![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![[DEALS] The Premium Learn to Code Certification Bundle (97% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From drop-out to software architect with Jason Lengstorf [Podcast #167]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743796461357/f3d19cd7-e6f5-4d7c-8bfc-eb974bc8da68.png?#)
.png?#)
_Christophe_Coat_Alamy.jpg?#)
 (1).webp?#)
![Apple Considers Delaying Smart Home Hub Until 2026 [Gurman]](https://www.iclarified.com/images/news/96946/96946/96946-640.jpg)
![iPhone 17 Pro Won't Feature Two-Toned Back [Gurman]](https://www.iclarified.com/images/news/96944/96944/96944-640.jpg)
![Tariffs Threaten Apple's $999 iPhone Price Point in the U.S. [Gurman]](https://www.iclarified.com/images/news/96943/96943/96943-640.jpg)
Security Researchers Now Analyse Any URL With ANY.RUN Safebrowsing Tool Extension for Free
ANY.RUN, a global leader in Interactive Malware sandboxes, has upgraded its browser extension to include the Safebrowsing feature, which is now available for free to all users. This tool is designed to help businesses and individuals combat phishing attempts, malicious redirects, and hidden malware by providing a secure, interactive environment for analyzing suspicious links. Safebrowsing […] The post Security Researchers Now Analyse Any URL With ANY.RUN Safebrowsing Tool Extension for Free appeared first on Cyber Security News.
ANY.RUN, a global leader in Interactive Malware sandboxes, has upgraded its browser extension to include the Safebrowsing feature, which is now available for free to all users.
This tool is designed to help businesses and individuals combat phishing attempts, malicious redirects, and hidden malware by providing a secure, interactive environment for analyzing suspicious links.
Safebrowsing Features:
- Secure Browsing: Open URLs within a secure, isolated, and full-size virtual browser.
- Real-Time Threat Detection: Observe network traffic for malicious activity to detect threats in real time.
- Data Download: Download traffic data and identified indicators of compromise.
- Session Sharing: Share completed sessions as evidence of malicious content.
.png)
How Safebrowsing Works
Safebrowsing operates as a fully functional virtual browser within the cloud, allowing users to safely interact with potentially harmful URLs.
This feature is particularly effective for investigating multi-stage phishing attacks and CAPTCHA-based fraud.
By isolating the browsing environment, it ensures that no malicious activity affects the local system or network.
Security teams can now analyze suspicious URLs instantly through ANY.RUN’s browser extension.
Instead of manually copying and pasting links into the platform, users can right-click on any link and select “Safebrowsing” from the context menu. This seamless integration significantly speeds up threat detection and response processes.
All you need is a registered account to start analyzing suspicious links instantly.
- Install the ANY.RUN browser extension
- Right-click on any suspicious link
- Select “Safebrowsing” to launch an instant analysis
Key Features and Benefits
- Instant URL Analysis: Users can check suspicious links with a single click, eliminating the need for manual input.
- Faster Threat Analysis: The streamlined process allows security teams to quickly assess link behavior in a safe, full-size virtual browser.
- Enhanced Employee Safety: Businesses can test unknown URLs in an isolated environment before opening them on corporate devices, reducing risks of malware infections and phishing attacks.
Safebrowsing provides a controlled environment where security analysts can explore the entire attack chain and uncover hidden threats. For example:
- Multi-Stage Phishing Analysis: Analysts can dissect phishing schemes step-by-step. In one case study, a seemingly harmless file-sharing link led to a fake Microsoft login page designed to steal credentials.
- CAPTCHA-Based Fraud Investigation: The tool bypasses CAPTCHA barriers often used by cybercriminals to evade automated scanners, revealing fraudulent pages disguised as legitimate login portals.
The Network Inspector feature further enhances investigations by offering real-time monitoring of network connections, HTTP requests, and potential threats identified by Suricata rules.
Equip Your Security Team with Instant URL Analysis Install ANY.RUN’s Browser Extension
Interactive Threat Investigation with Safebrowsing
Safebrowsing enables security analysts to interact with the entire attack chain, monitor network activity, and uncover hidden threats in a controlled, isolated environment.
Analyzing a Phishing Attempt Disguised as a TransferNow Link
In this example, we examine a phishing attack that leverages a fraudulent TransferNow link. TransferNow is a legitimate file-sharing service that allows document transfers up to 250GB.
By right-clicking the suspicious URL, the link is instantly opened within ANY.RUN’s isolated browser, eliminating the need for manual copying and pasting.
Upon execution, the link directs to a spoofed TransferNow webpage, presenting a deceptive document download prompt. Selecting the “Download File” option opens a PDF document instead of initiating a file transfer.
Layered Phishing Strategy
The displayed PDF mimics a SharePoint document, prompting users to download another file. This multi-step approach exploits psychological manipulation, gradually lowering user suspicion and increasing the likelihood of credential theft.
Upon downloading the secondary file, users are redirected to a fake Microsoft login page. However, analysis reveals the URL has no legitimate affiliation with Microsoft, a clear indicator of credential harvesting.
Indicators of Compromise (IoCs):
- Mismatched or suspicious domain names.
- Absence of valid security certificates.
- Broken or missing favicons, indicating incomplete phishing page setup.
CAPTCHA-Based Fraud Investigation
Cybercriminals increasingly deploy CAPTCHA mechanisms to obstruct automated security scanners while maintaining accessibility for human victims.
In this analysis, Safebrowsing allows analysts to bypass these barriers through automated interactivity, providing a direct path to analyze phishing attempts hidden behind CAPTCHA walls.
Safebrowsing Session for CAPTCHA-Protected Attacks
Right-clicking a suspicious link and selecting “Safebrowsing” automatically opens the URL in an isolated environment, streamlining the investigation process.
The link initially presents a Cloudflare CAPTCHA page, a common evasion tactic used to prevent automated security tools from detecting fraudulent activity.
Phishing Site Identification
Once the CAPTCHA is bypassed, the site redirects to a fake Google login page. A detailed examination of the URL confirms it has no legitimate association with Google, exposing the fraudulent attempt.
Additional Indicators of Compromise:
- Fake or missing favicons, revealing poor site replication.
- Domain inconsistencies that do not match official services.
- Lack of proper TLS/SSL configurations.
Network Analysis with Safebrowsing
According to ANY.RUN Reports, Safebrowsing integrates a Network Inspector, accessible in the upper-right corner of the interface, offering comprehensive real-time analysis of network traffic, HTTP requests, and security threats.
Advanced Network Monitoring Features:
- Traffic Inspection: Monitor outgoing and incoming network connections.
- Suricata-Based Threat Detection: Identify malicious network behavior and exploit attempts.
- HTTP Request Analysis: Extract critical metadata, including headers and payloads, to assess potential threats.
Using Suricata rules, analysts can quickly detect phishing domains, track attacker infrastructure, and mitigate security risks with enhanced precision.
Extended Threat Analysis with ANY.RUN’s Sandbox Extension
For deeper security assessments, the full version of ANY.RUN’s browser extension provides interactive sandbox analysis capabilities.
How to Get Started
To use Safebrowsing for free, users must register for an ANY.RUN account and install the browser extension. Here’s how it works:
- Install the ANY.RUN browser extension.
- Right-click on any suspicious link.
- Select “Safebrowsing” to launch an instant analysis in an isolated environment.
For organizations requiring deeper analysis, the full version of ANY.RUN’s extension offers access to its Interactive Sandbox. This includes features like file and link analysis on virtual machines, detailed threat reports, and extended session durations for comprehensive investigations. These advanced tools are available through Hunter or Enterprise subscriptions.
Why Safebrowsing Matters
By offering Safebrowsing for free, ANY.RUN empowers businesses and individuals to proactively defend against cyberattacks. The tool not only enhances threat detection but also serves as a valuable training resource for employees, helping them recognize phishing schemes in a safe setting.
With this upgrade, ANY.RUN continues its mission of simplifying malware analysis and improving cybersecurity resilience worldwide.
Access all features of ANY.RUN’s Interactive Sandbox - Get a 14-day free trial
The post Security Researchers Now Analyse Any URL With ANY.RUN Safebrowsing Tool Extension for Free appeared first on Cyber Security News.
.webp?#)
