Privacy

No accounts. Visitors use the tool without signing up. A session cookie is used only for CSRF protection on form submissions.

Rate limiting. Client IP addresses (or the first IP in X-Forwarded-For when behind a reverse proxy) are used to enforce per-visitor request limits. IPs are not published or sold.

Lookup history. On public deployments, recent lookup history is not shown to visitors and is typically not stored. Authenticated operators may enable history for themselves.

File uploads. Uploaded files are hashed and may be retained on disk under data/samples/ by content address (SHA256) for analysis and operator review. Files are not executed in the web application process. On this public instance, uploads are limited per hour per IP and receive static + YARA analysis only.

OSINT feeds. Indicator data is aggregated from public blocklists and abuse.ch sources (URLhaus, MalwareBazaar, Feodo, Spamhaus DROP, and others listed in the site footer). Optional ThreatFox ingest requires an operator-configured abuse.ch API key.

Third parties. This instance uses local OSINT feeds and local Ollama. Optional phone/email enrichment APIs are off unless the operator enables them in configuration.

Questions: contact the site operator (see repository or About page).