Investigator Use
URLQuery is a web-based URL analysis and scanning service that automatically fetches and analyzes submitted URLs in an isolated environment, capturing network traffic, page content, and behavioral indicators to identify malicious activity. For security analysts, incident responders, and OSINT investigators evaluating suspicious URLs, URLQuery provides detailed sandbox analysis without exposing the analyst's machine to potential threats.
When a URL is submitted to URLQuery, the service visits the URL using an instrumented browser, captures all HTTP requests made during page loading (including requests to third-party domains, CDNs, and ad networks), records JavaScript execution, captures screenshots of the rendered page, and checks associated infrastructure against threat intelligence databases. The resulting report provides comprehensive visibility into what actually happens when the link is clicked.
The network traffic analysis is particularly valuable for threat intelligence: suspicious pages often make connections to command-and-control infrastructure, load exploit code from external servers, or redirect through multiple domains before delivering malicious payload. URLQuery captures this full chain — revealing infrastructure that wouldn't be visible from simply examining the initial URL.
For OSINT investigators, URLQuery is useful when analyzing suspicious shortened links, investigating phishing reports, examining malvertising chains, or researching malicious infrastructure. Submitting a suspicious URL instead of clicking it provides all the investigation intelligence without any of the risk to the investigator's environment.
URLQuery also checks submitted URLs against known malware databases and blacklists, providing immediate context about whether the URL or associated infrastructure has been previously identified as malicious. Historical scan results may also be available for previously analyzed URLs.
The service provides a public API for programmatic URL submission and result retrieval, enabling integration into automated malware analysis workflows and threat intelligence pipelines.
Limitations include sandbox detection: sophisticated malware checks for sandbox environments and may behave benignly when analyzed. For evasion-aware malware, behavioral analysis in multiple sandbox environments provides more comprehensive coverage. Pair URLQuery with URLScan.io, VirusTotal, and ANY.RUN for thorough URL analysis.
Document analysis timestamps, submitted URLs, and key findings from URLQuery reports in incident response records.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
ArchiveBox
Web & URL OSINT
ArchiveBox is self-hosted open-source web archiving for preserving websites, social posts, and online evidence for investigations.
Builtwith
Web & URL OSINT
Web technology information profiler tool. Find out what a website is built with.
Check short url
Web & URL OSINT
CheckShortURL expands shortened URLs to reveal the final destination before clicking, supporting safe analysis of potentially malicious links.
Cute Stats
Web & URL OSINT
Cutestat provides website analytics including traffic estimates, Alexa rank, server details, WHOIS data, and SEO metrics for any domain.
Down for who?
Web & URL OSINT
Down For Everyone Or Just Me confirms whether a website is globally offline or unavailable locally during OSINT investigations.
Fast Osint Crawler
Web & URL OSINT
Photon is a fast OSINT crawler extracting URLs, emails, files, subdomains, and metadata from any target website for investigators.