Phishing · BEC · IOC · AI · Exposure · File Analysis

Your entire incident response stack, from one API key.

41 API operations across phishing triage, IOC enrichment, BEC investigation, AI-powered analysis, and exposure scanning. No sales call, no annual contract, 100 free credits every month.

41API Operations
/
14+Intel Sources
/
6Services
/
100Free Credits/mo
Create free account (100 credits)See live API demo

Free tier · No credit card required · 200 welcome bonus

brew install dfir-lab/tap/dfir-cli
dfir-cli — phishing-analysis

Try every endpoint in your browser

10 free sandbox credits/week · No signup required

Open playground
0Live Services
0+Intel Providers
0API Operations
0Free Credits / Month
Encrypted in transit (TLS)API keys hashed (SHA-256)Swiss-based companyScoped API permissions
Phishing Email AnalysisAI-Powered VerdictsExposure ScannerIOC Enrichment14 Threat Intel ProvidersIP & Domain ReputationFile Hash AnalysisMITRE ATT&CK MappingBatch IOC ProcessingPer-Indicator PricingREST API with JSONScoped API Permissions
Services

API-First Security Toolkit

Every capability exposed as a clean REST endpoint. Integrate forensics, threat intelligence, and incident response into your workflows with a single API key.

Phishing Email Checker

Heuristic phishing analysis. Scans headers, URLs, attachments, and body content. Returns verdict with confidence score, IOC extraction, and social engineering detection.

Email
Analysis
Verdict

Exposure Scanner

Maps your external attack surface. Discovers subdomains, open ports, SSL issues, and vulnerabilities across 11 intelligence providers.

IOC Enrichment

Enrich IPs, domains, hashes, and URLs with threat intel from multiple sources. Batch-friendly.

AI Triage & Analysis

Automated alert triage, deep incident analysis, threat actor profiling, and YARA/Sigma rule generation — all AI-powered.

BEC Investigation

Complete email fraud investigation toolkit for Microsoft 365. Connect to any tenant and detect compromised accounts, trace attacker activity, identify persistence mechanisms, and generate court-ready reports for FBI wire recall or insurance claims. Single binary, zero Microsoft dependencies.

Report Generation

Auto-generate forensic reports from your investigations. BEC reports include FBI IC3/FFKC format for wire recall, insurance proof-of-loss, executive summaries, and full HTML with MITRE ATT&CK mapping and evidence chain of custody.

Up and Running in Minutes

Create Account

Sign up, get 100 free credits + 200 bonus instantly.

Generate API Key

Create keys with granular permissions per service.

Integrate & Automate

Call our APIs from your SIEM, SOAR, or scripts.

terminal
$ curl -X POST https://dfir-lab.ch/api/v1/phishing/analyze \
  -H "Authorization: Bearer dfir_sk_..." \
  -H "Content-Type: application/json" \
  -d '{"email_raw": "base64_encoded_eml..."}'

Simple, Transparent Pricing

Pay for what you use with our credit-based model. Start free and scale as your security operations grow.

Free

$0/month

100 credits/month

  • 100 API credits/month
  • Phishing Email Checker
  • IOC Enrichment
  • 1 API key
  • No team members
Start Free

Starter

$29/month

500 credits/month

  • 500 API credits/month
  • Phishing Email Checker + AI
  • AI-Powered DFIR Assistant
  • Exposure Scanner
  • IOC Enrichment
  • 5 API keys
  • 10 team members
  • Priority support
Start Free
Most Popular

Professional

$99/month

2,500 credits/month

  • 2,500 API credits/month
  • Phishing Email Checker + AI
  • AI-Powered DFIR Assistant
  • Exposure Scanner
  • IOC Enrichment
  • Unlimited API keys
  • Unlimited team members
  • Priority support
Start Free

Enterprise

Custom

Tailored to your organization

  • Unlimited credits
  • Phishing Email Checker + AI
  • AI-Powered DFIR Assistant
  • Exposure Scanner
  • IOC Enrichment
  • Unlimited API keys
  • Unlimited team members
  • Dedicated support
  • Custom SLA
  • On-premise option
Talk to Sales

Academic Program — $9/month

500 credits/month for students and researchers with a valid university email.

Need more credits?

Top up anytime with credit packages -- no subscription change needed.

100credits$9
250credits$19
500credits$35
1,000credits$59

Built for Security Teams

From solo consultants to enterprise IR teams — practitioners across every tier of the security industry rely on DFIR Platform.

MSSP Security Team

Automated phishing triage for 20+ clients using the API — verdicts delivered in under a minute, IOCs fed directly into per-client blocklists.

Government CERT

IOC enrichment integrated into national incident response workflow, replacing four separate vendor lookups with a single API call.

Fortune 500 IR Team

Reduced mean time to triage from 30 minutes to under 2 minutes by embedding risk-scored verdicts directly into SOAR playbooks.

Independent Researcher

Single API for threat intelligence across 14+ sources — no more juggling subscriptions or stitching together free-tier rate limits.

SOC Team (50+ analysts)

Credit-based pricing eliminated per-seat licensing overhead and let the team scale analysis volume without renegotiating contracts.

University Security Lab

Teaching DFIR methodology with real-world, API-first tooling — students interact with the same stack used in production environments.

Frequently Asked Questions

Ready to Automate Your Incident Response?

Get started in minutes with 100 free credits + a 200 welcome bonus. No credit card required — plug our APIs into your existing stack and let automation handle the heavy lifting.

Start Free — No Credit CardTalk to Sales