A centralized hub to launch and explore advanced phishing, geo-targeting, and payload deployment techniques,
powered by Browserling's cybersecurity sandboxes.
Live WebsiteScenario 1
macOS-targeted Phishing
i
A website that detects MacOS users via User-Agent and serves them a
tailored phishing page, while showing Windows users a normal PC parts shop.
Device-targeted phishing attack disguised as a premium PC components shop.
Switch from Windows to macOS in Browserling. The page will serve a phishing
Apple ID login screen instead of the PC shop.
Live WebsiteScenario 2
Mobile-targeted Phishing
i
A website that detects mobile users via User-Agent and serves them a
tailored Google Sign-In phishing page, while showing desktop users a normal specialty coffee
shop.
Device-targeted phishing attack disguised as a premium artisanal coffee roastery.
Switch to a mobile browser (iPhone or Android) in Browserling. The page will
show a fake Google Sign-In offering a coffee discount instead of the shop.
Live WebsiteScenario 3
Geo-targeted Phishing
i
A website that uses client-side fetch requests to detect users from DE,
FR, ES, MX and serves them a phishing form, while showing a normal RC car shop to everyone else.
Geographically-targeted phishing attack simulating an RC car store.
Switch your location to Germany, France, Spain, or Mexico in Browserling. The
RC car shop will be replaced by a phishing payment verification form.
File PayloadScenario 4
PDF with Malicious Link
i
A classic phishing PDF containing a malicious hyperlink disguised as a
standard payment portal. Used to redirect victims to credential harvesting sites.
Standard fake invoice PDF weaponized with a malicious hyperlink.
Download and open the .docm file in Microsoft Word inside Browserling. Enable
macros when prompted to simulate the payload execution warning.
File PayloadScenario 6
EML Testing
i
A ready-to-use EML file simulating a highly urgent billing email. It
carries the PDF-spoofed payload as an attachment, demonstrating how attackers deliver
payloads directly to inboxes.
Weaponized email sample carrying the malicious payload attachment.
Download and open the .eml file in an email client inside Browserling. Open the
attached PDF and click the payment link to trigger the phishing chain.
Video DemoScenario 7
Sandbox Context Menu
i
Right-click files in the sandbox to access quick-hashes, VirusTotal
checks, hex editor, and other security tools.
Interactive demonstration of safe file analysis tools integrated into Browserling's
sandbox context menu.
How to launch?
Right-click any file (like a PDF or executable) inside a Browserling sandbox
session to open the custom security analysis context menu.
Video DemoScenario 8
WSL in Windows Sandbox
i
Browserling's Windows VMs include Windows Subsystem for Linux (WSL),
giving you a full Linux environment inside your Windows sandbox.
Run a full Linux environment inside your Windows sandbox using WSL. Seamlessly bridge
Windows and Linux workflows right from your browser.
How to launch?
Open a Windows session in Browserling and launch the WSL terminal to start
using Linux commands instantly.
External LinkScenario 9
Ahmia Tor Search
i
Ahmia is a clearnet search engine for the Tor anonymity network. It allows
security researchers and users to search for hidden onion sites without needing to be on Tor.
Clearnet search engine for the Tor anonymity network. Explore hidden .onion sites
safely inside Browserling's Tor-enabled sandbox.
How to launch?
Copy the .onion address and paste it into a Browserling session with Tor
enabled to access the hidden search engine.
External LinkScenario 10
Google Chrome Extension
i
Open links in a secure sandboxed browser with a single click from our extension.
Open links in a secure sandboxed browser with a single click from our extension.
How to launch?
Install the extension from the Chrome Web Store, then right-click any
suspicious link and select "Open in Browserling" to analyze it safely.
Useful Links
Whats my IP?
Whats my IP?
i
Check your IP address and location.
Quickly verify the IP address and geolocation that
Browserling is presenting to the web — useful to confirm geo-targeting scenarios are working
correctly.
1 / 10
🛡 Powered by Browserling
Cybersecurity Sandboxes for Security Professionals
Browserling's cybersecurity platform lets you safely open phishing links, analyze
malware payloads, and test real attack scenarios — all inside ephemeral, isolated
virtual machines that are destroyed after every session.
🔒
Isolated VMs — every session runs in a fresh
ephemeral virtual machine, wiped clean on exit.
🛡
Malware containment — ransomware, exploits, and
drive-by downloads cannot escape the sandbox.
🌍
Geo & device switching — test from any
country, OS, or device to replicate targeted attacks.
👁
Tor network access — safely browse .onion sites
without exposing your identity or infrastructure.
📄
Safe file analysis — open suspicious PDFs,
.docm macros, and .eml files inside the sandbox.
✅
GDPR & CCPA aligned — no persistent session
storage, no browsing history retained.
A legitimate-looking PC components shop that silently detects the visitor's operating system
via the User-Agent
header.
macOS users are served a convincing Apple ID phishing login while everyone else
sees the real shop.
▶How to launch: Switch from Windows to macOS in Browserling. The page will
serve a phishing Apple ID login screen instead of the PC shop.
An artisanal coffee roastery shop that redirects mobile visitors to a convincing Google
Sign-In page promising a loyalty discount. Desktop visitors see the legitimate store.
Detection is performed server-side using the User-Agent
header.
▶How to launch: Switch to a mobile browser (iPhone or Android) in Browserling.
The page will show a fake Google Sign-In offering a coffee discount instead of the shop.
An RC car shop that uses a client-side fetch to a geolocation API to detect the visitor's
country. Users from Germany, France, Spain, or Mexico are served a phishing payment
verification form instead of the store, while the rest see a normal shop.
▶How to launch: Switch your location to Germany, France, Spain, or Mexico in
Browserling. The RC car shop will be replaced by a phishing payment verification form.
A fake invoice PDF from "Nitro RC Cars" containing a hyperlink disguised as a secure
payment portal. Clicking it redirects the victim to the geo-targeted phishing site
(Scenario 3), demonstrating how PDFs are weaponized as phishing delivery vectors.
▶How to launch: Download and open the PDF inside Browserling. Click the "PAY
ONLINE" link — it redirects to the geo-targeted phishing site (Scenario 3).
A macro-enabled Word document (.docm) that simulates how attackers embed VBA macros
to download and execute payloads silently once a victim enables macros. Demonstrates
one of the most common enterprise phishing delivery methods.
▶How to launch: Download and open the .docm file in Microsoft Word inside
Browserling. Enable macros when prompted to simulate the payload execution warning.
This is a demo Word document and is not malicious.
File PayloadScenario 6
EML Phishing Email
A ready-to-use .eml file that simulates an urgent billing email with the malicious
invoice PDF attached. Demonstrates the complete phishing chain: email delivery →
PDF attachment → malicious link → credential harvesting page.
▶How to launch: Download and open the .eml file in an email client inside
Browserling. Open the attached PDF and click the payment link to trigger the phishing
chain.
Browserling's cybersecurity sandbox features context menu security integrations. Right-click files
in the virtual machine to trigger immediate metadata, hex, PE headers, or VirusTotal checkups.
📄Open
Instantly opens the file using the sandbox's default viewer.
⚖️Calculate Hash
Calculates cryptographic file hashes (MD5, SHA256) to verify its integrity.
🛡️Check in virus total
Sends the file hash to the VirusTotal API to check against known malware signatures.
🔍Compare files
Launches a visual diff tool to compare changes between two versions of files.
🏷️Detect file type
Analyzes header and magic bytes to reveal the actual file type, ignoring extension
spoofing.
📥Download locally
Safely download files from the sandbox VM to your host machine under your own risk.
💻Open with hex editor
Opens the file in an integrated hex editor to inspect its raw bytes and ASCII strings.
🖨️Print pdf locally
Print the sanitized PDF document directly to your local printer without downloading it
first.
🗜️7-Zip
Quickly extract or compress archive files securely inside the sandbox.
📁Open With
Opens the system menu to choose alternative sandbox applications.
📤Send to
Send the file to connected sandbox drives, desktop, or compressed folders.
Video DemoScenario 8
WSL in Windows Sandbox
Browserling's Windows VMs come with Windows Subsystem for Linux (WSL) integrated, giving you a full
Linux environment inside your Windows sandbox. Seamlessly bridge Windows and Linux workflows right
from your browser.
▶How to launch: Open a Windows session in Browserling and launch the WSL
terminal to start using Linux commands instantly.
External LinkScenario 9
Ahmia Tor Search Engine
Ahmia is a clearnet search engine for the Tor anonymity network, allowing security
researchers to discover and index hidden .onion sites without running Tor locally.
Use Browserling's Tor-enabled sandbox to safely access .onion addresses.
▶How to launch: Copy the .onion address below and open it inside a Browserling
session with Tor enabled to access the hidden search engine.
External LinkScenario 10
Browserling Chrome Extension
The official Browserling Chrome Extension lets you right-click any link and instantly
open it in a sandboxed remote browser — ideal for quickly testing suspicious URLs
without leaving your current browsing context.
▶How to use: Install the extension from the Chrome Web Store, then right-click
any suspicious link and select "Open in Browserling" to analyze it safely.
