To help users establish the path of data when analyzing query results, Web Scanner makes use of origin_xxx and redirect field names as search parameters.
Origin data
origin_xxx data represents the initial piece of data that a scan was conducted on.
The origin_url value "http://3.1.104.127" points to the url value "https://blinkit.com/store-locator"
Here's a list of current origin_xxx field names, and their associated data types:
origin_domainorigin_hostnameorigin_iporigin_pathorigin_portorigin_schemeorigin_url
Combined origin and destination searches
When searching for a domain, hostname, path or url, the matching origin_xxx field is also searched automatically.
This is supported for exact matches, wildcard matches, and regular expression matches.
The query domain = silentpush.com automatically searches domain and origin_domain
For negative matches, using != or!~=, only the given field is searched.
'Redirect' data
The redirect field name gives a boolean response that indicates whether a redirect was detected during the connection.
The redirect_to_https field name gives a boollean response that indicates if the redirect led to a HTTPS connection.
The redirect_list field name provides a list of all redirects that occurred during the connection.
The origin_url http://20.160.240.124 redirects via:
→ https://20.160.240.124//sslvpn/Login/Login
→ https://20.160.240.124//sslvpn/Login/Login?CheckCookieSupport=1
→ https://20.160.240.124//sslvpn/Login/Login (final destination)
In the above example, the redirect_list field name would contain https://20.160.240.124//sslvpn/Login/Login, https://20.160.240.124//sslvpn/Login/Login?CheckCookieSupport=1, https://20.160.240.124//sslvpn/Login/Login, and both redirect and redirect_to_https would be set to "True".