Maltego IntegrationAdd geolocation, organization, ASN, threat scoring, and abuse contacts to any IPv4 entity in your Maltego investigations.
The ipgeolocation.io transform set adds IP geolocation, organization, ASN, threat scoring, and abuse contact data to any IPv4 entity in Maltego. Results return as linked entities, so an address becomes a profile you can pivot from.
A raw IP with no context is a dead end. Rather than copying the address across separate lookup tools, you right-click the entity, run a transform, and read the result on the canvas. The data comes from the IP Geolocation API, with no reseller in between.
Each transform runs on an IPv4 Address entity and maps to an investigation stage. Enrich IPv4 Address and IP to Company Intel run on the free plan; the other three need a paid plan.
Full transform reference in the Maltego integration docs.
Score an address before you act on it. Returns a 0 to 100 threat score with VPN, proxy, Tor, and bot flags across ten risk signals. Paid plan.
See where an address resolves. Returns country, city, coordinates, and the ISP or organization behind it. Free plan.
Attribute the owner, not just the network. Returns company name, domain, ASN, route, and anycast status. Free plan.
Group infrastructure by network. Returns the ASN, its organization, RIR details, and route counts. Paid plan.
Report to the right inbox. Returns the abuse contact email, phone, organization, and registered address. Paid plan.
No local script to clone. The transforms install into your Maltego client and run against your own API key.
In the Maltego Data Hub, add the ipgeolocation.io seed URL from the setup guide. All five transforms register on IPv4 entities.
Paste your ipgeolocation.io API key when a transform first runs. A free key covers geolocation and company.
Drop an IPv4 Address entity on the graph, right-click, and run a transform. Results appear as linked entities.
In the Maltego Data Hub, add the ipgeolocation.io seed URL from the setup guide. All five transforms register on IPv4 entities.
Start freePaste your ipgeolocation.io API key when a transform first runs. A free key covers geolocation and company.
Drop an IPv4 Address entity on the graph, right-click, and run a transform. Results appear as linked entities.
Full installation walkthrough in the Maltego integration documentation.
From threat triage to takedown, see where the transforms fit an investigation.
An analyst drops a flagged indicator on the graph and runs IP to Threat Profile. The score and anonymity flags decide in seconds whether it warrants a deeper pivot.
An analyst drops a flagged indicator on the graph and runs IP to Threat Profile. The score and anonymity flags decide in seconds whether it warrants a deeper pivot.
Working a firewall alert, an analyst adds the source IP and pulls location, owning organization, and ASN onto the graph to judge if the traffic is expected.
An investigator maps a suspect address to company and ASN, then checks VPN, proxy, and residential proxy flags to spot evasion behind multi-accounting.
An OSINT researcher groups an adversary's addresses by ASN and route to expose shared hosting and pivot to the rest of the network.
Before filing, an analyst runs IP to Abuse Contact for the registered organization and abuse inbox, so the complaint reaches the party that can act.
One transform set covers geolocation, organization, ASN, threat, and abuse, not a provider per type. The threat data is a 0 to 100 score across ten risk signals, including residential proxy and relay detection, with the provider named where known.
Geolocation, organization, ASN, threat scoring, and abuse contacts from a single ipgeolocation.io connection. Not a separate provider per data type.
Ten risk signals including VPN, proxy, residential proxy, Tor, relay, and bot detection, with the specific provider named where known.
Transforms call the ipgeolocation.io API v3 directly. No third-party reseller sits between your query and the data.
1,000 credits per day, for life, with no credit card. Geolocation and company transforms run on the free plan.
Over 700,000 active developers use ipgeolocation.io for IP intelligence across API and database products. Enterprise customers include Atlassian, SpaceX, Verizon, Tencent, Intuit, VMware, Baidu, Mercedes, Toyota, IKEA, Pfizer, and Dow Jones, among 70+ others.
Five transforms run on the IPv4 Address entity: IP to Threat Profile, Enrich IPv4 Address, IP to Company Intel, IP to ASN, and IP to Abuse Contact. Each returns results as linked entities you can pivot from.
You need a Maltego client and an ipgeolocation.io API key. In the Maltego Data Hub, add the ipgeolocation.io seed URL to register all five transforms, then enter your key when one first runs. The setup guide has the full walkthrough.
The transforms call the ipgeolocation.io API v3, the same first-party data behind the IP Geolocation API and IP Security API. No third-party reseller sits between your query and the data.
Enrich IPv4 Address and IP to Company Intel run on the free plan, which includes 1,000 credits per day with no credit card. Threat Profile, ASN, and Abuse Contact are on paid plans. See pricing for current limits.
The ipgeolocation.io API supports IPv4 and IPv6. The current Maltego transform set runs on the IPv4 Address entity, so IPv6 lookups go through the API directly rather than these transforms today.
Unlock the potential of seamless connectivity with our integrations. Discover how our platform effortlessly connects with your favorite tools, third-party platforms, and developer libraries. Simplify your workflow, boost productivity, and open doors to new innovations.
Get the latest in geolocation tech, straight to your inbox.
