diff --git a/analyzers/DomainToolsIris/DomainToolsIris_Investigate.json b/analyzers/DomainToolsIris/DomainToolsIris_Investigate.json
new file mode 100644
index 000000000..946937168
--- /dev/null
+++ b/analyzers/DomainToolsIris/DomainToolsIris_Investigate.json
@@ -0,0 +1,38 @@
+{
+  "name": "DomainToolsIris_Investigate",
+  "version": "1.0",
+  "author": "DomainTools",
+  "url": "https://github.com/TheHive-Project/Cortex-Analyzers",
+  "license": "AGPL-V3",
+  "description": "Use DomainTools Iris API to investigate a domain.",
+  "dataTypeList": ["domain"],
+  "command": "DomainToolsIris/domaintoolsiris_analyzer.py",
+  "baseConfig": "DomainToolsIris",
+  "config": {
+      "service": "investigate-domain"
+  },
+  "configurationItems": [
+    {
+      "name": "username",
+      "description": "DomainTools Iris API credentials",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "key",
+      "description": "DomainTools Iris API credentials",
+      "type": "string",
+      "multi": false,
+      "required": true
+    },
+    {
+      "name": "pivot_count_threshold",
+      "description": "Pivot count threshold.",
+      "type": "number",
+      "multi": false,
+      "required": false,
+      "defaultValue": 500
+    }
+  ]
+}
\ No newline at end of file
diff --git a/analyzers/DomainToolsIris/domaintoolsiris_analyzer.py b/analyzers/DomainToolsIris/domaintoolsiris_analyzer.py
index 259a633dd..a91025b60 100755
--- a/analyzers/DomainToolsIris/domaintoolsiris_analyzer.py
+++ b/analyzers/DomainToolsIris/domaintoolsiris_analyzer.py
@@ -153,12 +153,12 @@ def format_single_domain(self, domain_data):
                 ] = DomainToolsAnalyzer.get_threat_level_class(
                     domain_risk["tpm"]["value"]
                 )
-            threat_profile_phshing_data = DomainToolsAnalyzer.get_threat_component(
+            threat_profile_phishing_data = DomainToolsAnalyzer.get_threat_component(
                 risk_components, "threat_profile_phishing"
             )
-            if threat_profile_phshing_data:
+            if threat_profile_phishing_data:
                 domain_risk["tpp"] = {}
-                domain_risk["tpp"]["value"] = threat_profile_malware_data.get(
+                domain_risk["tpp"]["value"] = threat_profile_phishing_data.get(
                     "risk_score", 0
                 )
                 domain_risk["tpp"][
@@ -171,7 +171,7 @@ def format_single_domain(self, domain_data):
             )
             if threat_profile_spam_data:
                 domain_risk["tps"] = {}
-                domain_risk["tps"]["value"] = threat_profile_malware_data.get(
+                domain_risk["tps"]["value"] = threat_profile_spam_data.get(
                     "risk_score", 0
                 )
                 domain_risk["tps"][
diff --git a/analyzers/DomainToolsIris/screenshots/InvestigateLongSummary.png b/analyzers/DomainToolsIris/screenshots/InvestigateLongSummary.png
new file mode 100644
index 000000000..42dd809d9
Binary files /dev/null and b/analyzers/DomainToolsIris/screenshots/InvestigateLongSummary.png differ
diff --git a/analyzers/DomainToolsIris/screenshots/InvestigateShortSummary.png b/analyzers/DomainToolsIris/screenshots/InvestigateShortSummary.png
new file mode 100644
index 000000000..728e00d22
Binary files /dev/null and b/analyzers/DomainToolsIris/screenshots/InvestigateShortSummary.png differ
diff --git a/thehive-templates/DomainToolsIris_Investigate_1_0/long.html b/thehive-templates/DomainToolsIris_Investigate_1_0/long.html
new file mode 100644
index 000000000..493fa552c
--- /dev/null
+++ b/thehive-templates/DomainToolsIris_Investigate_1_0/long.html
@@ -0,0 +1,567 @@
+<div class="panel panel-danger" ng-if="!success">
+  <div class="panel-heading">
+    <strong>{{artifact.data | fang}}</strong>
+  </div>
+  <div class="panel-body">
+    {{content.errorMessage}}
+  </div>
+</div>
+
+<div class="panel panel-primary" ng-if="success">
+  <div class="panel-heading">
+    <strong>{{artifact.data | fang}}</strong>
+  </div>
+  <div class="panel-body">
+    <div style="display:flex; justify-content:center; position:relative;">
+      <h1><b>Investigate with DomainTools Iris</b></h1>
+      <h3 style="position:absolute; right:2%; bottom:0">
+        <b>Investigate Date:</b> {{content.last_enriched}}
+      </h3>
+    </div>
+
+    <h3 style="position:absolute; right:2%;">
+      <b>Iris Investigation:</b>
+      <a
+        href="https://research.domaintools.com/{{content.domain}}"
+        target="_blank"
+        rel="noopener noreferrer"
+      >
+        {{content.domain}}
+      </a>
+    </h3>
+    <br /><br /><br />
+    <table class="table table-striped table-bordered">
+      <thead>
+        <tr>
+          <th colspan="2">
+            Analytics
+          </th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <td style="width: 50%">Overall Risk Score</td>
+          <td style="width: 50%">
+            <span class="label {{content.domain_risk.overall.class}}">
+              {{content.domain_risk.overall.value}}
+            </span>
+          </td>
+        </tr>
+        <tr>
+          <td>Proximity Risk Score</td>
+          <td>
+            <span class="label {{content.domain_risk.proximity.class}}">
+              {{ content.domain_risk.proximity.value }}
+            </span>
+          </td>
+        </tr>
+        <tr>
+          <td>Threat Profile Risk Score</td>
+          <td>
+            <span class="label {{content.domain_risk.tp.class}}">
+              {{ content.domain_risk.tp.value }}
+            </span>
+          </td>
+        </tr>
+        <tr>
+          <td>Threat Profile Phishing Risk Score</td>
+          <td>
+            <span class="label {{content.domain_risk.tpp.class}}">
+              {{ content.domain_risk.tpp.value }}
+            </span>
+          </td>
+        </tr>
+        <tr>
+          <td>Threat Profile Spam Risk Score</td>
+          <td>
+            <span class="label {{content.domain_risk.tps.class}}">
+              {{ content.domain_risk.tps.value }}
+            </span>
+          </td>
+        </tr>
+        <tr>
+          <td>Threat Profile Malware Risk Score</td>
+          <td>
+            <span class="label {{content.domain_risk.tpm.class}}">
+              {{ content.domain_risk.tpm.value }}
+            </span>
+          </td>
+        </tr>
+        <tr>
+          <td>Threat Profile Evidence</td>
+          <td>
+            <table>
+              <tr ng-repeat="e in content.domain_risk.tp.evidence">
+                <td>{{e}}</td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+        <tr>
+          <td>Threat Profile Threats</td>
+          <td>
+            <table>
+              <tr ng-repeat="t in content.domain_risk.tp.threats">
+                <td>{{t}}</td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+        <tr>
+          <td>Website Response Code</td>
+          <td>
+            {{ content.website_response }}
+          </td>
+        </tr>
+        <tr>
+          <td>Alexa Rank</td>
+          <td>
+            {{ content.alexa }}
+          </td>
+        </tr>
+        <tr>
+          <td>Google Adsense Tracking Code</td>
+          <td>
+            {{ content.adsense.value}}
+          </td>
+        </tr>
+        <tr>
+          <td>Google Analytics Tracking Code</td>
+          <td>
+            {{ content.google_analytics.value}}
+          </td>
+        </tr>
+        <tr>
+          <td>Iris Tags</td>
+          <td>
+            <table>
+              <tr ng-repeat="t in content.tags">
+                <td>{{t.label}}</td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </tbody>
+    </table>
+    <table class="table table-striped table-bordered" #element>
+      <thead>
+        <tr>
+          <th colspan="3">
+            Identity
+          </th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr ng-repeat="c in content.contacts">
+          <td>{{c.type}}</td>
+          <td>
+            <table class="table table-bordered">
+              <tr>
+                <th>Name</th>
+                <td style="width: 50%">{{c.name.value}}</td>
+                <td style="width: 50%">
+                  <span class="label {{c.name.class}}">
+                    {{c.name.count}}
+                  </span>
+                </td>
+              </tr>
+              <tr>
+                <th>Org</th>
+                <td>{{c.org.value}}</td>
+                <td>
+                  <span class="label {{c.org.class}}">
+                    {{c.org.count}}
+                  </span>
+                </td>
+              </tr>
+              <tr>
+                <th>Street</th>
+                <td>{{c.street.value}}</td>
+                <td>
+                  <span class="label {{c.street.class}}">
+                    {{c.street.count}}
+                  </span>
+                </td>
+              </tr>
+              <tr>
+                <th>City</th>
+                <td>{{c.city.value}}</td>
+                <td>
+                  <span class="label {{c.city.class}}">
+                    {{c.city.count}}
+                  </span>
+                </td>
+              </tr>
+              <tr>
+                <th>State</th>
+                <td>{{c.state.value}}</td>
+                <td>
+                  <span class="label {{c.state.class}}">
+                    {{c.state.count}}
+                  </span>
+                </td>
+              </tr>
+              <tr>
+                <th>Postal</th>
+                <td>{{c.postal.value}}</td>
+                <td>
+                  <span class="label {{c.postal.class}}">
+                    {{c.postal.count}}
+                  </span>
+                </td>
+              </tr>
+              <tr>
+                <th>Country</th>
+                <td>{{c.country.value}}</td>
+                <td>
+                  <span class="label {{c.country.class}}">
+                    {{c.country.count}}
+                  </span>
+                </td>
+              </tr>
+              <tr>
+                <th>Phone</th>
+                <td>{{c.phone.value}}</td>
+                <td>
+                  <span class="label {{c.phone.class}}">
+                    {{c.phone.count}}
+                  </span>
+                </td>
+              </tr>
+              <tr>
+                <th>Fax</th>
+                <td>{{c.fax.value}}</td>
+                <td>
+                  <span class="label {{c.fax.class}}">
+                    {{c.fax.count}}
+                  </span>
+                </td>
+              </tr>
+              <tr ng-repeat="e in c.email">
+                <th>Email</th>
+                <td>{{e.value}}</td>
+                <td>
+                  <span class="label {{e.class}}">
+                    {{e.count}}
+                  </span>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+        <tr>
+          <td>SOA Email</td>
+          <td>
+            <table class="table table-bordered">
+              <tr ng-repeat="e in content.soa_email">
+                <td style="width: 50%">{{e.value}}</td>
+                <td style="width: 50%">
+                  <span class="label {{e.class}}">
+                    {{e.count}}
+                  </span>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+        <tr>
+          <td>SSL Certificate Email</td>
+          <td>
+            <table class="table table-bordered">
+              <tr ng-repeat="e in content.ssl_email">
+                <td style="width: 50%">{{e.value}}</td>
+                <td style="width: 50%">
+                  <span class="label {{e.class}}">
+                    {{e.count}}
+                  </span>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+        <tr>
+          <td>Email Domains</td>
+          <td>
+            <table class="table table-bordered">
+              <tr ng-repeat="e in content.email_domain">
+                <td style="width: 50%">{{e.value}}</td>
+                <td style="width: 50%">
+                  <span class="label {{e.class}}">
+                    {{e.count}}
+                  </span>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+        <tr>
+          <td>Whois Emails</td>
+          <td>
+            <table class="table table-bordered">
+              <tr ng-repeat="e in content.additional_whois_email">
+                <td style="width: 50%">{{e.value}}</td>
+                <td style="width: 50%">
+                  <span class="label {{e.class}}">
+                    {{e.count}}
+                  </span>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </tbody>
+    </table>
+    <table class="table table-striped table-bordered">
+      <thead>
+        <tr>
+          <th colspan="2">
+            Registration
+          </th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <td style="width: 50%">Domain Registrar</td>
+          <td style="width: 50%">
+            {{ content.registrar.value}}
+          </td>
+        </tr>
+        <tr>
+          <td>Domain Status</td>
+          <td>
+            {{ content.registrar_status[0]}}
+          </td>
+        </tr>
+        <tr>
+          <td>Create Date</td>
+          <td>
+            {{ content.create_date.value}}
+          </td>
+        </tr>
+        <tr>
+          <td>Expiration Date</td>
+          <td>
+            {{ content.expiration_date.value}}
+          </td>
+        </tr>
+      </tbody>
+    </table>
+    <table class="table table-striped table-bordered">
+      <thead>
+        <tr>
+          <th colspan="3">
+            Hosting
+          </th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <td>IP Addresses</td>
+          <td>
+            <table class="table table-bordered">
+              <tr ng-repeat="i in content.ip">
+                <td>
+                  <table class="table table-bordered">
+                    <tr>
+                      <td style="width: 33.33%">ISP</td>
+                      <td style="width: 33.33%">{{i.isp.value}}</td>
+                      <td style="width: 33.33%">
+                        <span class="label {{i.isp.class}}">
+                          {{i.isp.count}}
+                        </span>
+                      </td>
+                    </tr>
+                    <tr ng-repeat="a in i.asn">
+                      <td>ASN</td>
+                      <td>{{a.value}}</td>
+                      <td>
+                        <span class="label {{a.class}}">
+                          {{a.count}}
+                        </span>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Country Code</td>
+                      <td>{{i.country_code.value}}</td>
+                      <td>
+                        <span class="label {{i.country_code.class}}">
+                          {{i.country_code.count}}
+                        </span>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Address</td>
+                      <td>{{i.address.value}}</td>
+                      <td>
+                        <span class="label {{i.address.class}}">
+                          {{i.address.count}}
+                        </span>
+                      </td>
+                    </tr>
+                  </table>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+        <tr>
+          <td>Mail Servers</td>
+          <td>
+            <table class="table table-bordered">
+              <tr ng-repeat="m in content.mx">
+                <td>
+                  <table class="table table-bordered">
+                    <tr>
+                      <td style="width: 33.33%">Domain</td>
+                      <td style="width: 33.33%">{{m.domain.value}}</td>
+                      <td style="width: 33.33%">
+                        <span class="label {{m.domain.class}}">
+                          {{m.domain.count}}
+                        </span>
+                      </td>
+                    </tr>
+                    <tr ng-repeat="i in m.ip">
+                      <td>IP Address</td>
+                      <td>{{i.value}}</td>
+                      <td>
+                        <span class="label {{i.class}}">
+                          {{i.count}}
+                        </span>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Host</td>
+                      <td>{{m.host.value}}</td>
+                      <td>
+                        <span class="label {{m.host.class}}">
+                          {{m.host.count}}
+                        </span>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Priority</td>
+                      <td>{{m.priority}}</td>
+                      <td></td>
+                    </tr>
+                  </table>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+        <tr>
+          <td>SPF Record</td>
+          <td>
+            {{ content.spf_info}}
+          </td>
+        </tr>
+        <tr>
+          <td>Name Servers</td>
+          <td>
+            <table class="table table-bordered">
+              <tr ng-repeat="n in content.name_server">
+                <td>
+                  <table class="table table-bordered">
+                    <tr>
+                      <td style="width: 33.33%">Domain</td>
+                      <td style="width: 33.33%">{{n.domain.value}}</td>
+                      <td style="width: 33.33%">
+                        <span class="label {{n.domain.class}}">
+                          {{n.domain.count}}
+                        </span>
+                      </td>
+                    </tr>
+                    <tr ng-repeat="i in n.ip">
+                      <td>IP Address</td>
+                      <td>{{i.value}}</td>
+                      <td>
+                        <span class="label {{i.class}}">
+                          {{i.count}}
+                        </span>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Host</td>
+                      <td>{{n.host.value}}</td>
+                      <td>
+                        <span class="label {{n.host.class}}">
+                          {{n.host.count}}
+                        </span>
+                      </td>
+                    </tr>
+                  </table>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+        <tr>
+          <td>SSL Certificate</td>
+          <td>
+            <table class="table table-bordered">
+              <tr ng-repeat="s in content.ssl_info">
+                <td>
+                  <table class="table table-bordered">
+                    <tr>
+                      <td style="width: 33.33%">Organization</td>
+                      <td style="width: 33.33%">{{s.organization.value}}</td>
+                      <td style="width: 33.33%">
+                        <span class="label {{s.organization.class}}">
+                          {{s.organization.count}}
+                        </span>
+                      </td>
+                    </tr>
+                    <tr ng-repeat="e in s.email">
+                      <td>Email</td>
+                      <td>{{e.value}}</td>
+                      <td>
+                        <span class="label {{e.class}}">
+                          {{e.count}}
+                        </span>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Hash</td>
+                      <td>{{s.hash.value}}</td>
+                      <td>
+                        <span class="label {{s.hash.class}}">
+                          {{s.hash.count}}
+                        </span>
+                      </td>
+                    </tr>
+                    <tr>
+                      <td>Subject</td>
+                      <td>{{s.subject.value}}</td>
+                      <td>
+                        <span class="label {{s.subject.class}}">
+                          {{s.subject.count}}
+                        </span>
+                      </td>
+                    </tr>
+                  </table>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+        <tr>
+          <td>Redirects To</td>
+          <td>
+            <table class="table table-bordered">
+              <tr>
+                <td style="width: 50%">
+                  {{ content.redirect.value}}
+                </td>
+                <td style="width: 50%">
+                  <span class="label {{content.redirect.class}}">
+                    {{ content.redirect.count}}
+                  </span>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </tbody>
+    </table>
+  </div>
+</div>
diff --git a/thehive-templates/DomainToolsIris_Investigate_1_0/short.html b/thehive-templates/DomainToolsIris_Investigate_1_0/short.html
new file mode 100644
index 000000000..641e4c54d
--- /dev/null
+++ b/thehive-templates/DomainToolsIris_Investigate_1_0/short.html
@@ -0,0 +1,7 @@
+<span
+  class="label"
+  ng-repeat="t in content.taxonomies"
+  ng-class="{'info': 'label-info', 'safe': 'label-success', 'suspicious': 'label-warning', 'malicious':'label-danger'}[t.level]"
+>
+  {{t.namespace}}:{{t.predicate}}="{{t.value}}"
+</span>

+ Registration +
Domain Registrar	+ {{ content.registrar.value}} +
Domain Status	+ {{ content.registrar_status[0]}} +
Create Date	+ {{ content.create_date.value}} +
Expiration Date	+ {{ content.expiration_date.value}} +