You have been redirected from is the new home for all information regarding Maltego products. Read more about this in a message from the Paterva team and in this blog post and FAQ. close
home Transform Hub data categories - Infrastructure & Network Information

DomainTools Iris

By DomainTools LLC
Map connected infrastructure, correlations, attribution, domains, and more to surface meaningful insights.
DomainTools Iris integration in Maltego
Infrastructure & Network Information Recon Fraud & Abuse Incident Response

DomainTools Iris Transforms for Maltego

With the world’s largest database of domain and DNS intelligence, DomainTools empowers analysts to develop key insights into the nature and extent of adversary holdings, based on a proven methodology of characterizing and connecting domains through the data points they have in common. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure.

DomainTools collect Open Source Intelligence (OSINT) data from many sources, which they join with some 20 years’ worth of historical data to expose and characterize the infrastructure adversaries use in various kinds of attack campaigns, including ransomware, business email compromise, espionage, and more.

Together, DomainTools and Maltego have simplified cyber investigations to provide actionable insights and expedite the investigation process. Extending the rich DNS, Whois, and beyond Whois datasets, DomainTools Iris integrates with Maltego to provide seamless workflows from the DomainTools Iris user interface directly to the Maltego graph.

The DomainTools solution for Maltego extends the rich domain name dataset and powerful pivot capabilities of DomainTools to the Maltego graph, enabling investigators and analysts to map connected infrastructure, run correlations, look at attribution, highlight risky domains, etc. to surfacing meaningful insights.

DomainTools integration in Maltego

  • Threat Hunters and Network Defenders
  • SOC Analysts
  • Law Enforcement and Anti-Fraud Analysts
  • Incident Responders

Integration Benefits

Leverage DomainTools Iris Data for

Threat Hunting
By developing a more complete picture of the infrastructure adversaries are using in campaigns, threat hunters can identify patterns of infrastructure use that allow them to anticipate future moves by adversaries. This enables blocking or alerting on emerging campaigns before they cause further harm.
Incident Response
Given a DNS indicator of compromise such as a domain or IP address associated with suspicious traffic, incident responders can use the DomainTools Maltego integration to find correlated infrastructure that may intersect with other, previously un-flagged traffic from the protected environment.
Fraud or Crime Analysis
Uniting the DomainTools Iris database of Internet infrastructure data with other sources that characterize criminal activity or actors, analysts can develop key insights and collect evidence on cybercrime and fraud events.

Pricing & Access

Community Hub
Available only with a Maltego commercial license.
Commercial Hub
Users with a Maltego One license have the following access or purchase options.
Bring Your Own Key (Purchase Separately)
For full solution access, plug in your existing API key or reach out to us using the form below for purchase inquiry.


By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About DomainTools

DomainTools helps security analysts turn threat data into Threat Intelligence. DomainTools connects indicators from a company’s network, including domain and IPs, with active domains on the Internet. Those connections inform about risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. DomainTools has over 10 Billion related DNS data points to build a map of ‘who’s doing what’ on the Internet. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.

For more information, visit: