Contents x
      Field names
      • 25 Mar 2024
      • 18 Minutes to read
      • Print
      • Dark
        Light
      Contents

      Field names

      • Updated on 25 Mar 2024
      • 18 Minutes to read
      • Print
      • Dark
        Light
      Article Summary

      Field names are searchable data categories used in SPQL, and Web Scanner searches.

      Scanned data is grouped into separate repositories, known as a data sources.

      There are 6 data sources available in SPQL, each with their own set of field names that you can use to search through the data contained within them:

      1. webscan
      2. torscan
      3. services
      4. opendirectory
      5. webscanhistory
      6. webscanfailure

      Read this article for more information on each data source, and some example queries.

      Important!

      The "Datestring" data type is taken as YYYY-MM-DD

      webscan field names

      Here's a list of field names you can search across using the webscan data source.

      Field nameDescriptionType
      adtech.ads_txtHas /ads.txtBoolean
      adtech.ads_txt_sha256sha256 of /ads.txtString
      adtech.app_ads_txtHas /app-ads.txtBoolean
      adtech.app-ads_txt_sha256sha256 of /app-ads.txtString
      adtech.sellers_jsonHas /sellers.jsonBoolean
      adtech.sellers_json_sha256sha256 of /sellers.jsonString
      body_analysis.adsenseString
      body_analysis.adserverString
      body_analysis.analyticsString
      body_analysis.body_sha256SHA256 hash of the <body>String
      body_analysis.footer_sha256SHA256 hash of the <footer>String
      body_analysis.google-adstagString
      body_analysis.google-GA4GA4 tagString
      body_analysis.google-UAUA tagString
      body_analysis.header_sha256SHA256 hash of the <header>String
      body_analysis.ICP_licenseChinese ICP LIcenseString
      body_analysis.js_sha256List of referenced js files in the HTML content, in the form of "url sha256"String
      body_analysis.js_ssdeepList of referenced js files in the HTML content, in the form of "url ssdeep"String
      body_analysis.languageList of languages found in the HTML content, comma separated, from most used to least usedString
      body_analysis.onionList of onion addresses that are in the HTML responseString
      body_analysis.SHVScript Hash Value, based on js scripts used by a website.String
      datahashA unique hash of the overall scan resultString
      domainThe final domain that the origin domain that was scanned redirects toString
      favicon_avgVisual similarity image hash of the website's favicon fileString
      favicon2_avgVisual similarity image hash of the website's favicon2 fileString
      favicon_md5Favicon MD5 HashString
      favicon_murmur3Favicon Murmur3 HashString
      favicon_pathFavicon PathString
      favicon2_md5Favicon2 MD5 HashString
      favicon2_murmur3Favicon2 Murmur3 HashString
      favicon2_pathFavicon2 PathString
      favicon_urlsList of the URLs of the faviconsString
      fileDoes URL scanned point to a fileBoolean
      file_sha256Hash of file pointed toString
      geoip.asnAutonomous System Name (ASN)Integer
      geoip.as_orgAS OrganizationString
      geoip.city_nameCity of IP geolocationString
      geoip.continent_codeContinent of IP geolocationString
      geoip.country_code2Country code of IP geolocationString
      geoip.country_code3Country code of IP geolocationString
      geoip.country_nameCountry name of IP geolocationString
      geoip.dma_codeDesignated marketing areaString
      geoip.latitudeLatitude value of IP geolocationllFloat
      geoip.location.latLatitude value of IP geolocationFloat
      geoip.location.lonLongtitude value of IP geolocationFloat
      geoip.longitudeLongtitude value of IP geolocationFloat
      geoip.postal_codePostal code of IP geolocationString
      geoip.region_codeRegion code of IP geolocationString
      geoip.region_nameRegion name of IP geolocationString
      geoip.timezoneTimezone of IP geolocationString
      header.cache-controlInstructions that control caching in browsers and shared caches (e.g. Proxies, CDNs)String
      header.connectionWhether the network connection stays open after the current transaction finishesString
      header.content-lengthSize of the message body, in bytes, sent to the recipient.Number
      header.content-typeOriginal media type of the resource (prior to any content encoding applied for sending).String
      header.etagThe ETag (or entity tag) HTTP response headerString
      header.refreshString
      header.serverSoftware used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirectString
      header.x-powered-byValue returned from server stating whatv it's powered byString
      hhvA hash value based on the header keysString
      hostnameHostname of domain that original domain that was scanned redirects toString
      html_body_murmur3A Murmur3 hash of the HTML bodyNumber
      html_body_lengthNumber of bytes in the HTML bodyInteger
      html_body_sha256A SHA256 hash of the HTML bodyString
      html_body_similarityPercentage difference in the HTML body for this scan versus the previous scan - based on the SSDeep hashNumber
      html_body_ssdeepSSDeep hash of the HTML bodyString
      htmltitleHTML TitleString
      ipIP hosting URL that origin URL that was scanned redirects toString
      jarmJARM Hash fingerprinting the TLS configurations of the hostString
      opendirectoryIs this an open directoryBoolean
      origin_domainDomain that was scannedString
      origin_hostnameHostname of domain that was scannedString
      origin_ipIP hosting URL that was originally scannedString
      origin_pathURL path that was originally scannedString
      origin_portURL port that was originally scannedString
      origin_schemeScheme of URL that was originally scannedString
      origin_urlURL that was originally scannedURL
      pathPath of URL that originally scanned URL redirects toString
      portPort of URL that originally scanned URL redirects toNumber
      redirectDoes the URL scanned result in a redirectBoolean
      redirect_countNumber of URLs involved in a redirectInteger
      redirect_listList of URLs that sit between the origin and destination URLsString
      redirect_to_httpsDoes the URL scanned result in a redirect to httpsBoolean
      responseScan Request Response CodeNumber
      scan_dateThe date that data was scannedDatestring
      schemeScheme of URL that originally scanned URL redirects toString
      ssl.authority_key_idThe authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate.String
      ssl.chvA fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS countString
      ssl.expiredHas SSL certificate expiredBoolean
      ssl.issuer.common_nameSSL Certificate Issuer Common NameString
      ssl.issuer.countrySSL Certificate Issuer CountryString
      ssl.issuer.organizationSSL Certificate Issuer OrganizationList of strings
      ssl.not_afterSSL Certificate Validity End DateDatetime
      ssl.not_beforeSSL Certificate Validity Start DateDatetime
      ssl.sansSSL Certificate Sans ListList of domains
      ssl.sans_countSSL Certificate Sans List CountNumber
      ssl.serial_numberSSL Certificate Serial NumberString
      ssl.SHA1S1SL Certificate SHA1 HashString
      ssl.SHA256SSL Certificate SHA256 HashString
      ssl.sigalgSSL Certificate Signature AlgorithmString
      ssl.subject.common_nameSSL Certificate Subject Common NameString
      ssl.subject.countrySSL Certificate Subject CountryString
      ssl.subject.namesSSL Certificate Subject NamesList of domains
      ssl.subject.organizationSSL Certificate Subject OrganizationString
      ssl.wildcardIs this a wildcard SAN certificate, i.e. Sans List references wildcardsBoolean
      subdomainThe subdomain value, if it exists, of the final domain that scanned original domain redirects toString
      tldThe top level domain of the final domain that scanned original domain redirects toString
      urlThe final URL that the origin URL that was scanned redirects toString

      torscan field names

      Here's a list of field names you can search across using the torscan data source.

      Field nameDescriptionType
      body_analysis.adsenseString
      body_analysis.adserverString
      body_analysis.analyticsString
      body_analysis.body_sha256SHA256 hash of the <body>String
      body_analysis.footer_sha256SHA256 hash of the <footer>String
      body_analysis.google-adstagString
      body_analysis.google-GA4GA4 tagString
      body_analysis.google-UAUA tagString
      body_analysis.header_sha256SHA256 hash of the <header>String
      body_analysis.js_sha256List of referenced js files in the HTML content, in the form of "url sha256"String
      body_analysis.js_ssdeepList of referenced js files in the HTML content, in the form of "url ssdeep"String
      body_analysis.languageList of languages found in the HTML content, comma separated, from most used to least usedString
      body_analysis.onionList of onion addresses that are in the HTML responseString
      body_analysis.SHVScript Hash Value, based on js scripts used by a website.String
      datahashA unique hash of the overall scan resultString
      domainThe final domain that scan redirects toString
      favicon_avgVisual similarity image hash of the website's favicon fileString
      favicon2_avgVisual similarity image hash of the website's favicon2 fileString
      favicon_md5Favicon MD5 HashString
      favicon_murmur3Favicon Murmur3 HashString
      favicon_pathFavicon PathString
      favicon2_md5Favicon2 MD5 HashString
      favicon2_murmur3Favicon2 Murmur3 HashString
      favicon2_pathFavicon2 PathString
      favicon_urlsList of the URLs of the faviconsString
      fileDoes URL scanned point to a fileBoolean
      file_sha256Hash of file pointed toString
      header.cache-controlInstructions that control caching in browsers and shared caches (e.g. Proxies, CDNs)String
      header.connectionWhether the network connection stays open after the current transaction finishesString
      header.content-lengthSize of the message body, in bytes, sent to the recipient.Number
      header.content-typeOriginal media type of the resource (prior to any content encoding applied for sending).String
      header.etagThe ETag (or entity tag) HTTP response headerString
      header.refreshString
      header.serverSoftware used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirectString
      header.x-powered-byValue returned from server stating whatv it's powered byString
      hhvA hash value based on the header keysString
      hostnameHostname of domain that original domain that was scanned redirects toString
      html_body_murmur3A Murmur3 hash of the HTML bodyNumber
      html_body_sha256A SHA256 hash of the HTML bodyString
      html_body_ssdeepSSDeep hash of the HTML bodyString
      htmltitleHTML TitleString
      opendirectoryIs this an open directoryBoolean
      origin_hostnameHostname of domain that was scannedString
      origin_ipIP hosting URL that was originally scannedString
      origin_pathURL path that was originally scannedString
      origin_portURL port that was originally scannedString
      origin_schemeScheme of URL that was originally scannedString
      origin_urlURL that was originally scannedURL
      pathPath of URL that originally scanned URL redirects toString
      portPort of URL that originally scanned URL redirects toNumber
      redirectDoes the URL scanned result in a redirectBoolean
      redirect_countNumber of URLs involved in a redirectInteger
      redirect_listList of URLs that sit between the origin and destination URLsString
      redirect_to_httpsDoes the URL scanned result in a redirect to httpsBoolean
      responseScan Request Response CodeNumber
      scan_dateThe date that data was scannedDatestring
      schemeScheme of URL that originally scanned URL redirects toString
      ssl.authority_key_idThe authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate.String
      ssl.chvA fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS countString
      ssl.expiredHas SSL certificate expiredBoolean
      ssl.issuer.common_nameSSL Certificate Issuer Common NameString
      ssl.issuer.countrySSL Certificate Issuer CountryString
      ssl.issuer.organizationSSL Certificate Issuer OrganizationList of strings
      ssl.not_afterSSL Certificate Validity End DateDatetime
      ssl.not_beforeSSL Certificate Validity Start DateDatetime
      ssl.sansSSL Certificate Sans ListList of domains
      ssl.sans_countSSL Certificate Sans List CountNumber
      ssl.serial_numberSSL Certificate Serial NumberString
      ssl.SHA1SSL Certificate SHA1 HashString
      ssl.SHA256SSL Certificate SHA256 HashString
      ssl.sigalgSSL Certificate Signature AlgorithmString
      ssl.subject.common_nameSSL Certificate Subject Common NameString
      ssl.subject.countrySSL Certificate Subject CountryString
      ssl.subject.namesSSL Certificate Subject NamesList of domains
      ssl.subject.organizationSSL Certificate Subject OrganizationString
      ssl.wildcardIs this a wildcard SAN certificate, i.e. Sans List references wildcardsBoolean
      subdomainThe subdomain value, if it exists, of the final domain that scanned original domain redirects toString
      tldThe top level domain of the final domain that scanned original domain redirects toString
      urlThe final URL that the origin URL that was scanned redirects toString

      services field names

      Here's a list of field names you can search across using the services data source.

      Field nameDescriptionType
      bannerService banner on a specific portString
      datahashA unique hash of the overall scan resultString
      fingerprints.ECDSAFingerprint of the ECDSA public keyString
      fingerprints.ED25519Fingerprint of the ED25519 public keyString
      fingerprints.RSAFingerprint of the RSA public keyString
      geoip.asnAutonomous System Name (ASN)Integer
      geoip.as_orgAS OrganizationString
      ipIP hosting URL that origin URL that was scanned redirects toString
      portPort of URL that originally scanned URL redirects toNumber
      scan_dateThe date that data was scannedDatestring
      ssl.authority_key_idThe authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate.String
      ssl.chvA fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS countString
      ssl.expiredHas SSL certificate expiredBoolean
      ssl.issuer.common_nameSSL Certificate Issuer Common NameString
      ssl.issuer.countrySSL Certificate Issuer CountryString
      ssl.issuer.organizationSSL Certificate Issuer OrganizationList of strings
      ssl.not_afterSSL Certificate Validity End DateDatetime
      ssl.not_beforeSSL Certificate Validity Start DateDatetime
      ssl.sansSSL Certificate Sans ListList of domains
      ssl.sans_countSSL Certificate Sans List CountNumber
      ssl.serial_numberSSL Certificate Serial NumberString
      ssl.SHA1SSL Certificate SHA1 HashString
      ssl.SHA256SSL Certificate SHA256 HashString
      ssl.sigalgSSL Certificate Signature AlgorithmString
      ssl.subject.common_nameSSL Certificate Subject Common NameString
      ssl.subject.countrySSL Certificate Subject CountryString
      ssl.subject.namesSSL Certificate Subject NamesList of domains
      ssl.subject.organizationSSL Certificate Subject OrganizationString
      ssl.wildcardIs this a wildcard SAN certificate, i.e. Sans List references wildcardsBoolean

      opendirectory field names

      Here's a list of field names you can search across using the opendirectory data source.

      Field nameDescriptionType
      dirIs a directoryBoolean
      geoip.asnAutonomous System Name (ASN)Integer
      geoip.as_orgAS OrganizationString
      hostnameHostname of domain that original domain that was scanned redirects toString
      ipIP hosting URL that origin URL that was scanned redirects toString
      last_modifiedLast modified date of a file in an open directoryDatestring
      nameFilename or directory name of a file in an open directoryString
      portPort of URL that originally scanned URL redirects toNumber
      scan_dateThe date that data was scannedDatestring
      schemeScheme of URL that originally scanned URL redirects toString
      sizeThe filesize in bytesInteger

      webscanhistory field names

      Here's a list of field names you can search across using the webscanhistory data source.

      Field nameDescriptionType
      datahashA unique hash of the overall scan resultString
      domainThe final domain that the origin domain that was scanned redirects toString
      hostnameHostname of domain that original domain that was scanned redirects toString
      ipIP hosting URL that origin URL that was scanned redirects toString
      origin_urlURL that was originally scannedURL
      scan_dateThe date that data was scannedDatestring
      schemeScheme of URL that originally scanned URL redirects toString

      webscanfailure field names

      Here's a list of field names you can search across using the webscanfailure data source.

      Field nameDescriptionType
      domainThe final domain that the origin domain that was scanned redirects toString
      ipIP hosting URL that origin URL that was scanned redirects toString
      portPort of URL that originally scanned URL redirects toNumber
      reasonThe reason a scanning failure occurredString
      scan_dateThe date that data was scannedDatestring
      schemeScheme of URL that originally scanned URL redirects toString
      urlThe final URL that the origin URL that was scanned redirects toString

      Field name index

      Field nameDescriptionTypeData source
      adtech.ads_txtHas /ads.txtBooleanwebscan
      adtech.ads_txt_sha256sha256 of /ads.txtStringwebscan
      adtech.app_ads_txtHas /app-ads.txtBooleanwebscan
      adtech.app-ads_txt_sha256sha256 of /app-ads.txtStringwebscan
      adtech.sellers_jsonHas /sellers.jsonBooleanwebscan
      adtech.sellers_json_sha256sha256 of /sellers.jsonStringwebscan
      bannerService banner on a specific portStringservices
      body_analysis.adsenseStringwebscan, torscan
      body_analysis.adserverStringwebscan, torscan
      body_analysis.analyticsStringwebscan, torscan
      body_analysis.body_sha256SHA256 hash of the <body>Stringwebscan, torscan
      body_analysis.footer_sha256SHA256 hash of the <footer>Stringwebscan, torscan
      body_analysis.google-adstagStringwebscan, torscan
      body_analysis.google-GA4GA4 tagStringwebscan, torscan
      body_analysis.google-UAUA tagStringwebscan, torscan
      body_analysis.header_sha256SHA256 hash of the <header>Stringwebscan, torscan
      body_analysis.ICP_licenseChinese ICP LIcenseStringwebscan
      body_analysis.js_sha256List of referenced js files in the HTML content, in the form of "url sha256"Stringwebscan, torscan
      body_analysis.js_ssdeepList of referenced js files in the HTML content, in the form of "url ssdeep"Stringwebscan, torscan
      body_analysis.languageList of languages found in the HTML content, comma separated, from most used to least usedStringwebscan, torscan
      body_analysis.onionList of onion addresses that are in the HTML responseStringwebscan, torscan
      body_analysis.SHVScript Hash Value, based on js scripts used by a website.Stringwebscan, torscan
      datahashA unique hash of the overall scan resultStringwebscan, torscan, services, webscanhistory
      datasourceThe index of the dataStringN/A
      dirIs a directoryBooleanopendirectory
      domainThe final domain that the origin domain that was scanned redirects toStringwebscan, torscan, webscanhistory, webscanfailure
      favicon_avgVisual similarity image hash of the website's favicon fileStringwebscan, torscan
      favicon2_avgVisual similarity image hash of the website's favicon2 fileStringwebscan, torscan
      favicon_md5Favicon MD5 HashStringwebscan, torscan
      favicon_murmur3Favicon Murmur3 HashStringwebscan, torscan
      favicon_pathFavicon PathStringwebscan, torscan
      favicon2_md5Favicon2 MD5 HashStringwebscan, torscan
      favicon2_murmur3Favicon2 Murmur3 HashStringwebscan, torscan
      favicon2_pathFavicon2 PathStringwebscan, torscan
      favicon_urlsList of the URLs of the faviconsStringwebscan, torscan
      fileDoes URL scanned point to a fileBooleanwebscan, torscan
      file_sha256Hash of file pointed toStringwebscan, torscan
      fingerprints.ECDSAFingerprint of the ECDSA public keyStringservices
      fingerprints.ED25519Fingerprint of the ED25519 public keyStringservices
      fingerprints.RSAFingerprint of the RSA public keyStringservices
      geoip.asnAutonomous System Name (ASN)Integerwebscan, services, opendir
      geoip.as_orgAS OrganizationStringwebscan, services, opendirectory
      geoip.city_nameCity of IP geolocationStringwebscan
      geoip.continent_codeContinent of IP geolocationStringwebscan
      geoip.country_code2Country code of IP geolocationStringwebscan
      geoip.country_code3Country code of IP geolocationStringwebscan
      geoip.country_nameCountry name of IP geolocationStringwebscan
      geoip.dma_codeDesignated marketing areaStringwebscan
      geoip.latitudeLatitude value of IP geolocationllFloatwebscan
      geoip.location.latLatitude value of IP geolocationFloatwebscan
      geoip.location.lonLongtitude value of IP geolocationFloatwebscan
      geoip.longitudeLongtitude value of IP geolocationFloatwebscan
      geoip.postal_codePostal code of IP geolocationStringwebscan
      geoip.region_codeRegion code of IP geolocationStringwebscan
      geoip.region_nameRegion name of IP geolocationStringwebscan
      geoip.timezoneTimezone of IP geolocationStringwebscan
      header.cache-controlInstructions that control caching in browsers and shared caches (e.g. Proxies, CDNs)Stringwebscan, torscan
      header.connectionWhether the network connection stays open after the current transaction finishesStringwebscan, torscan
      header.content-lengthSize of the message body, in bytes, sent to the recipient.Numberwebscan, torscan
      header.content-typeOriginal media type of the resource (prior to any content encoding applied for sending).Stringwebscan, torscan
      header.etagThe ETag (or entity tag) HTTP response headerStringwebscan, torscan
      header.refreshStringwebscan, torscan
      header.serverSoftware used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirectStringwebscan, torscan
      header.x-powered-byValue returned from server stating whatv it's powered byStringwebscan, torscan
      hhvA hash value based on the header keysStringwebscan, torscan
      hostnameHostname of domain that original domain that was scanned redirects toStringwebscan, torscan, webscanhistory
      html_body_lengthNumber of bytes in the HTML bodyIntegerwebscan
      html_body_murmur3A Murmur3 hash of the HTML bodyNumberwebscan, torscan
      html_body_sha256A SHA256 hash of the HTML bodyStringwebscan, torscan
      html_body_similarityPercentage difference in the HTML body for this scan versus the previous scan - based on the SSDeep hashNumberwebscan
      html_body_ssdeepSSDeep hash of the HTML bodyStringwebscan, torscan
      htmltitleHTML TitleStringwebscan, torscan
      ipIP hosting URL that origin URL that was scanned redirects toStringwebscan, services, opendirectory, webscanhistory, webscanfailure
      jarmJARM Hash fingerprinting the TLS configurations of the hostStringwebscan
      last_modifiedLast modified date of a file in an open directoryDatestringopendirectory
      nameFilename or directory name of a file in an open directoryStringopendirectory
      opendirectoryIs this an open directoryBooleanwebscan, torscan
      origin_domainDomain that was scannedStringwebscan
      origin_hostnameHostname of domain that was scannedStringwebscan, torscan
      origin_ipIP hosting URL that was originally scannedStringwebscan, torscan
      origin_pathURL path that was originally scannedStringwebscan, torscan
      origin_portURL port that was originally scannedStringwebscan
      origin_schemeScheme of URL that was originally scannedStringwebscan
      origin_urlURL that was originally scannedURLwebscan, torscan, webscanhistory
      pathPath of URL that originally scanned URL redirects toStringwebscan, torscan
      portPort of URL that originally scanned URL redirects toNumberwebscan, torscan, services, opendirectory, webscanfailure
      reasonThe reason a scanning failure occurredStringwebscanfailure
      redirectDoes the URL scanned result in a redirectBooleanwebscan, torscan
      redirect_countNumber of URLs involved in a redirectIntegerwebscan, torscan
      redirect_listList of URLs that sit between the origin and destination URLsStringwebscan, torscan
      redirect_to_httpsDoes the URL scanned result in a redirect to httpsBooleanwebscan, torscan
      responseScan Request Response CodeNumberwebscan, torscan
      scan_dateThe date that data was scannedDatestringwebscan, torscan, services, opendirectory, webscanhistory, webscanfailure
      schemeScheme of URL that originally scanned URL redirects toStringwebscan, torscan, opendirectory, webscanhistory, webscanfailure
      sizeThe filesize in bytesIntegeropendirectory
      ssl.authority_key_idThe authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate.Stringwebscan, torscan, services
      ssl.chvA fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS countStringwebscan, torscan, services
      ssl.expiredHas SSL certificate expiredBooleanwebscan, torscan, services
      ssl.issuer.common_nameSSL Certificate Issuer Common NameStringwebscan, torscan, services
      ssl.issuer.countrySSL Certificate Issuer CountryStringwebscan, torscan, services
      ssl.issuer.organizationSSL Certificate Issuer OrganizationList of stringswebscan, torscan, services
      ssl.not_afterSSL Certificate Validity End DateDatetimewebscan, torscan, services
      ssl.not_beforeSSL Certificate Validity Start DateDatetimewebscan, torscan, services
      ssl.sansSSL Certificate Sans ListList of domainswebscan, torscan, services
      ssl.sans_countSSL Certificate Sans List CountNumberwebscan, torscan, services
      ssl.serial_numberSSL Certificate Serial NumberStringwebscan, torscan, services
      ssl.SHA1SSL Certificate SHA1 HashStringwebscan, torscan, services
      ssl.SHA256SSL Certificate SHA256 HashStringwebscan, torscan, services
      ssl.sigalgSSL Certificate Signature AlgorithmStringwebscan, torscan, services
      ssl.subject.common_nameSSL Certificate Subject Common NameStringwebscan, torscan, services
      ssl.subject.countrySSL Certificate Subject CountryStringwebscan, torscan, services
      ssl.subject.namesSSL Certificate Subject NamesList of domainswebscan, torscan, services
      ssl.subject.organizationSSL Certificate Subject OrganizationStringwebscan, torscan, services
      ssl.wildcardIs this a wildcard SAN certificate, i.e. Sans List references wildcardsBooleanwebscan, torscan, services
      subdomainThe subdomain value, if it exists, of the final domain that scanned original domain redirects toStringwebscan, torscan
      timestampA date stringString
      tldThe top level domain of the final domain that scanned original domain redirects toStringwebscan, torscan
      urlThe final URL that the origin URL that was scanned redirects toStringwebscan, torscan
      Was this article helpful?
      What's Next