Mobula · Investigation Workspace

One click.
Full picture.

Click any IP, domain, file hash, or username and Mobula opens a unified investigation view - enrichment from 15+ intel sources, AI risk scoring, and a full event timeline, all in one place.

15+

Intel sources

<3s

Enrichment time

Risk scoring

Investigation / 185.220.101.47

🌐

185.220.101.47

External IP Address

Risk 94

OverviewEnrichmentAI AnalysisTimeline

Threat Intel

ClassificationTor exit node / C2

Feeds flagging7 / 15

CountryNetherlands

ASNHetzner Online

Activity in Environment

First seen2 days ago

Connections3 hosts

Related alerts4 alerts

Top hostWIN-FIN-03

Enrichment from 15+ threat intel sources

Every entity is checked against VirusTotal, AbuseIPDB, Shodan, threat feed databases, and your own internal context - simultaneously, in under 3 seconds.

Investigation / 185.220.101.47 / Enrichment

VirusTotal7/90 engines flag as maliciousMALICIOUS

AbuseIPDBConfidence of abuse: 97% · 847 reportsMALICIOUS

ShodanOpen ports: 80, 443, 9001 (Tor OR port)MALICIOUS

AlienVault OTXMember of 3 threat intelligence pulsesMALICIOUS

IPinfoASN: AS24940 Hetzner · Country: NLCLEAN

Internal historyNo prior alerts involving this IPUNKNOWN

Full event timeline across your environment

Every event involving the entity - alerts, authentications, connections, file operations - in chronological order. The complete story of what this entity has done in your environment.

Investigation / 185.220.101.47 / Timeline

14:22:11

Outbound connection from WIN-FIN-03HIGH

Port 443 · 847 KB transferred · Alert ALT-4817

14:21:54

PowerShell spawned by WINWORD.EXECRIT

Command contacted 185.220.101.47 · stager.ps1 downloaded

13:58:02

Outbound connection from WIN-DEV-11MED

Port 9001 · 2.1 KB transferred

09:14:33

First observed in environmentLOW

Connection from WIN-HR-07 · no alert generated at the time

Works for IPs, domains, hashes, and users

The same unified workspace adapts to any entity type. Investigate a suspicious user account with the same single click as an external IP - no separate tools, no switching context.

Investigation / p.morris / User Account

👤

p.morris

Active Directory User · Finance Dept

Risk 87

Account Context

DepartmentFinance

Managerj.carter

PrivilegesDomain User + Finance-DB-RO

Last loginToday, 14:20 (WIN-FIN-03)

Alert History

Last 7 days3 alerts

Last 30 days5 alerts

Highest sevCRITICAL

Open cases1 active

Enriched · Correlated · Instant

Investigate anything in one click.

Stop pivoting between tools. Mobula's Investigation Workspace brings every data point about any entity into a single view - in seconds.

Mobula Investigation Workspace · 15+ intel integrations · runs fully air-gapped