safely explore suspicious URLs, it facilitates early identification and mitigation of data breaches and financial losses.
By serving as a valuable training resource, it enhances employee awareness of web-based threats and fosters preparedness by empowering non-expert staff to independently assess suspicious links, saving time and resources for security professionals.
Analyze your first URL right away Using ANY.RUN's New Safe Browsing Tool.