Maltego Data Pass supports cyber threat investigations through transforms that enrich IP address information. These transforms enable investigators to attribute infrastructure to threat actors or campaigns, assess the risk level of an IP address, pivot to related domains, hashes, or other indicators of compromise (IOCs), and build a contextual profile of the IP for reporting or escalation. You can try it yourself by following the steps below:
- Add an IPv4 Address Entity.
- Run Get Details Transform.
- Run Get Tags and Indicators Transform.
Results May Include:
- Geolocation (country, city)
- ISP and ASN information
- Hosting provider
- Network type and assignment
- Threat tags (e.g., “botnet”, “phishing”, “malware C2”)
- Risk scores or reputation indicators
- Related campaign identifiers
- Historical associations with malicious activity