Skip to main content

Threat Graph

The Threat Graph is a visual investigation tool that lets you build interactive graphs linking domains, IP addresses, certificates, and other assets. You can use it to map relationships and spot links that aren't obvious from a flat list of results.

How to use it?

Start by adding a domain, IP, or other asset to the graph. The tool will pull related data from the Profundis database and display the connections as nodes and edges. You can then expand any node to discover additional relationships and keep building the graph.

What can I use it for?

  • Follow the trail from a known malicious domain to the IPs, certificates and other domains around it.
  • Investigate a phishing campaign by seeing how its domains connect through shared infrastructure, certificates, or registrant data.
  • Start from an indicator of compromise and explore what it's linked to.
  • Map out how an organization's assets relate to each other.
tip

The Threat Graph works best when combined with the data you find in other Profundis tools. For example, you can start from a domain found in the Typosquatting Scanner and expand its connections in the graph.

Last updated on