Search./Scan./Investigate.
Upload files, search IPs, domains or hashes.
structured, analyst-ready intelligence in seconds.
Search in mlab.sh
Or upload a file to analyse
By searching or submitting files, you agree to our Terms of Service and Privacy Policy.
Vuln
Comp.
Global threat activity
A snapshot of hosting infrastructure, malware C2 nodes and phishing endpoints observed across the network.
What a result looks like
Every scan returns structured, analyst-ready intelligence · no raw data dumps.
How mlab works
A structured investigation workflow designed for real-world security operations.
Submit an indicator or file
Paste an IP, domain, hash, URL or upload a suspicious file. That's all it takes to start.
Automated analysis & enrichment
mlab queries multiple sources in parallel (reputation databases, passive DNS, WHOIS, sandbox engines and more) to build a complete picture.
Correlation across indicators
Results are cross-referenced to surface patterns, infrastructure reuse and hidden relationships between observables.
Review & act
Get structured, transparent results you can use immediately: escalate, block, document or feed back into your detection pipeline.
Designed for security professionals
SOC analysts
Quickly triage alerts, investigate indicators, and validate threats with structured and enriched data.
Incident responders
Correlate domains, IPs and files during active incidents to accelerate containment and response.
Blue teams
Support detection engineering, investigations and post-incident analysis with reliable signals.
Security researchers
Explore infrastructure, indicators and relationships without black-box abstractions.
What's under the hood
Purpose-built modules that cover every stage of a security investigation.
Multi-source enrichment
Aggregate data from reputation feeds, passive DNS, WHOIS, geolocation and threat intelligence in a single query.
YARA scanning
Run YARA rules against uploaded files to detect malware families, packers and known threat patterns.
Indicator correlation
Automatically link IPs, domains, hashes and URLs to uncover shared infrastructure and campaign overlaps.
REST API
Integrate mlab into your workflows with a full API. Automate lookups, submit files and retrieve results programmatically.
Structured reports
Every analysis produces a clean, consistent report you can share with your team or attach to a case.
Infrastructure scanning
Run targeted security checks on your own domains with RedKit · 24 modules across recon, vulnerability detection and compliance.
Built for real investigations.
See how security teams use mlab in their daily operations, from triage to forensic deep-dives.
Phishing analysis
A user reports a suspicious email. Upload the .eml file: mlab extracts URLs, attachments, sender reputation and infrastructure links to confirm or dismiss the threat in minutes.
IOC investigation
Your SIEM flags a suspicious IP. Paste it into mlab to get geolocation, ASN, passive DNS history, open ports and cross-references with known threat campaigns.
Malware triage
A suspicious binary is found on an endpoint. Upload it to mlab for YARA rule matching, hash reputation lookup and structured extraction. Get a verdict with MITRE ATT&CK tags in seconds.
Security & privacy first
Built with security-by-design principles and strict data protection practices.
Controlled access
Uploaded files, searches and results are private by default and never exposed publicly.
Secure processing
All analyses within controlled environments with strict isolation and monitoring.
GDPR compliant
Data retention is limited, purpose-driven and aligned with European regulatory requirements.
EU infrastructure
Operated on European infrastructure with security-focused providers and strong controls.
One platform, multiple products
A growing suite of security tools designed to work together, from threat investigation to incident response.
mlab.sh
Security investigation platform for SOC analysts, incident responders and security researchers. Analyze IPs, domains, hashes, URLs and files. Structured intelligence in seconds.
Explore mlabmlab IR
Your alerts deserve a real workflow.
Self-hosted incident response platform. Turn security alerts into structured investigations, from triage to case closure, on your infrastructure.
Explore mlab IRmlab TPRM
Your third-party risks deserve a real platform.
DORA-compliant third-party risk management platform. Manage ICT provider assessments, generate EBA-ready reports and meet DORA Pillar IV requirements.
Explore mlab TPRMactors.mlab.sh
Indexed profiles of 500+ documented threat actors with aliases, origins & motivations.
ExploreAI ↔ mlab.sh
Plug Claude, GPT or any MCP-compatible agent into mlab — or wire mlab into your n8n workflows with our official nodes. Run real investigations (lookup IOCs, search CVEs, profile threat actors) through one secure endpoint.
Start exploring mlab.
Create a free account or start analyzing IPs, domains, hashes and files right now. No credit card required.