Documentation Home Maltego Blog Contact Us
Welcome
Login
Open navigation

Infrastructure

Modified on: Wed, 15 Dec, 2021 at 1:48 PM

The Infrastructure Entity category includes Entities that are related to computer network infrastructure.



Entity Meta

Display NameBanner
Entity Namemaltego.Banner
Short DescriptionBanner
Entity CategoryInfrastructure
Base Entitymaltego.Phrase

Entity Properties

Display NameProperty NameData TypeShort DescriptionSample Value
TexttextstringA hash entitySome phrase


Website Title



Entity Meta

Display NameWebsite Title
Entity Namemaltego.WebTitle
Short DescriptionTitle of a website
Entity CategoryInfrastructure
Base Entitymaltego.Unknown

Entity Properties

Display NameProperty NameData TypeShort DescriptionSample Value
TitletitlestringPaterva (Pty) Ltd


Domain


image1


Entity Meta

Display NameDomain
Entity Namemaltego.Domain
Short DescriptionAn internet domain
Entity CategoryInfrastructure
Base Entitymaltego.Unknown

Entity Properties

Property NameTypeDisplay name
FqdnstringDomain name
whois-infostringWHOIS info

Entity Description

A domain is the 'editioncnn.com' part of ' http://www.cnn.comhttps://edition.cnn.com/. It is the 'google.com' part of 'www.google.com'. A domain has to be registered by a person or an organisation. A domain is registered in a TLD (top level domain), and might have a SLD (sub level domain). Consider the web site 'www.abc.org.uk'. The top level domain (TLD) is 'uk'. The sub level domain is 'org.uk'. The domain itself is 'abc.org.uk'. A domain contains whois information - this information contains (at least) the details of who registered the domain.


  1. IPv4 Address
  2. DNS Name


MX Record


image2


Entity Meta

Display NameMX Record
Entity Namemaltego.MXRecord
Short DescriptionA DNS mail exchange record
Entity CategoryInfrastructure
Base Entitymaltego.DNSName

Entity Properties

Property NameTypeDisplay name
fqdnstringMX Record
mxrecord.priorityintegerPriority

Entity Description

The MX (mail exchange) records contains information about where mail should be sent for email addresses at the domain (for example mail for anyone@abc.com should be sent to mx1.abc.com). You should understand the relationship between Domain, DNS Name and IP number as this system is one of the main building blocks of Internet.

  1. IPv4 Address
  2. Domain
  3. NS record
  4. DNS Name


IPv4 Address


image3


Entity Meta

Display NameIPv4 Address
Entity Namemaltego.IPv4Address
Short DescriptionAn IP version 4 address
Entity CategoryInfrastructure
Base Entitymaltego.Unknown


Entity Properties

Property NameTypeDisplay name
ipv4-addressstringIP Address
ipaddress.internalbooleanInternal


Entity Description

An IP (Internet protocol) address is like the telephone number of a computer on the Internet. In IP version 4 (which is most common on the Internet today) this 'telephone' number is made up of 4 numbers, separated by a dot. The numbers range from 0-255. An IP number thus could be 192.168.0.1 or 196.25.1.1. In order for a computer to speak to another machine over an IP network it has to know the IP number of the remote machine. 


Because people are better at remembering names than remembering numbers we have DNS. DNS is the "whitepages" of the internet. It looks up (or resolves) the IP address for a DNS name. Thus the DNS name http://www.abc.co.ukwww.abc.org.uk resolves to the IP number 85.91.32.29. Just like domains IP addresses also needs to be registered. 


They are normally grouped in a block of IP addresses and blocks are assigned to organizations such as ISPs. The information of the organisation is contained in whois information of the IP block.


  1. Netblock
  2. AS Number
  3. DNS NameSave


URL


Entity Meta

Display NameURL
Entity Namemaltego.URL
Short DescriptionAn internet Uniform Resource Locator (URL)
Entity CategoryInfrastructure
Base Entitymaltego.Unknown


Entity Properties

Property NameTypeDisplay name
short-titlestringShort Title
urlURLValue
titlestringTitle


Maltego does not keep URL as the main value in this Entity because rendering a URL looks untidy. Where possible the URL's truncated title is kept in the value. If the title is not available, the truncated URL is stored in the main value. The actual URL is kept in the (Actual URL) field. Additionally the full title is kept in the (Full Title) field.


Entity Description

(Uniform Resource Locator) http://www.abc.com/main.html is a URL. Even ftp://ftp.abc.sub.co.za/ is a URL. In Maltego URLs are (usually) collected when executing search engine Transforms on Entities such as phrases, persons etc. The URLs are collected in the output entities (websites, email addresses etc).


  1. Website


DNS Name


image


Entity Meta

Display NameDNS Name
Entity Namemaltego.DNSName
Short DescriptionDomain Name and System server name
Entity CategoryInfrastructure
Base Entitymaltego.Unknown


Entity Properties

Property NameTypeDisplay name
FqdnstringDNS Name


Entity Description

DNS stands for Domain Name System. 'www.google.com' is a DNS name. 'mail.abc.com' is a DNS name. 'mx1.sub.abc.co.uk' is a DNS name. A DNS name becomes an entry in a domain's zone file. The zone file is just a file that contains a list of DNS Names per domain. There are several types of DNS names.

The everyday DNS names (like 'www.abc.com') are called A (or CName) records. The MX (mail exchange) records contains information about where mail should be sent for email addresses at the domain (for example mail for anyone@abc.com should be sent to mx1.abc.com). The NS records (name server) shows which servers are name servers for this domain - in other words who keeps the zone files for the domain. Every DNS name is (or should be) connected to an IP address. In some cases the reverse is also true - an IP address can resolve to a DNS name. 

You should understand the relationship between Domain, DNS Name and IP number as this system is one of the main building blocks of the internet.


Learn more about this Entity on Wikipedia.


  1. IPv4 Address
  2. Domain


AS


image4


Entity Meta

Display NameAS
Entity Namemaltego.AS
Short DescriptionAn internet Autonomous System (AS)
Entity CategoryInfrastructure
Base Entitymaltego.Unknown


Entity Properties

Property NameTypeDisplay name
as.numberintegerAS Number


Entity Description

AS stands for Autonomous System. It is basically a collection of routes (and thus net blocks). Large organizations or ISPs typically have their own AS numbers. The BGP routing protocol makes use of AS numbers.


  1. IPv4 Address
  2. Netblock


Tracking Code

image5


Entity Meta

Display NameTracking Code
Entity Namemaltego.UniqueIdentifier
Short DescriptionRepresents a tracking code for a web service.
Entity CategoryInfrastructure
Base Entitymaltego.Unknown


Entity Properties

Property NameTypeDisplay name
properties.uniqueidentifierstringUniqueIdentifier
identifierTypestringIdentifier Type


Entity Description

This Entity represents a unique code that can be found in the JavaScript of some websites. Services that include such codes include Google Analytics, AdWords, PayPal Donate buttons, etc. These codes can be used to link websites together based on the owner of the tracking code.


Website


image6


Entity Meta

Display NameWebsite
Entity Namemaltego.Website
Short DescriptionAn internet website
Entity CategoryInfrastructure
Base Entitymaltego.DNSName


Entity Properties

Property NameTypeDisplay name
fqdnstringWebsite
website.ssl-enabledbooleanSSL Enabled
portsint []Ports


Entity Description

A website is simply an special type of DNS name. Maltego sees these as two different types because there are many website specific Transforms.


  1. DNS Name


NS Record


image7


Entity Meta

Display NameNS Record
Entity Namemaltego.NSRecord
Short DescriptionA DNS name server record
Entity CategoryInfrastructure
Base Entitymaltego.DNSName


Entity Properties

Property NameTypeDisplay name
fqdnstringMX Record


Entity Description

The NS records (name server) shows which servers are name servers for this domain - in other words who keeps the zone files for the domain. You should understand the relationship between Domain, DNS Name and IP number as this system is one of the main building blocks of the internet.


Learn more about this Entity on Wikipedia.


  1. IPv4 Address
  2. Domain
  3. MX record
  4. DNS Name


Netblock


image


Entity Meta

Display NameNetblock
Entity Namemaltego.Netblock
Short DescriptionAn internet Autonomous System (AS)
Entity CategoryInfrastructure
Base Entitymaltego.Unknown


Entity Properties

Property NameTypeDisplay name
ipv4-rangestring74.207.243.0-74.207.243.255


CVE



Entity Meta

InformationValue
Display NameCVE
Entity Namemaltego.CVE
Short DescriptionRepresent a Common Vulnerabilities and Exposures
Entity CategoryInfrastructure
Base Entitiesmaltego.Phrase


Entity Properties

Display NameProperty NameData TypeShort DescriptionSample Value
CVSScvssdoubleCVSS score assigned to this vulnerability7.5
CVSS Rating ColorcvssRatingColorcolorNo Color (Unknown CVSS) or Grey #7f7f7f; Green #78d663 (low): 0.1-3.9; Yellow #e5e500 (Medium): 4.0-6.9; Orange #f86000 (High): 7.0-8.9; Red #c2171d (Critical): 9.0-10.0;#f86000
CVEtextstring CVE-2019-19781


Entity Description

Represents common vulnerabilities and exposures


IPv6 Address


Entity Meta

InformationValue
Display NameIPv6 Address
Entity Namemaltego.IPv6Address
Short DescriptionAn IP version 6 address
Entity CategoryInfrastructure
Base Entities(none)


Entity Properties

Display NameProperty NameData TypeShort DescriptionSample Value
IP Addressipv6-addressstring 2600:3c03::f03c:91ff:fe08:809b
Internalipaddress.internalboolean false


Entity Description

An IP version 6 address


AAAA Record


Entity Meta

InformationValue
Display NameAAAA Record
Entity Namemaltego.AAAARecord
Short DescriptionDNS AAAA Record
Entity CategoryInfrastructure
Base Entitiesmaltego.DNSName


Entity Properties

Display NameProperty NameData TypeShort DescriptionSample Value
IPv6 Addressipv6-addressstringThe IPv6 address the AAAA record points to.0:0:0:0:0:ffff:2d4f:692d
Time to Live (TTL)time-to-liveintThe time-to-live in seconds. This is the amount of time the record is allowed to be cached by a resolver.3600


Entity Description

DNS AAAA record


A Record



Entity Meta

InformationValue
Display NameA Record
Entity Namemaltego.ARecord
Short DescriptionDNS A Record
Entity CategoryInfrastructure
Base Entitiesmaltego.DNSName


Entity Properties

Display NameProperty NameData TypeShort DescriptionSample Value
IPv4 Addressipv4-addressstringThe IPv4 address the A record points to.45.79.105.45
Time to Live (TTL)time-to-liveintThe time-to-live in seconds. This is the amount of time the record is allowed to be cached by a resolver.3600


Entity Description

DNS A Record


WHOIS Record


Entity Meta

InformationValue
Display NameWHOIS Record
Entity Namemaltego.WHOISRecord
Short DescriptionWHOIS Records of a Domain name or an IP Address
Entity CategoryInfrastructure
Base Entities(none)


Entity Properties

Display NameProperty NameData TypeShort DescriptionSample Value
Namenamestring maltego.com
WHOIS InfowhoisInfostring Domain Name: MALTEGO.COM \n Registry Domain ID: 1265032016_DOMAIN_COM-VRSN \n Registrar WHOIS Server: whois.godaddy.com \n ... \n
Registry Domain IDregistryDomainIdstring  
Domain NamedomainNamestring  
Created DatecreationDatestringCreated On 
Registry Expiry DateregistryExpiryDatestringExpires On 
Updated DateupdatedDatestring  
Transfer DatetransferDatestringTransferred On 
Nameserversnameserversstring  
Name Server IP AddressesnameserverIpAddressesstring  
Mantainermaintainerstring  
Created BycreatedBystring  
Updated ByupdatedBystring  
DNSSECdnssecstring  
Domain StatusdomainStatusstring  
ENS AuthIdensAuthIdstring  
Registry Registrant IDregistryRegistrantIdstringRegistrant ID 
Registrant NameregistrantNamestring  
Registrant OrganizationregistrantOrganizationstring  
Registrant AddressregistrantAddressstring  
Registrant StreetregistrantStreetstring  
Registrant CityregistrantCitystring  
Registrant State/ProvinceregistrantStateProvincestring  
Registrant CountryregistrantCountrystring  
Registrant Country CoderegistrantCountryCodestring  
Registrant Postal CoderegistrantPostalCodestring  
Registrant PhoneregistrantPhonestring  
Registrant Phone ExtregistrantPhoneExtstring  
Registrant FaxregistrantFaxstring  
Registrant Fax ExtregistrantFaxExtstring  
Registrant EmailregistrantEmailstring  
Admin IDadminIdstring  
Admin IDregistryAdminIdstring  
Admin NameadminNamestring  
Admin OrganizationadminOrganizationstring  
Admin AddressadminAddressstring  
Admin StreetadminStreetstring  
Admin CityadminCitystring  
Admin State/ProvinceadminStateProvincestring  
Admin CountryadminCountrystring  
Admin Country CodeadminCountryCodestring  
Admin Postal CodeadminPostalCodestring  
Admin PhoneadminPhonestring  
Admin Phone ExtadminPhoneExtstring  
Admin FaxadminFaxstring  
Admin Fax ExtadminFaxExtstring  
Admin EmailadminEmailstring  
Tech IDregistryTechIdstring  
Tech NametechNamestring  
Tech OrganizationtechOrganizationstring  
Tech AddresstechAddressstring  
Tech CitytechCitystring  
Tech State/ProvincetechStateProvincestring  
Tech CountrytechCountrystring  
Tech Postal CodetechPostalCodestring  
Tech PhonetechPhonestring  
Tech Phone ExttechPhoneExtstring  
Tech FaxtechFaxstring  
Tech Fax ExttechFaxExtstring  
Tech EmailtechEmailstring  
Registrar IDregistrarIdstring  
Registrar IANA IDregistrarIanaIdstring  
Registrarregistrarstring  
Registrar Registration Expiration DateregistrarRegistrationExpirationDatestring  
Registrar URLregistrarUrlstring  
Registrar WHOIS ServerregistrarWhoisServerstring  
Registrar StatusregistrarStatusstring  
Registrar AddressregistrarAddressstring  
Registrar CityregistrarCitystring  
Registrar State/ProvinceregistrarStateProvincestring  
Registrar CountryregistrarCountrystring  
Registrar Postal CoderegistrarPostalCodestring  
Registrar PhoneregistrarPhonestring  
Registrar FaxregistrarFaxstring  
Registrar Fax ExtregistrarFaxExtstring  
Registrar EmailregistrarEmailstring  
Registrar Abuse Contact EmailregistrarAbuseContactEmailstring  
Registrar Abuse Contact PhoneregistrarAbuseContactPhonestring  
Sponsoring RegistrarsponsoringRegistrarstring  
Maltego Entity VersionentityVersionstring  


Entity Description

WHOIS Records of a domain name or an IP address


SSL Certificate


Entity Meta

InformationValue
Display NameSSL Certificate
Entity Namemaltego.X509Certificate
Short DescriptionCertificate used by SSL/TLS servers and clients
Entity CategoryInfrastructure
Base Entities(none)


Entity Properties

Display NameProperty NameData TypeShort DescriptionSample Value
SubjectsubjectstringEntity identified by this certificatewww.maltego.com
IssuerissuerstringIssuer of this certificate 
Subject DNsubjectDNstringSubject's Distinguished Name 
Issuer DNissuerDNstringIssuer Distinguished Name 
SKIskistringSubject Key Identifier 
AKIakistringAuthority Key Identifier 
SerialserialstringSerial Number 
SANsanstring[]Alternative subject names identified by this certificate 
Usageusagestring[]Key Usage 
Issuance IDissuanceIdintCT log ID of this certficate's issuance0
Valid FromvalidFromstring  
Valid UntilvalidTostring  
Countrycountrystring  
OrganizationorganizationstringSubjetc's organization 


Entity Description

Certificate used by SSL/TLS servers and clients


Netblock CIDR


Entity Meta

InformationValue
Display NameNetblock CIDR
Entity Namemaltego.CIDR
Short DescriptionCIDR representation of a Netblock
Entity CategoryInfrastructure
Base Entities(none)


Entity Properties

Display NameProperty NameData TypeShort DescriptionSample Value
CIDR Rangecidrstring 74.207.243.0/24


Entity Description

CIDR representation of a Netblock

 

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Search all Maltego Guides:

Interested? Get your free demo
Questions? Contact us

© 2021 by Maltego Technologies.