- 13 May 2024
- 18 Minutes to read
- Print
- DarkLight
Understand field names
- Updated on 13 May 2024
- 18 Minutes to read
- Print
- DarkLight
Field names are searchable data categories used in SPQL, and Web Scanner searches.
Scanned data is grouped into separate repositories, known as a data sources.
There are 6 data sources available in SPQL, each with their own set of field names that you can use to search through the data contained within them:
webscan
torscan
services
opendirectory
webscanhistory
webscanfailure
Read this article for more information on each data source, and some example queries.
The "Datestring" data type is taken as YYYY-MM-DD
'webscan' field names
Here's a list of field names you can search across using the webscan
data source.
Field name | Description | Type |
---|---|---|
adtech.ads_txt | Has /ads.txt | Boolean |
adtech.ads_txt_sha256 | sha256 of /ads.txt | String |
adtech.app_ads_txt | Has /app-ads.txt | Boolean |
adtech.app-ads_txt_sha256 | sha256 of /app-ads.txt | String |
adtech.sellers_json | Has /sellers.json | Boolean |
adtech.sellers_json_sha256 | sha256 of /sellers.json | String |
body_analysis.adsense | String | |
body_analysis.adserver | String | |
body_analysis.analytics | String | |
body_analysis.body_sha256 | SHA256 hash of the <body> | String |
body_analysis.footer_sha256 | SHA256 hash of the <footer> | String |
body_analysis.google-adstag | String | |
body_analysis.google-GA4 | GA4 tag | String |
body_analysis.google-UA | UA tag | String |
body_analysis.header_sha256 | SHA256 hash of the <header> | String |
body_analysis.ICP_license | Chinese ICP LIcense | String |
body_analysis.js_sha256 | List of referenced js files in the HTML content, in the form of "url sha256" | String |
body_analysis.js_ssdeep | List of referenced js files in the HTML content, in the form of "url ssdeep" | String |
body_analysis.language | List of languages found in the HTML content, comma separated, from most used to least used | String |
body_analysis.onion | List of onion addresses that are in the HTML response | String |
body_analysis.SHV | Script Hash Value, based on js scripts used by a website. | String |
datahash | A unique hash of the overall scan result | String |
domain | The final domain that the origin domain that was scanned redirects to | String |
favicon_avg | Visual similarity image hash of the website's favicon file | String |
favicon2_avg | Visual similarity image hash of the website's favicon2 file | String |
favicon_md5 | Favicon MD5 Hash | String |
favicon_murmur3 | Favicon Murmur3 Hash | String |
favicon_path | Favicon Path | String |
favicon2_md5 | Favicon2 MD5 Hash | String |
favicon2_murmur3 | Favicon2 Murmur3 Hash | String |
favicon2_path | Favicon2 Path | String |
favicon_urls | List of the URLs of the favicons | String |
file | Does URL scanned point to a file | Boolean |
file_sha256 | Hash of file pointed to | String |
geoip.asn | Autonomous System Name (ASN) | Integer |
geoip.as_org | AS Organization | String |
geoip.city_name | City of IP geolocation | String |
geoip.continent_code | Continent of IP geolocation | String |
geoip.country_code2 | Country code of IP geolocation | String |
geoip.country_code3 | Country code of IP geolocation | String |
geoip.country_name | Country name of IP geolocation | String |
geoip.dma_code | Designated marketing area | String |
geoip.latitude | Latitude value of IP geolocationll | Float |
geoip.location.lat | Latitude value of IP geolocation | Float |
geoip.location.lon | Longtitude value of IP geolocation | Float |
geoip.longitude | Longtitude value of IP geolocation | Float |
geoip.postal_code | Postal code of IP geolocation | String |
geoip.region_code | Region code of IP geolocation | String |
geoip.region_name | Region name of IP geolocation | String |
geoip.timezone | Timezone of IP geolocation | String |
header.cache-control | Instructions that control caching in browsers and shared caches (e.g. Proxies, CDNs) | String |
header.connection | Whether the network connection stays open after the current transaction finishes | String |
header.content-length | Size of the message body, in bytes, sent to the recipient. | Number |
header.content-type | Original media type of the resource (prior to any content encoding applied for sending). | String |
header.etag | The ETag (or entity tag) HTTP response header | String |
header.refresh | String | |
header.server | Software used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirect | String |
header.x-powered-by | Value returned from server stating whatv it's powered by | String |
hhv | A hash value based on the header keys | String |
hostname | Hostname of domain that original domain that was scanned redirects to | String |
html_body_murmur3 | A Murmur3 hash of the HTML body | Number |
html_body_length | Number of bytes in the HTML body | Integer |
html_body_sha256 | A SHA256 hash of the HTML body | String |
html_body_similarity | Percentage difference in the HTML body for this scan versus the previous scan - based on the SSDeep hash | Number |
html_body_ssdeep | SSDeep hash of the HTML body | String |
htmltitle | HTML Title | String |
ip | IP hosting URL that origin URL that was scanned redirects to | String |
jarm | JARM Hash fingerprinting the TLS configurations of the host | String |
opendirectory | Is this an open directory | Boolean |
origin_domain | Domain that was scanned | String |
origin_hostname | Hostname of domain that was scanned | String |
origin_ip | IP hosting URL that was originally scanned | String |
origin_path | URL path that was originally scanned | String |
origin_port | URL port that was originally scanned | String |
origin_scheme | Scheme of URL that was originally scanned | String |
origin_url | URL that was originally scanned | URL |
path | Path of URL that originally scanned URL redirects to | String |
port | Port of URL that originally scanned URL redirects to | Number |
redirect | Does the URL scanned result in a redirect | Boolean |
redirect_count | Number of URLs involved in a redirect | Integer |
redirect_list | List of URLs that sit between the origin and destination URLs | String |
redirect_to_https | Does the URL scanned result in a redirect to https | Boolean |
response | Scan Request Response Code | Number |
scan_date | The date that data was scanned | Datestring |
scheme | Scheme of URL that originally scanned URL redirects to | String |
ssl.authority_key_id | The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate. | String |
ssl.chv | A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count | String |
ssl.expired | Has SSL certificate expired | Boolean |
ssl.issuer.common_name | SSL Certificate Issuer Common Name | String |
ssl.issuer.country | SSL Certificate Issuer Country | String |
ssl.issuer.organization | SSL Certificate Issuer Organization | List of strings |
ssl.not_after | SSL Certificate Validity End Date | Datetime |
ssl.not_before | SSL Certificate Validity Start Date | Datetime |
ssl.sans | SSL Certificate Sans List | List of domains |
ssl.sans_count | SSL Certificate Sans List Count | Number |
ssl.serial_number | SSL Certificate Serial Number | String |
ssl.SHA1 | S1SL Certificate SHA1 Hash | String |
ssl.SHA256 | SSL Certificate SHA256 Hash | String |
ssl.sigalg | SSL Certificate Signature Algorithm | String |
ssl.subject.common_name | SSL Certificate Subject Common Name | String |
ssl.subject.country | SSL Certificate Subject Country | String |
ssl.subject.names | SSL Certificate Subject Names | List of domains |
ssl.subject.organization | SSL Certificate Subject Organization | String |
ssl.wildcard | Is this a wildcard SAN certificate, i.e. Sans List references wildcards | Boolean |
subdomain | The subdomain value, if it exists, of the final domain that scanned original domain redirects to | String |
tld | The top level domain of the final domain that scanned original domain redirects to | String |
url | The final URL that the origin URL that was scanned redirects to | String |
'torscan' field names
Here's a list of field names you can search across using the torscan
data source.
Field name | Description | Type |
---|---|---|
body_analysis.adsense | String | |
body_analysis.adserver | String | |
body_analysis.analytics | String | |
body_analysis.body_sha256 | SHA256 hash of the <body> | String |
body_analysis.footer_sha256 | SHA256 hash of the <footer> | String |
body_analysis.google-adstag | String | |
body_analysis.google-GA4 | GA4 tag | String |
body_analysis.google-UA | UA tag | String |
body_analysis.header_sha256 | SHA256 hash of the <header> | String |
body_analysis.js_sha256 | List of referenced js files in the HTML content, in the form of "url sha256" | String |
body_analysis.js_ssdeep | List of referenced js files in the HTML content, in the form of "url ssdeep" | String |
body_analysis.language | List of languages found in the HTML content, comma separated, from most used to least used | String |
body_analysis.onion | List of onion addresses that are in the HTML response | String |
body_analysis.SHV | Script Hash Value, based on js scripts used by a website. | String |
datahash | A unique hash of the overall scan result | String |
domain | The final domain that scan redirects to | String |
favicon_avg | Visual similarity image hash of the website's favicon file | String |
favicon2_avg | Visual similarity image hash of the website's favicon2 file | String |
favicon_md5 | Favicon MD5 Hash | String |
favicon_murmur3 | Favicon Murmur3 Hash | String |
favicon_path | Favicon Path | String |
favicon2_md5 | Favicon2 MD5 Hash | String |
favicon2_murmur3 | Favicon2 Murmur3 Hash | String |
favicon2_path | Favicon2 Path | String |
favicon_urls | List of the URLs of the favicons | String |
file | Does URL scanned point to a file | Boolean |
file_sha256 | Hash of file pointed to | String |
header.cache-control | Instructions that control caching in browsers and shared caches (e.g. Proxies, CDNs) | String |
header.connection | Whether the network connection stays open after the current transaction finishes | String |
header.content-length | Size of the message body, in bytes, sent to the recipient. | Number |
header.content-type | Original media type of the resource (prior to any content encoding applied for sending). | String |
header.etag | The ETag (or entity tag) HTTP response header | String |
header.refresh | String | |
header.server | Software used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirect | String |
header.x-powered-by | Value returned from server stating whatv it's powered by | String |
hhv | A hash value based on the header keys | String |
hostname | Hostname of domain that original domain that was scanned redirects to | String |
html_body_murmur3 | A Murmur3 hash of the HTML body | Number |
html_body_sha256 | A SHA256 hash of the HTML body | String |
html_body_ssdeep | SSDeep hash of the HTML body | String |
htmltitle | HTML Title | String |
opendirectory | Is this an open directory | Boolean |
origin_hostname | Hostname of domain that was scanned | String |
origin_ip | IP hosting URL that was originally scanned | String |
origin_path | URL path that was originally scanned | String |
origin_port | URL port that was originally scanned | String |
origin_scheme | Scheme of URL that was originally scanned | String |
origin_url | URL that was originally scanned | URL |
path | Path of URL that originally scanned URL redirects to | String |
port | Port of URL that originally scanned URL redirects to | Number |
redirect | Does the URL scanned result in a redirect | Boolean |
redirect_count | Number of URLs involved in a redirect | Integer |
redirect_list | List of URLs that sit between the origin and destination URLs | String |
redirect_to_https | Does the URL scanned result in a redirect to https | Boolean |
response | Scan Request Response Code | Number |
scan_date | The date that data was scanned | Datestring |
scheme | Scheme of URL that originally scanned URL redirects to | String |
ssl.authority_key_id | The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate. | String |
ssl.chv | A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count | String |
ssl.expired | Has SSL certificate expired | Boolean |
ssl.issuer.common_name | SSL Certificate Issuer Common Name | String |
ssl.issuer.country | SSL Certificate Issuer Country | String |
ssl.issuer.organization | SSL Certificate Issuer Organization | List of strings |
ssl.not_after | SSL Certificate Validity End Date | Datetime |
ssl.not_before | SSL Certificate Validity Start Date | Datetime |
ssl.sans | SSL Certificate Sans List | List of domains |
ssl.sans_count | SSL Certificate Sans List Count | Number |
ssl.serial_number | SSL Certificate Serial Number | String |
ssl.SHA1 | SSL Certificate SHA1 Hash | String |
ssl.SHA256 | SSL Certificate SHA256 Hash | String |
ssl.sigalg | SSL Certificate Signature Algorithm | String |
ssl.subject.common_name | SSL Certificate Subject Common Name | String |
ssl.subject.country | SSL Certificate Subject Country | String |
ssl.subject.names | SSL Certificate Subject Names | List of domains |
ssl.subject.organization | SSL Certificate Subject Organization | String |
ssl.wildcard | Is this a wildcard SAN certificate, i.e. Sans List references wildcards | Boolean |
subdomain | The subdomain value, if it exists, of the final domain that scanned original domain redirects to | String |
tld | The top level domain of the final domain that scanned original domain redirects to | String |
url | The final URL that the origin URL that was scanned redirects to | String |
'services' field names
Here's a list of field names you can search across using the services
data source.
Field name | Description | Type |
---|---|---|
banner | Service banner on a specific port | String |
datahash | A unique hash of the overall scan result | String |
fingerprints.ECDSA | Fingerprint of the ECDSA public key | String |
fingerprints.ED25519 | Fingerprint of the ED25519 public key | String |
fingerprints.RSA | Fingerprint of the RSA public key | String |
geoip.asn | Autonomous System Name (ASN) | Integer |
geoip.as_org | AS Organization | String |
ip | IP hosting URL that origin URL that was scanned redirects to | String |
port | Port of URL that originally scanned URL redirects to | Number |
scan_date | The date that data was scanned | Datestring |
ssl.authority_key_id | The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate. | String |
ssl.chv | A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count | String |
ssl.expired | Has SSL certificate expired | Boolean |
ssl.issuer.common_name | SSL Certificate Issuer Common Name | String |
ssl.issuer.country | SSL Certificate Issuer Country | String |
ssl.issuer.organization | SSL Certificate Issuer Organization | List of strings |
ssl.not_after | SSL Certificate Validity End Date | Datetime |
ssl.not_before | SSL Certificate Validity Start Date | Datetime |
ssl.sans | SSL Certificate Sans List | List of domains |
ssl.sans_count | SSL Certificate Sans List Count | Number |
ssl.serial_number | SSL Certificate Serial Number | String |
ssl.SHA1 | SSL Certificate SHA1 Hash | String |
ssl.SHA256 | SSL Certificate SHA256 Hash | String |
ssl.sigalg | SSL Certificate Signature Algorithm | String |
ssl.subject.common_name | SSL Certificate Subject Common Name | String |
ssl.subject.country | SSL Certificate Subject Country | String |
ssl.subject.names | SSL Certificate Subject Names | List of domains |
ssl.subject.organization | SSL Certificate Subject Organization | String |
ssl.wildcard | Is this a wildcard SAN certificate, i.e. Sans List references wildcards | Boolean |
'opendirectory' field names
Here's a list of field names you can search across using the opendirectory
data source.
Field name | Description | Type |
---|---|---|
dir | Is a directory | Boolean |
geoip.asn | Autonomous System Name (ASN) | Integer |
geoip.as_org | AS Organization | String |
hostname | Hostname of domain that original domain that was scanned redirects to | String |
ip | IP hosting URL that origin URL that was scanned redirects to | String |
last_modified | Last modified date of a file in an open directory | Datestring |
name | Filename or directory name of a file in an open directory | String |
port | Port of URL that originally scanned URL redirects to | Number |
scan_date | The date that data was scanned | Datestring |
scheme | Scheme of URL that originally scanned URL redirects to | String |
size | The filesize in bytes | Integer |
'webscanhistory' field names
Here's a list of field names you can search across using the webscanhistory
data source.
Field name | Description | Type |
---|---|---|
datahash | A unique hash of the overall scan result | String |
domain | The final domain that the origin domain that was scanned redirects to | String |
hostname | Hostname of domain that original domain that was scanned redirects to | String |
ip | IP hosting URL that origin URL that was scanned redirects to | String |
origin_url | URL that was originally scanned | URL |
scan_date | The date that data was scanned | Datestring |
scheme | Scheme of URL that originally scanned URL redirects to | String |
'webscanfailure' field names
Here's a list of field names you can search across using the webscanfailure
data source.
Field name | Description | Type |
---|---|---|
domain | The final domain that the origin domain that was scanned redirects to | String |
ip | IP hosting URL that origin URL that was scanned redirects to | String |
port | Port of URL that originally scanned URL redirects to | Number |
reason | The reason a scanning failure occurred | String |
scan_date | The date that data was scanned | Datestring |
scheme | Scheme of URL that originally scanned URL redirects to | String |
url | The final URL that the origin URL that was scanned redirects to | String |
Field name index
Field name | Description | Type | Data source |
---|---|---|---|
adtech.ads_txt | Has /ads.txt | Boolean | webscan |
adtech.ads_txt_sha256 | sha256 of /ads.txt | String | webscan |
adtech.app_ads_txt | Has /app-ads.txt | Boolean | webscan |
adtech.app-ads_txt_sha256 | sha256 of /app-ads.txt | String | webscan |
adtech.sellers_json | Has /sellers.json | Boolean | webscan |
adtech.sellers_json_sha256 | sha256 of /sellers.json | String | webscan |
banner | Service banner on a specific port | String | services |
body_analysis.adsense | String | webscan , torscan | |
body_analysis.adserver | String | webscan , torscan | |
body_analysis.analytics | String | webscan , torscan | |
body_analysis.body_sha256 | SHA256 hash of the <body> | String | webscan , torscan |
body_analysis.footer_sha256 | SHA256 hash of the <footer> | String | webscan , torscan |
body_analysis.google-adstag | String | webscan , torscan | |
body_analysis.google-GA4 | GA4 tag | String | webscan , torscan |
body_analysis.google-UA | UA tag | String | webscan , torscan |
body_analysis.header_sha256 | SHA256 hash of the <header> | String | webscan , torscan |
body_analysis.ICP_license | Chinese ICP LIcense | String | webscan |
body_analysis.js_sha256 | List of referenced js files in the HTML content, in the form of "url sha256" | String | webscan , torscan |
body_analysis.js_ssdeep | List of referenced js files in the HTML content, in the form of "url ssdeep" | String | webscan , torscan |
body_analysis.language | List of languages found in the HTML content, comma separated, from most used to least used | String | webscan , torscan |
body_analysis.onion | List of onion addresses that are in the HTML response | String | webscan , torscan |
body_analysis.SHV | Script Hash Value, based on js scripts used by a website. | String | webscan , torscan |
datahash | A unique hash of the overall scan result | String | webscan , torscan , services , webscanhistory |
datasource | The index of the data | String | N/A |
dir | Is a directory | Boolean | opendirectory |
domain | The final domain that the origin domain that was scanned redirects to | String | webscan , torscan , webscanhistory , webscanfailure |
favicon_avg | Visual similarity image hash of the website's favicon file | String | webscan , torscan |
favicon2_avg | Visual similarity image hash of the website's favicon2 file | String | webscan , torscan |
favicon_md5 | Favicon MD5 Hash | String | webscan , torscan |
favicon_murmur3 | Favicon Murmur3 Hash | String | webscan , torscan |
favicon_path | Favicon Path | String | webscan , torscan |
favicon2_md5 | Favicon2 MD5 Hash | String | webscan , torscan |
favicon2_murmur3 | Favicon2 Murmur3 Hash | String | webscan , torscan |
favicon2_path | Favicon2 Path | String | webscan , torscan |
favicon_urls | List of the URLs of the favicons | String | webscan , torscan |
file | Does URL scanned point to a file | Boolean | webscan , torscan |
file_sha256 | Hash of file pointed to | String | webscan , torscan |
fingerprints.ECDSA | Fingerprint of the ECDSA public key | String | services |
fingerprints.ED25519 | Fingerprint of the ED25519 public key | String | services |
fingerprints.RSA | Fingerprint of the RSA public key | String | services |
geoip.asn | Autonomous System Name (ASN) | Integer | webscan , services , opendir |
geoip.as_org | AS Organization | String | webscan , services , opendirectory |
geoip.city_name | City of IP geolocation | String | webscan |
geoip.continent_code | Continent of IP geolocation | String | webscan |
geoip.country_code2 | Country code of IP geolocation | String | webscan |
geoip.country_code3 | Country code of IP geolocation | String | webscan |
geoip.country_name | Country name of IP geolocation | String | webscan |
geoip.dma_code | Designated marketing area | String | webscan |
geoip.latitude | Latitude value of IP geolocationll | Float | webscan |
geoip.location.lat | Latitude value of IP geolocation | Float | webscan |
geoip.location.lon | Longtitude value of IP geolocation | Float | webscan |
geoip.longitude | Longtitude value of IP geolocation | Float | webscan |
geoip.postal_code | Postal code of IP geolocation | String | webscan |
geoip.region_code | Region code of IP geolocation | String | webscan |
geoip.region_name | Region name of IP geolocation | String | webscan |
geoip.timezone | Timezone of IP geolocation | String | webscan |
header.cache-control | Instructions that control caching in browsers and shared caches (e.g. Proxies, CDNs) | String | webscan , torscan |
header.connection | Whether the network connection stays open after the current transaction finishes | String | webscan , torscan |
header.content-length | Size of the message body, in bytes, sent to the recipient. | Number | webscan , torscan |
header.content-type | Original media type of the resource (prior to any content encoding applied for sending). | String | webscan , torscan |
header.etag | The ETag (or entity tag) HTTP response header | String | webscan , torscan |
header.refresh | String | webscan , torscan | |
header.server | Software used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirect | String | webscan , torscan |
header.x-powered-by | Value returned from server stating whatv it's powered by | String | webscan , torscan |
hhv | A hash value based on the header keys | String | webscan , torscan |
hostname | Hostname of domain that original domain that was scanned redirects to | String | webscan , torscan , webscanhistory |
html_body_length | Number of bytes in the HTML body | Integer | webscan |
html_body_murmur3 | A Murmur3 hash of the HTML body | Number | webscan , torscan |
html_body_sha256 | A SHA256 hash of the HTML body | String | webscan , torscan |
html_body_similarity | Percentage difference in the HTML body for this scan versus the previous scan - based on the SSDeep hash | Number | webscan |
html_body_ssdeep | SSDeep hash of the HTML body | String | webscan , torscan |
htmltitle | HTML Title | String | webscan , torscan |
ip | IP hosting URL that origin URL that was scanned redirects to | String | webscan , services , opendirectory , webscanhistory , webscanfailure |
jarm | JARM Hash fingerprinting the TLS configurations of the host | String | webscan |
last_modified | Last modified date of a file in an open directory | Datestring | opendirectory |
name | Filename or directory name of a file in an open directory | String | opendirectory |
opendirectory | Is this an open directory | Boolean | webscan , torscan |
origin_domain | Domain that was scanned | String | webscan |
origin_hostname | Hostname of domain that was scanned | String | webscan , torscan |
origin_ip | IP hosting URL that was originally scanned | String | webscan , torscan |
origin_path | URL path that was originally scanned | String | webscan , torscan |
origin_port | URL port that was originally scanned | String | webscan |
origin_scheme | Scheme of URL that was originally scanned | String | webscan |
origin_url | URL that was originally scanned | URL | webscan , torscan , webscanhistory |
path | Path of URL that originally scanned URL redirects to | String | webscan , torscan |
port | Port of URL that originally scanned URL redirects to | Number | webscan , torscan , services , opendirectory , webscanfailure |
reason | The reason a scanning failure occurred | String | webscanfailure |
redirect | Does the URL scanned result in a redirect | Boolean | webscan , torscan |
redirect_count | Number of URLs involved in a redirect | Integer | webscan , torscan |
redirect_list | List of URLs that sit between the origin and destination URLs | String | webscan , torscan |
redirect_to_https | Does the URL scanned result in a redirect to https | Boolean | webscan , torscan |
response | Scan Request Response Code | Number | webscan , torscan |
scan_date | The date that data was scanned | Datestring | webscan , torscan , services , opendirectory , webscanhistory , webscanfailure |
scheme | Scheme of URL that originally scanned URL redirects to | String | webscan , torscan , opendirectory , webscanhistory , webscanfailure |
size | The filesize in bytes | Integer | opendirectory |
ssl.authority_key_id | The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate. | String | webscan , torscan , services |
ssl.chv | A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count | String | webscan , torscan , services |
ssl.expired | Has SSL certificate expired | Boolean | webscan , torscan , services |
ssl.issuer.common_name | SSL Certificate Issuer Common Name | String | webscan , torscan , services |
ssl.issuer.country | SSL Certificate Issuer Country | String | webscan , torscan , services |
ssl.issuer.organization | SSL Certificate Issuer Organization | List of strings | webscan , torscan , services |
ssl.not_after | SSL Certificate Validity End Date | Datetime | webscan , torscan , services |
ssl.not_before | SSL Certificate Validity Start Date | Datetime | webscan , torscan , services |
ssl.sans | SSL Certificate Sans List | List of domains | webscan , torscan , services |
ssl.sans_count | SSL Certificate Sans List Count | Number | webscan , torscan , services |
ssl.serial_number | SSL Certificate Serial Number | String | webscan , torscan , services |
ssl.SHA1 | SSL Certificate SHA1 Hash | String | webscan , torscan , services |
ssl.SHA256 | SSL Certificate SHA256 Hash | String | webscan , torscan , services |
ssl.sigalg | SSL Certificate Signature Algorithm | String | webscan , torscan , services |
ssl.subject.common_name | SSL Certificate Subject Common Name | String | webscan , torscan , services |
ssl.subject.country | SSL Certificate Subject Country | String | webscan , torscan , services |
ssl.subject.names | SSL Certificate Subject Names | List of domains | webscan , torscan , services |
ssl.subject.organization | SSL Certificate Subject Organization | String | webscan , torscan , services |
ssl.wildcard | Is this a wildcard SAN certificate, i.e. Sans List references wildcards | Boolean | webscan , torscan , services |
subdomain | The subdomain value, if it exists, of the final domain that scanned original domain redirects to | String | webscan , torscan |
timestamp | A date string | String | |
tld | The top level domain of the final domain that scanned original domain redirects to | String | webscan , torscan |
url | The final URL that the origin URL that was scanned redirects to | String | webscan , torscan |