You have been redirected from is the new home for all information regarding Maltego products. Read more about this in a message from the Paterva team and in this blog post and FAQ. close
home Transform Hub data categories - Cybersecurity

DomainTools Iris

By DomainTools LLC
DomainTools Iris integration in Maltego
Cybersecurity Infrastructure CERT Cyber and Digital Forensics

DomainTools Iris in the Transform Hub

DomainTools Iris is a Threat Intelligence and Investigative Platform that combines enterprise grade domain intelligence and risk scoring with passive DNS data from Farsight and other top-tier providers.

With DomainTools Iris’s Maltego Transforms, investigators can perform infrastructure risk assessment and seamlessly integrate workflows into a Maltego Graph and vice versa. These Transforms enable investigators to map connected infrastructure, run correlations, look at attribution, highlight risky domains, etc. to surface meaningful insights.


  • Extending the rich DNS, Whois, and beyond Whois datasets, with these transforms Analysts can increase the chance of intersection with existing graph data from other data sources to open up new investigative pathways
  • 40+ Transforms that query the DomainTools Iris dataset and return domain names that share the same attributes as the value of the entity
  • Pivot and infer connections between different domains, assisting with mapping out a potential threat actor or group’s TTPs (tactics, techniques, and procedures) using guided pivots

Typical Users of This Data

  • Threat Intelligence Teams
  • Online Fraud & Brand Fraud Investigators
  • Security Analysts
  • Incident Response Teams
  • Hunt Teams and Cyber Forensic Investigators
  • Corporate securing teams requiring domain-based risk assessment

alt DomainTools Iris in the Transform Hub

Pricing & Access

Pricing Tier: Paid

Hub Type: Commercial Hub

Requirements: Maltego One, Classic or XL license & DomainTools Iris membership

Access: For sales inquiry or to purchase an API key, kindly reach out to Maltego using the form below.


By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About DomainTools

DomainTools helps security analysts turn threat data into Threat Intelligence. DomainTools connects indicators from a company’s network, including domain and IPs, with active domains on the Internet. Those connections inform about risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. DomainTools has over 10 Billion related DNS data points to build a map of ‘who’s doing what’ on the Internet. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work.

For more information, visit:

Pick the right product and get started.