Register for our next deep dive! Who is Behind Portal Kombat? Exposing the Pravda Disinformation Machine with OSINT on Thursday, June 27, 2024, at 16:00 CET. Grab your spot now! close

DomainTools Iris Investigate

By DomainTools LLC
Map connected infrastructure, correlations, attribution, domains, and more to surface meaningful insights.
# Infrastructure & Network Information # Recon # Fraud & Abuse # Incident Response
DomainTools Iris Investigate integration in Maltego

DomainTools Iris Investigate Transforms for Maltego

DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know. The world’s most advanced security teams use our solutions to identify external risks, investigate threats, and proactively protect their organizations in a constantly evolving threat landscape.

DomainTools collect Open Source Intelligence (OSINT) data from many sources, which they join with some 20 years’ worth of historical data to expose and characterize the infrastructure adversaries use in various kinds of attack campaigns, including ransomware, business email compromise, espionage, and more.

Together, DomainTools and Maltego have simplified cyber investigations to provide actionable insights and expedite the investigation process. Extending the rich DNS, Whois, and beyond Whois datasets, DomainTools Iris Investigate integrates with Maltego to provide seamless workflows from the DomainTools Iris user interface directly to the Maltego graph.

The DomainTools solution for Maltego extends the rich domain name dataset and powerful pivot capabilities of DomainTools to the Maltego graph, enabling investigators and analysts to map connected infrastructure, run correlations, look at attribution, highlight risky domains, etc. to surfacing meaningful insights.

DomainTools integration in Maltego

Typical Users of DomainTools Iris Investigate Data

  • Threat Hunters and Network Defenders
  • SOC Analysts
  • Law Enforcement and Anti-Fraud Analysts
  • Incident Responders

Integration Benefits

Propels investigations

Investigators can transform a domain name from any source into a comprehensive set of entities, connections, and dynamic properties to reveal actors, surface infrastructure, and highlight risk. These new entities greatly increase the chance of intersection with existing graph data from other sources, helping expose key features of emerging or existing campaigns.

Guides and supports analytical workflows

Analysts can quickly identify which graph node to pivot on by consulting the Guided Pivot counts, which indicate the number of domain records present in the Iris database that contain that same data point. From here, analysts can infer connection between one domain and another and map out a potential threat actor or group’s infrastructure patterns.

Builds confidence in investigative conclusions

DomainTools has made its name collecting, organizing, and provisioning the most comprehensive, timely, and accurate Internet infrastructure data available anywhere. Investigations using DomainTools and Maltego are based on ground-truth data observed across the entire Internet and updated in near real time.

Leverage DomainTools Iris Data for

Threat Hunting

By developing a more complete picture of the infrastructure adversaries are using in campaigns, threat hunters can identify patterns of infrastructure use that allow them to anticipate future moves by adversaries. This enables blocking or alerting on emerging campaigns before they cause further harm.

Incident Response

Given a DNS indicator of compromise such as a domain or IP address associated with suspicious traffic, incident responders can use the DomainTools Maltego integration to find correlated infrastructure that may intersect with other, previously un-flagged traffic from the protected environment.

Fraud or Crime Analysis

Uniting the DomainTools Iris Investigate database of Internet infrastructure data with other sources that characterize criminal activity or actors, analysts can develop key insights and collect evidence on cybercrime and fraud events.
Read more

Pricing & Access

Community Hub
Available only with a Maltego commercial license.
Commercial Hub
Users with a Maltego One license have the following access or purchase options.
Click-and-Run Limited
All Enterprise Plan users get out-of-box access to 15 Transform Runs/month. Simply install the “DomainTools (Trial)” hub item to get started.
Bring Your Own Key (Purchase Separately)
For full solution access, plug in your existing API key or reach out to for purchase inquiry.



Investigator Toolkit November 2022: Cheat Sheets for Faster and Spot-on Workflows

Case Studies

Investigating Fake Crypto Exchanges with Maltego, DomainTools & WhoisXML API


How to Conduct Person of Interest Investigations Using OSINT and Maltego


Hunting Phishing Sites in the Festive Season with Maltego


Webinar | Put the "Go" in the Maltego with DomainTools Iris


Webinar | Enrich your investigations for Maltego with DomainTools Iris


Webinar | Accelerating Threat Intelligence Investigations with DomainTools and Maltego


Webinar | Transform Your Investigations with DomainTools and Maltego


Webinar | Examining the Infrastructure of the Disneyland Malware Team with DomainTools


DomainTools Iris Solution in Maltego


How to Conduct Network Footprinting Using Maltego in 5 Minutes


DomainTools Maltego Integration


Reach out to us to learn more about this data integration and how to access it.
By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.

About DomainTools

DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know. The world’s most advanced security teams use our solutions to identify external risks, investigate threats, and proactively protect their organizations in a constantly evolving threat landscape.  DomainTools constantly monitors the Internet and brings together the most comprehensive and trusted domain, website and DNS data to provide immediate context and machine-learning driven risk analytics delivered in near real-time.  Visit to experience firsthand why DomainTools is the first stop for advanced security teams when they need to know.