Investigate threats,
not noise.
Upload files, search IPs, domains or hashes — and get structured, actionable intelligence in seconds.
Search in mlab.sh
Or upload a file to analyse
By searching or submitting files, you agree to our Terms of Service and Privacy Policy.
How mlab works
A structured investigation workflow designed for real-world security operations.
Submit an indicator or file
Paste an IP, domain, hash, URL or upload a suspicious file. That's all it takes to start.
Automated analysis & enrichment
mlab queries multiple sources in parallel — reputation databases, passive DNS, WHOIS, sandbox engines and more — to build a complete picture.
Correlation across indicators
Results are cross-referenced to surface patterns, infrastructure reuse and hidden relationships between observables.
Review & act
Get structured, transparent results you can use immediately — escalate, block, document or feed back into your detection pipeline.
Designed for security professionals
SOC analysts
Quickly triage alerts, investigate indicators, and validate threats with structured and enriched data.
Incident responders
Correlate domains, IPs and files during active incidents to accelerate containment and response.
Blue teams
Support detection engineering, investigations and post-incident analysis with reliable signals.
Security researchers
Explore infrastructure, indicators and relationships without black-box abstractions.
What's under the hood
Purpose-built modules that cover every stage of a security investigation.
Multi-source enrichment
Aggregate data from reputation feeds, passive DNS, WHOIS, geolocation and threat intelligence in a single query.
File sandbox Coming soon
Detonate suspicious files in isolated environments. Extract behaviors, network calls, dropped files and MITRE ATT&CK mappings.
YARA scanning
Run YARA rules against uploaded files to detect malware families, packers and known threat patterns.
Indicator correlation
Automatically link IPs, domains, hashes and URLs to uncover shared infrastructure and campaign overlaps.
REST API
Integrate mlab into your workflows with a full API. Automate lookups, submit files and retrieve results programmatically.
Structured reports
Every analysis produces a clean, consistent report you can share with your team or attach to a case.
Built for real investigations
See how security teams use mlab in their daily operations.
Phishing analysis
A user reports a suspicious email. Upload the .eml file — mlab extracts URLs, attachments, sender reputation and infrastructure links to confirm or dismiss the threat in minutes.
IOC investigation
Your SIEM flags a suspicious IP. Paste it into mlab to get geolocation, ASN, passive DNS history, open ports and cross-references with known threat campaigns.
Malware triage
A suspicious binary is found on an endpoint. Upload it for sandbox detonation, YARA matching and behavioral analysis — get a full verdict with MITRE ATT&CK mapping.
Security & privacy first
Built with security-by-design principles and strict data protection practices.
Controlled access
Uploaded files, searches and results are private by default and never exposed publicly.
Secure processing
All analyses within controlled environments with strict isolation and monitoring.
GDPR compliant
Data retention is limited, purpose-driven and aligned with European regulatory requirements.
EU infrastructure
Operated on European infrastructure with security-focused providers and strong controls.
One platform, multiple products
A growing suite of security tools designed to work together — from threat investigation to incident response.
Platforms
Security investigation platform for SOC analysts, incident responders and security researchers. Analyze IPs, domains, hashes, URLs and files.
Explore mlabSelf-hosted incident response platform. Turn security alerts into structured investigations — from triage to case closure, on your infrastructure.
Explore mlab IRTools
Search and explore CVEs with detailed vulnerability information, severity scores and affected products.
Explore vulnNew tools and integrations are being built. Stay tuned.
Start exploring mlab
Create a free account or start analyzing data right now.