The link opens there. You watch from here.

Live analysis is the first half of every investigation: a throwaway browser boots in our cloud, opens the link, and streams itself to your tab while Guard.ch writes down every move it makes. You see everything. The page never sees you.

A browser on the end of a wire.

When you press Analyze, nothing opens on your machine. The page loads inside a disposable container in our cloud, and what reaches your tab is a live stream of it. Exactly two things travel on that wire, and neither one is the page.

Nothing downloads

Scripts, pop-ups and drive-by payloads all execute in the container, on hardware built to be wiped. Your machine only ever decodes video.

Nothing identifies you

DNS and traffic leave our network, not yours. The site meets a fresh browser at one of our addresses, never your IP, your fonts or your screen.

Nothing to install

Live analysis runs in any tab you already have. The browser extensions are a shortcut to it, not a requirement.

Live means your hands on the wheel.

The stream is interactive: clicks, keys and scrolls are forwarded as you make them. Follow the redirect, open the pop-up, feed the fake login a made-up password. Here it costs nothing.

There is a real address bar, too. Steer anywhere mid-investigation; the recording follows.

While you browse, it counts.

A live tally runs beside the stream, refreshed every couple of seconds. Everything the page does is counted the moment it happens; the report keeps the detail.

  • Every request and its response
  • Redirects and failed calls
  • Cookies, the moment they are set
  • localStorage and sessionStorage writes
  • WebSocket and server-sent messages
  • Fingerprinting attempts, by technique
  • Permission prompts
  • WebRTC connections and IP leaks
  • Tracker hits
  • Technologies the page is built with
  • WHOIS, IP and reputation lookups
  • Console output and hidden exceptions

The page meets a stranger.

Your page meets a brand-new browser: no history, no cookies, a fingerprint minted seconds ago, calling from one of our addresses.

Some pages only show their real face in certain countries. Pick the egress location, and the page sees a local.

It ends on time, and on the record.

Every investigation is bounded: a time window and an event budget you can watch count down. Leave early with Exit & Save, or let it run out.

The container is destroyed with everything the page left on it. The recording becomes the report, at a link you can share.

What the report holds

Curiosity, without consequences.

The most dangerous thing about a suspicious link is opening it. Live analysis hands that job to a browser with nothing to lose. The worst a page can do there is show you exactly what it does.

30 days free, a few clicks away.

Add a card to start, we will not charge it until the trial ends, and cancelling is just a few clicks away.

Start 30-day trial