Understand field names

Updated
  • Updated on Aug 21, 2025
  • Published on Oct 4, 2023
  • 13 minute(s) read
Prev Next

This article provides a comprehensive reference for field names and data sources used in Web Scanner queries. Field names are searchable data categories in SPQL (Search and Query Language), enabling precise searches across Web Scanner’s data repositories. Understanding these fields and their associated data sources is essential for constructing effective queries and interpreting scan results.

Overview of Data Sources

Web Scanner organizes scanned data into six data sources each representing a specific type of web data. The table below summarizes each data source and its primary use case:

Data Source

Description

Webscan

Web data from public IPv4 and IPv6 ranges, including HTML, favicons, and SSL data.

torscan

Data from .onion sites on the Tor network, similar to webscan but Tor-specific.

services

Non-HTTP services (e.g., SSH, DNS), including TLS/SSL certificate data.

opendirectory

Data from open directories, including file and directory metadata.

webscanhistory

Log of successful scanning attempts, tracking domains and IPs scanned.

webscanfailure

Log of failed scanning attempts, including reasons for failure.

Important: The Datestring data type is taken as YYY-MM-DD.

Use Field Names in Queries

Field names are used in SPQL queries to target specific data within a data source. For example:

  • Query: domain = crypto* AND datasource = torscan

    • Searches the torscan data source for .onion domains starting with “crypto”.

  • Query: ssl.expired = true AND datasource = services

    • Returns all expired SSL certificates in the services data source.

To search across multiple data sources, use square brackets with a comma-separated list:

  • Query: domain = payments* AND datasource = [webscan, torscan]

    • Searches for domains starting with “payments” in both webscan and torscan.

For guidance on constructing queries, see Manage and Run Queries in Web Scanner.

'webscan' field names

Here's a list of field names you can search across using the webscan data source.

Field name

Description

Type

adtech.ads_txt

Has /ads.txt

Boolean

adtech.ads_txt_sha256

sha256 of /ads.txt

String

adtech.app_ads_txt

Has /app-ads.txt

Boolean

adtech.app-ads_txt_sha256

sha256 of /app-ads.txt

String

adtech.sellers_json

Has /sellers.json

Boolean

adtech.sellers_json_sha256

sha256 of /sellers.json

String

body_analysis.adsense

String

body_analysis.adserver

String

body_analysis.analytics

String

body_analysis.body_sha256

SHA256 hash of the <body>

String

body_analysis.footer_sha256

SHA256 hash of the <footer>

String

body_analysis.google-adstag

String

body_analysis.google-GA4

GA4 tag

String

body_analysis.google-UA

UA tag

String

body_analysis.header_sha256

SHA256 hash of the <header>

String

body_analysis.ICP_license

Chinese ICP LIcense

String

body_analysis.js_sha256

List of referenced js files in the HTML content, in the form of "url sha256"

String

body_analysis.js_ssdeep

List of referenced js files in the HTML content, in the form of "url ssdeep"

String

body_analysis.language

List of languages found in the HTML content, comma separated, from most used to least used

String

body_analysis.onion

List of onion addresses that are in the HTML response

String

body_analysis.SHV

Script Hash Value, based on js scripts used by a website.

String

datahash

A unique hash of the overall scan result

String

domain

The final domain that the origin domain that was scanned redirects to

String

favicon_avg

Visual similarity image hash of the website's favicon file

String

favicon2_avg

Visual similarity image hash of the website's favicon2 file

String

favicon_md5

Favicon MD5 Hash

String

favicon_murmur3

Favicon Murmur3 Hash

String

favicon_path

Favicon Path

String

favicon2_md5

Favicon2 MD5 Hash

String

favicon2_murmur3

Favicon2 Murmur3 Hash

String

favicon2_path

Favicon2 Path

String

favicon_urls

List of the URLs of the favicons

String

file

Does URL scanned point to a file

Boolean

file_sha256

Hash of file pointed to

String

geoip.asn

Autonomous System Name (ASN)

Integer

geoip.as_org

AS Organization

String

geoip.city_name

City of IP geolocation

String

geoip.continent_code

Continent of IP geolocation

String

geoip.country_code2

Country code of IP geolocation

String

geoip.country_code3

Country code of IP geolocation

String

geoip.country_name

Country name of IP geolocation

String

geoip.dma_code

Designated marketing area

String

geoip.latitude

Latitude value of IP geolocationll

Float

geoip.location.lat

Latitude value of IP geolocation

Float

geoip.location.lon

Longtitude value of IP geolocation

Float

geoip.longitude

Longtitude value of IP geolocation

Float

geoip.postal_code

Postal code of IP geolocation

String

geoip.region_code

Region code of IP geolocation

String

geoip.region_name

Region name of IP geolocation

String

geoip.timezone

Timezone of IP geolocation

String

header.cache-control

Instructions that control caching in browsers and shared caches (e.g. Proxies, CDNs)

String

header.connection

Whether the network connection stays open after the current transaction finishes

String

header.content-length

Size of the message body, in bytes, sent to the recipient.

Number

header.content-type

Original media type of the resource (prior to any content encoding applied for sending).

String

header.etag

The ETag (or entity tag) HTTP response header

String

header.refresh

String

header.server

Software used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirect

String

header.x-powered-by

Value returned from server stating whatv it's powered by

String

hhv

A hash value based on the header keys

String

hostname

Hostname of domain that original domain that was scanned redirects to

String

html_body_murmur3

A Murmur3 hash of the HTML body

Number

html_body_length

Number of bytes in the HTML body

Integer

html_body_sha256

A SHA256 hash of the HTML body

String

html_body_similarity

Percentage difference in the HTML body for this scan versus the previous scan - based on the SSDeep hash

Number

html_body_ssdeep

SSDeep hash of the HTML body

String

htmltitle

HTML Title

String

ip

IP hosting URL that origin URL that was scanned redirects to

String

jarm

JARM Hash fingerprinting the TLS configurations of the host

String

opendirectory

Is this an open directory

Boolean

origin_domain

Domain that was scanned

String

origin_hostname

Hostname of domain that was scanned

String

origin_ip

IP hosting URL that was originally scanned

String

origin_path

URL path that was originally scanned

String

origin_port

URL port that was originally scanned

String

origin_scheme

Scheme of URL that was originally scanned

String

origin_url

URL that was originally scanned

URL

path

Path of URL that originally scanned URL redirects to

String

port

Port of URL that originally scanned URL redirects to

Number

redirect

Does the URL scanned result in a redirect

Boolean

redirect_count

Number of URLs involved in a redirect

Integer

redirect_list

List of URLs that sit between the origin and destination URLs

String

redirect_to_https

Does the URL scanned result in a redirect to https

Boolean

response

Scan Request Response Code

Number

scan_date

The date that data was scanned

Datestring

scheme

Scheme of URL that originally scanned URL redirects to

String

ssl.authority_key_id

The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate.

String

ssl.chv

A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count

String

ssl.expired

Has SSL certificate expired

Boolean

ssl.issuer.common_name

SSL Certificate Issuer Common Name

String

ssl.issuer.country

SSL Certificate Issuer Country

String

ssl.issuer.organization

SSL Certificate Issuer Organization

List of strings

ssl.not_after

SSL Certificate Validity End Date

Datetime

ssl.not_before

SSL Certificate Validity Start Date

Datetime

ssl.sans

SSL Certificate Sans List

List of domains

ssl.sans_count

SSL Certificate Sans List Count

Number

ssl.serial_number

SSL Certificate Serial Number

String

ssl.SHA1

S1SL Certificate SHA1 Hash

String

ssl.SHA256

SSL Certificate SHA256 Hash

String

ssl.sigalg

SSL Certificate Signature Algorithm

String

ssl.subject.common_name

SSL Certificate Subject Common Name

String

ssl.subject.country

SSL Certificate Subject Country

String

ssl.subject.names

SSL Certificate Subject Names

List of domains

ssl.subject.organization

SSL Certificate Subject Organization

String

ssl.wildcard

Is this a wildcard SAN certificate, i.e. Sans List references wildcards

Boolean

subdomain

The subdomain value, if it exists, of the final domain that scanned original domain redirects to

String

tld

The top level domain of the final domain that scanned original domain redirects to

String

url

The final URL that the origin URL that was scanned redirects to

String

'torscan' field names

Here's a list of field names you can search across using the torscan data source.

Field name

Description

Type

body_analysis.adsense

String

body_analysis.adserver

String

body_analysis.analytics

String

body_analysis.body_sha256

SHA256 hash of the <body>

String

body_analysis.footer_sha256

SHA256 hash of the <footer>

String

body_analysis.google-adstag

String

body_analysis.google-GA4

GA4 tag

String

body_analysis.google-UA

UA tag

String

body_analysis.header_sha256

SHA256 hash of the <header>

String

body_analysis.js_sha256

List of referenced js files in the HTML content, in the form of "url sha256"

String

body_analysis.js_ssdeep

List of referenced js files in the HTML content, in the form of "url ssdeep"

String

body_analysis.language

List of languages found in the HTML content, comma separated, from most used to least used

String

body_analysis.onion

List of onion addresses that are in the HTML response

String

body_analysis.SHV

Script Hash Value, based on js scripts used by a website.

String

datahash

A unique hash of the overall scan result

String

domain

The final domain that scan redirects to

String

favicon_avg

Visual similarity image hash of the website's favicon file

String

favicon2_avg

Visual similarity image hash of the website's favicon2 file

String

favicon_md5

Favicon MD5 Hash

String

favicon_murmur3

Favicon Murmur3 Hash

String

favicon_path

Favicon Path

String

favicon2_md5

Favicon2 MD5 Hash

String

favicon2_murmur3

Favicon2 Murmur3 Hash

String

favicon2_path

Favicon2 Path

String

favicon_urls

List of the URLs of the favicons

String

file

Does URL scanned point to a file

Boolean

file_sha256

Hash of file pointed to

String

header.cache-control

Instructions that control caching in browsers and shared caches (e.g. Proxies, CDNs)

String

header.connection

Whether the network connection stays open after the current transaction finishes

String

header.content-length

Size of the message body, in bytes, sent to the recipient.

Number

header.content-type

Original media type of the resource (prior to any content encoding applied for sending).

String

header.etag

The ETag (or entity tag) HTTP response header

String

header.refresh

String

header.server

Software used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirect

String

header.x-powered-by

Value returned from server stating whatv it's powered by

String

hhv

A hash value based on the header keys

String

hostname

Hostname of domain that original domain that was scanned redirects to

String

html_body_murmur3

A Murmur3 hash of the HTML body

Number

html_body_sha256

A SHA256 hash of the HTML body

String

html_body_ssdeep

SSDeep hash of the HTML body

String

htmltitle

HTML Title

String

opendirectory

Is this an open directory

Boolean

origin_hostname

Hostname of domain that was scanned

String

origin_ip

IP hosting URL that was originally scanned

String

origin_path

URL path that was originally scanned

String

origin_port

URL port that was originally scanned

String

origin_scheme

Scheme of URL that was originally scanned

String

origin_url

URL that was originally scanned

URL

path

Path of URL that originally scanned URL redirects to

String

port

Port of URL that originally scanned URL redirects to

Number

redirect

Does the URL scanned result in a redirect

Boolean

redirect_count

Number of URLs involved in a redirect

Integer

redirect_list

List of URLs that sit between the origin and destination URLs

String

redirect_to_https

Does the URL scanned result in a redirect to https

Boolean

response

Scan Request Response Code

Number

scan_date

The date that data was scanned

Datestring

scheme

Scheme of URL that originally scanned URL redirects to

String

ssl.authority_key_id

The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate.

String

ssl.chv

A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count

String

ssl.expired

Has SSL certificate expired

Boolean

ssl.issuer.common_name

SSL Certificate Issuer Common Name

String

ssl.issuer.country

SSL Certificate Issuer Country

String

ssl.issuer.organization

SSL Certificate Issuer Organization

List of strings

ssl.not_after

SSL Certificate Validity End Date

Datetime

ssl.not_before

SSL Certificate Validity Start Date

Datetime

ssl.sans

SSL Certificate Sans List

List of domains

ssl.sans_count

SSL Certificate Sans List Count

Number

ssl.serial_number

SSL Certificate Serial Number

String

ssl.SHA1

SSL Certificate SHA1 Hash

String

ssl.SHA256

SSL Certificate SHA256 Hash

String

ssl.sigalg

SSL Certificate Signature Algorithm

String

ssl.subject.common_name

SSL Certificate Subject Common Name

String

ssl.subject.country

SSL Certificate Subject Country

String

ssl.subject.names

SSL Certificate Subject Names

List of domains

ssl.subject.organization

SSL Certificate Subject Organization

String

ssl.wildcard

Is this a wildcard SAN certificate, i.e. Sans List references wildcards

Boolean

subdomain

The subdomain value, if it exists, of the final domain that scanned original domain redirects to

String

tld

The top level domain of the final domain that scanned original domain redirects to

String

url

The final URL that the origin URL that was scanned redirects to

String

'services' field names

Here's a list of field names you can search across using the services data source.

Field name

Description

Type

banner

Service banner on a specific port

String

datahash

A unique hash of the overall scan result

String

fingerprints.ECDSA

Fingerprint of the ECDSA public key

String

fingerprints.ED25519

Fingerprint of the ED25519 public key

String

fingerprints.RSA

Fingerprint of the RSA public key

String

geoip.asn

Autonomous System Name (ASN)

Integer

geoip.as_org

AS Organization

String

ip

IP hosting URL that origin URL that was scanned redirects to

String

port

Port of URL that originally scanned URL redirects to

Number

scan_date

The date that data was scanned

Datestring

ssl.authority_key_id

The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate.

String

ssl.chv

A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count

String

ssl.expired

Has SSL certificate expired

Boolean

ssl.issuer.common_name

SSL Certificate Issuer Common Name

String

ssl.issuer.country

SSL Certificate Issuer Country

String

ssl.issuer.organization

SSL Certificate Issuer Organization

List of strings

ssl.not_after

SSL Certificate Validity End Date

Datetime

ssl.not_before

SSL Certificate Validity Start Date

Datetime

ssl.sans

SSL Certificate Sans List

List of domains

ssl.sans_count

SSL Certificate Sans List Count

Number

ssl.serial_number

SSL Certificate Serial Number

String

ssl.SHA1

SSL Certificate SHA1 Hash

String

ssl.SHA256

SSL Certificate SHA256 Hash

String

ssl.sigalg

SSL Certificate Signature Algorithm

String

ssl.subject.common_name

SSL Certificate Subject Common Name

String

ssl.subject.country

SSL Certificate Subject Country

String

ssl.subject.names

SSL Certificate Subject Names

List of domains

ssl.subject.organization

SSL Certificate Subject Organization

String

ssl.wildcard

Is this a wildcard SAN certificate, i.e. Sans List references wildcards

Boolean

'opendirectory' field names

Here's a list of field names you can search across using the opendirectory data source.

Field name

Description

Type

dir

Is a directory

Boolean

geoip.asn

Autonomous System Name (ASN)

Integer

geoip.as_org

AS Organization

String

hostname

Hostname of domain that original domain that was scanned redirects to

String

ip

IP hosting URL that origin URL that was scanned redirects to

String

last_modified

Last modified date of a file in an open directory

Datestring

name

Filename or directory name of a file in an open directory

String

port

Port of URL that originally scanned URL redirects to

Number

scan_date

The date that data was scanned

Datestring

scheme

Scheme of URL that originally scanned URL redirects to

String

size

The filesize in bytes

Integer

'webscanhistory' field names

Here's a list of field names you can search across using the webscanhistory data source.

Field name

Description

Type

datahash

A unique hash of the overall scan result

String

domain

The final domain that the origin domain that was scanned redirects to

String

hostname

Hostname of domain that original domain that was scanned redirects to

String

ip

IP hosting URL that origin URL that was scanned redirects to

String

origin_url

URL that was originally scanned

URL

scan_date

The date that data was scanned

Datestring

scheme

Scheme of URL that originally scanned URL redirects to

String

'webscanfailure' field names

Here's a list of field names you can search across using the webscanfailure data source.

Field name

Description

Type

domain

The final domain that the origin domain that was scanned redirects to

String

ip

IP hosting URL that origin URL that was scanned redirects to

String

port

Port of URL that originally scanned URL redirects to

Number

reason

The reason a scanning failure occurred

String

scan_date

The date that data was scanned

Datestring

scheme

Scheme of URL that originally scanned URL redirects to

String

url

The final URL that the origin URL that was scanned redirects to

String

Field name index

Field name

Description

Type

Data source

adtech.ads_txt

Has /ads.txt

Boolean

webscan

adtech.ads_txt_sha256

sha256 of /ads.txt

String

webscan

adtech.app_ads_txt

Has /app-ads.txt

Boolean

webscan

adtech.app-ads_txt_sha256

sha256 of /app-ads.txt

String

webscan

adtech.sellers_json

Has /sellers.json

Boolean

webscan

adtech.sellers_json_sha256

sha256 of /sellers.json

String

webscan

banner

Service banner on a specific port

String

services

body_analysis.adsense

String

webscan, torscan

body_analysis.adserver

String

webscan, torscan

body_analysis.analytics

String

webscan, torscan

body_analysis.body_sha256

SHA256 hash of the <body>

String

webscan, torscan

body_analysis.footer_sha256

SHA256 hash of the <footer>

String

webscan, torscan

body_analysis.google-adstag

String

webscan, torscan

body_analysis.google-GA4

GA4 tag

String

webscan, torscan

body_analysis.google-UA

UA tag

String

webscan, torscan

body_analysis.header_sha256

SHA256 hash of the <header>

String

webscan, torscan

body_analysis.ICP_license

Chinese ICP LIcense

String

webscan

body_analysis.js_sha256

List of referenced js files in the HTML content, in the form of "url sha256"

String

webscan, torscan

body_analysis.js_ssdeep

List of referenced js files in the HTML content, in the form of "url ssdeep"

String

webscan, torscan

body_analysis.language

List of languages found in the HTML content, comma separated, from most used to least used

String

webscan, torscan

body_analysis.onion

List of onion addresses that are in the HTML response

String

webscan, torscan

body_analysis.SHV

Script Hash Value, based on js scripts used by a website.

String

webscan, torscan

datahash

A unique hash of the overall scan result

String

webscan, torscan, services, webscanhistory

datasource

The index of the data

String

N/A

dir

Is a directory

Boolean

opendirectory

domain

The final domain that the origin domain that was scanned redirects to

String

webscan, torscan, webscanhistory, webscanfailure

favicon_avg

Visual similarity image hash of the website's favicon file

String

webscan, torscan

favicon2_avg

Visual similarity image hash of the website's favicon2 file

String

webscan, torscan

favicon_md5

Favicon MD5 Hash

String

webscan, torscan

favicon_murmur3

Favicon Murmur3 Hash

String

webscan, torscan

favicon_path

Favicon Path

String

webscan, torscan

favicon2_md5

Favicon2 MD5 Hash

String

webscan, torscan

favicon2_murmur3

Favicon2 Murmur3 Hash

String

webscan, torscan

favicon2_path

Favicon2 Path

String

webscan, torscan

favicon_urls

List of the URLs of the favicons

String

webscan, torscan

file

Does URL scanned point to a file

Boolean

webscan, torscan

file_sha256

Hash of file pointed to

String

webscan, torscan

fingerprints.ECDSA

Fingerprint of the ECDSA public key

String

services

fingerprints.ED25519

Fingerprint of the ED25519 public key

String

services

fingerprints.RSA

Fingerprint of the RSA public key

String

services

geoip.asn

Autonomous System Name (ASN)

Integer

webscan, services, opendir

geoip.as_org

AS Organization

String

webscan, services, opendirectory

geoip.city_name

City of IP geolocation

String

webscan

geoip.continent_code

Continent of IP geolocation

String

webscan

geoip.country_code2

Country code of IP geolocation

String

webscan

geoip.country_code3

Country code of IP geolocation

String

webscan

geoip.country_name

Country name of IP geolocation

String

webscan

geoip.dma_code

Designated marketing area

String

webscan

geoip.latitude

Latitude value of IP geolocationll

Float

webscan

geoip.location.lat

Latitude value of IP geolocation

Float

webscan

geoip.location.lon

Longtitude value of IP geolocation

Float

webscan

geoip.longitude

Longtitude value of IP geolocation

Float

webscan

geoip.postal_code

Postal code of IP geolocation

String

webscan

geoip.region_code

Region code of IP geolocation

String

webscan

geoip.region_name

Region name of IP geolocation

String

webscan

geoip.timezone

Timezone of IP geolocation

String

webscan

header.cache-control

Instructions that control caching in browsers and shared caches (e.g. Proxies, CDNs)

String

webscan, torscan

header.connection

Whether the network connection stays open after the current transaction finishes

String

webscan, torscan

header.content-length

Size of the message body, in bytes, sent to the recipient.

Number

webscan, torscan

header.content-type

Original media type of the resource (prior to any content encoding applied for sending).

String

webscan, torscan

header.etag

The ETag (or entity tag) HTTP response header

String

webscan, torscan

header.refresh

String

webscan, torscan

header.server

Software used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirect

String

webscan, torscan

header.x-powered-by

Value returned from server stating whatv it's powered by

String

webscan, torscan

hhv

A hash value based on the header keys

String

webscan, torscan

hostname

Hostname of domain that original domain that was scanned redirects to

String

webscan, torscan, webscanhistory

html_body_length

Number of bytes in the HTML body

Integer

webscan

html_body_murmur3

A Murmur3 hash of the HTML body

Number

webscan, torscan

html_body_sha256

A SHA256 hash of the HTML body

String

webscan, torscan

html_body_similarity

Percentage difference in the HTML body for this scan versus the previous scan - based on the SSDeep hash

Number

webscan

html_body_ssdeep

SSDeep hash of the HTML body

String

webscan, torscan

htmltitle

HTML Title

String

webscan, torscan

ip

IP hosting URL that origin URL that was scanned redirects to

String

webscan, services, opendirectory, webscanhistory, webscanfailure

jarm

JARM Hash fingerprinting the TLS configurations of the host

String

webscan

last_modified

Last modified date of a file in an open directory

Datestring

opendirectory

name

Filename or directory name of a file in an open directory

String

opendirectory

opendirectory

Is this an open directory

Boolean

webscan, torscan

origin_domain

Domain that was scanned

String

webscan

origin_hostname

Hostname of domain that was scanned

String

webscan, torscan

origin_ip

IP hosting URL that was originally scanned

String

webscan, torscan

origin_path

URL path that was originally scanned

String

webscan, torscan

origin_port

URL port that was originally scanned

String

webscan

origin_scheme

Scheme of URL that was originally scanned

String

webscan

origin_url

URL that was originally scanned

URL

webscan, torscan, webscanhistory

path

Path of URL that originally scanned URL redirects to

String

webscan, torscan

port

Port of URL that originally scanned URL redirects to

Number

webscan, torscan, services, opendirectory, webscanfailure

reason

The reason a scanning failure occurred

String

webscanfailure

redirect

Does the URL scanned result in a redirect

Boolean

webscan, torscan

redirect_count

Number of URLs involved in a redirect

Integer

webscan, torscan

redirect_list

List of URLs that sit between the origin and destination URLs

String

webscan, torscan

redirect_to_https

Does the URL scanned result in a redirect to https

Boolean

webscan, torscan

response

Scan Request Response Code

Number

webscan, torscan

scan_date

The date that data was scanned

Datestring

webscan, torscan, services, opendirectory, webscanhistory, webscanfailure

scheme

Scheme of URL that originally scanned URL redirects to

String

webscan, torscan, opendirectory, webscanhistory, webscanfailure

size

The filesize in bytes

Integer

opendirectory

ssl.authority_key_id

The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate.

String

webscan, torscan, services

ssl.chv

A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count

String

webscan, torscan, services

ssl.expired

Has SSL certificate expired

Boolean

webscan, torscan, services

ssl.issuer.common_name

SSL Certificate Issuer Common Name

String

webscan, torscan, services

ssl.issuer.country

SSL Certificate Issuer Country

String

webscan, torscan, services

ssl.issuer.organization

SSL Certificate Issuer Organization

List of strings

webscan, torscan, services

ssl.not_after

SSL Certificate Validity End Date

Datetime

webscan, torscan, services

ssl.not_before

SSL Certificate Validity Start Date

Datetime

webscan, torscan, services

ssl.sans

SSL Certificate Sans List

List of domains

webscan, torscan, services

ssl.sans_count

SSL Certificate Sans List Count

Number

webscan, torscan, services

ssl.serial_number

SSL Certificate Serial Number

String

webscan, torscan, services

ssl.SHA1

SSL Certificate SHA1 Hash

String

webscan, torscan, services

ssl.SHA256

SSL Certificate SHA256 Hash

String

webscan, torscan, services

ssl.sigalg

SSL Certificate Signature Algorithm

String

webscan, torscan, services

ssl.subject.common_name

SSL Certificate Subject Common Name

String

webscan, torscan, services

ssl.subject.country

SSL Certificate Subject Country

String

webscan, torscan, services

ssl.subject.names

SSL Certificate Subject Names

List of domains

webscan, torscan, services

ssl.subject.organization

SSL Certificate Subject Organization

String

webscan, torscan, services

ssl.wildcard

Is this a wildcard SAN certificate, i.e. Sans List references wildcards

Boolean

webscan, torscan, services

subdomain

The subdomain value, if it exists, of the final domain that scanned original domain redirects to

String

webscan, torscan

timestamp

A date string

String

tld

The top level domain of the final domain that scanned original domain redirects to

String

webscan, torscan

url

The final URL that the origin URL that was scanned redirects to

String

webscan, torscan