Domain intelligence & infrastructure analysis

The overview section provides the essential context of the domain scan. It confirms what domain was analyzed, when the scan occurred, and whether the analysis completed successfully.

This section acts as the reference point for all subsequent data and helps assess the freshness and completeness of the results.

• Domain – the analyzed fully qualified domain name
• Scan date – timestamp of the analysis execution
• Status – completed, partial, or timeout
• Related SSL – number of certificates linked to the domain

This notice clarifies the intended use of the domain scan and provides additional context when the analyzed domain belongs to the user.

It encourages legitimate owners to authenticate and unlock deeper insights while reinforcing responsible and defensive usage.

• Encourages domain owners to access extended analysis
• Provides ethical and contextual framing
• Unlocks additional data for authenticated users

Domain Intelligence is the core of the analysis. It aggregates technical signals collected from multiple sources to describe how a domain is configured, exposed, and interconnected.

Rather than producing a single score, mlab exposes raw and enriched data so analysts can interpret results based on their own context and threat model.

• SSL and certificate relationships
• Subdomains and exposed services
• DNS configuration and routing data
• Email authentication mechanisms
• Security posture indicators

SSL and TLS certificates provide critical insight into how a domain is deployed, shared, and trusted across infrastructures.

mlab collects certificate data from transparency logs and live endpoints to expose relationships that are often invisible at first glance.

• Certificate Transparency (CT) entries
• Issuers, validity periods, and fingerprints
• Shared certificates across multiple domains
• Expired or misconfigured certificates

Active subdomains represent the live and reachable attack surface of a domain.

These entries are resolved in real time and reflect services that are currently exposed to the internet.

• Resolving subdomains
• Associated IP addresses
• Hosting and infrastructure signals
• Directly reachable services

This section includes subdomains observed historically or via passive sources, even if they are no longer active.

Historical data is essential for identifying legacy services, abandoned infrastructure, and potential takeover risks.

• Previously observed subdomains
• Passive DNS and OSINT sources
• Deprecated or decommissioned services
• Potential subdomain takeover indicators

DNS records define how a domain is routed, hosted, and delegated across providers.

Misconfigurations at the DNS level often lead to security issues, service outages, or exposure of internal infrastructure.

• A / AAAA records and resolved addresses
• MX records and mail routing
• NS delegation and authoritative servers
• TXT records and policy configuration

Email authentication mechanisms protect a domain from spoofing, phishing, and unauthorized message delivery.

mlab evaluates configuration correctness and enforcement strength using industry-standard mechanisms.

• SPF records and authorized senders
• DKIM signing configuration
• DMARC alignment and policy enforcement
• Human-readable explanations of failures

The robots.txt file defines how automated crawlers are allowed to interact with a domain.

While primarily intended for search engines, this file can unintentionally expose sensitive paths or internal structure.

• Presence or absence of a robots.txt file
• Declared crawl rules and disallowed paths
• Potential exposure of sensitive endpoints
• SEO and security hygiene indicators

The security.txt file is a standardized mechanism for declaring how security issues should be reported.

Its presence reflects a domain’s security maturity and openness to responsible disclosure.

• Presence of a valid security.txt file
• Declared contact methods
• Policy and disclosure URLs
• Expiration and validity checks

Some domains cannot be fully analyzed due to size, complexity, rate limiting, or explicit platform restrictions.

In such cases, scans may timeout or return partial results while still providing useful insights.

• Large or highly interconnected domains
• Strict rate limiting or blocking
• Blacklisted or restricted domains
• Graceful degradation with partial data

mlab Domain Scan is intended for defensive security, research, and legitimate infrastructure analysis.

The platform does not perform intrusive exploitation, does not bypass authentication, and does not modify remote systems.

• No active exploitation or brute forcing
• Read-only, non-intrusive analysis
• Compliance with responsible disclosure principles
• User accountability for scan intent