Upload a file to Palo Alto WildFire. Get a full verdict PDF report by email.

Check a URL against VirusTotal, URLhaus and Google Safe Browsing.

Check a SHA-256, SHA-1 or MD5 hash against VirusTotal 70+ engines.

AbuseIPDB score, categories, report count, Tor / VPN / proxy detection.

Query any record type (A, AAAA, MX, TXT, NS, CNAME, SOA, PTR, SRV, CAA…) across 1.1.1.1, 8.8.8.8 and 9.9.9.9 side-by-side.

Batch RDAP lookup for up to 20 domains or IPs. Resolves via IANA bootstrap, no rdap.org dependency.

Find all certificates ever issued for a domain via crt.sh CT logs.

Full SPF parse, recursive flatten, void-lookup counter, include-tree visualisation.

Full DMARC policy parse — p=, sp=, pct=, rua=, alignment mode, spoofing risk score.

Paste raw email headers — full hop-by-hop analysis, delay map, SPF/DKIM/DMARC result extraction.

Connect to mail server, verify STARTTLS is advertised and enforced.

Check if the mail server accepts unauthenticated relay (SMTP misconfiguration).

Check domain or IP against 50+ major DNS blacklists and reputation lists.

Check certificate chain, expiry, SAN list, issuer, OCSP stapling, CT log presence.

Protocol support, cipher suite rating, HSTS, headers — overall A–F security grade.

Verify the OCSP endpoint is reachable and returns a valid, non-revoked response.

Check certificate revocation via OCSP and CRL Distribution Point.

Paste PEM/DER — decode all X.509 fields in-browser. Nothing is sent to the server.

Generate RSA 2048/4096 or ECDSA P-256/P-384 keypair + CSR. 100% in-browser — key never leaves your device.

Convert between PEM, DER, PFX/PKCS12 — fully in-browser. Private keys never leave your device, even if encrypted.

Paste a PEM bundle to inspect + verify the chain. Or paste a leaf cert and we fetch the intermediates via AIA.

Check URL reachability, status code, response time, redirect chain, TLS version.

Postman-lite API tester. Send any method with custom headers, body, and auth from our edge.

Real TCP probe from our edge. Detects open ports regardless of protocol. Custom ranges + banner grab.

IPv4/IPv6 subnet scoping — drag prefix slider, jump prev/next, split subnets, IP range → CIDRs.

Geolocation, ASN, BGP prefix, abuse contact, Tor/VPN/proxy/cloud detection.

What IP does the world see? Shows your public IP, ASN, location, and cloud/VPN detection.

HTTP-based path analysis — trace the route to a destination with hop-by-hop timing.

Grade CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy — A to F.

Follow all HTTP redirects, show each hop's status code, location, and timing.

MD5, SHA-1/256/384/512, BLAKE2, HMAC — 100% in-browser, data never leaves your device.

Decode header, payload, signature. Flags alg:none, shows expiry countdown. In-browser.

Standard and URL-safe Base64. Supports text and file input. In-browser.

Decode & encode Unix (s/ms/µs/ns), Windows FILETIME, WebKit, Mac Absolute, LDAP/AD time.

Configurable character set, entropy display, zxcvbn strength score. In-browser.

Symbolic ↔ octal ↔ binary Linux permissions. Includes setuid, setgid, sticky bit.

Human-readable cron schedule, next 10 run times, timezone-aware.

Merge multiple PDFs, split into ranges, rotate / reorder pages. Runs entirely in your browser.

Combine one or more images into a single PDF. JPEG, PNG, WebP supported. In-browser.

Extract text, images, and metadata from a PDF. Strip metadata for privacy. In-browser.

Add or remove password protection from a PDF. Your passwords never leave the browser.

Convert .docx documents to PDF in your browser. No upload to any server.

Convert PNG ↔ JPEG ↔ WebP, resize, strip EXIF metadata for privacy. In-browser.