Supported field names

This article provides a comprehensive reference for field names and data sources used in Web Scanner queries. Field names are searchable data categories in SPQL (Search and Query Language), enabling precise searches across Web Scanner’s data repositories. Understanding these fields and their associated data sources is essential for constructing effective queries and interpreting scan results.

Overview of Data Sources

Web Scanner organizes scanned data into six data sources each representing a specific type of web data. The table below summarizes each data source and its primary use case:

Data Source	Description
Webscan	Web data from public IPv4 and IPv6 ranges, including HTML, favicons, and SSL data.
torscan	Data from .onion sites on the Tor network, similar to `webscan` but Tor-specific.
services	Non-HTTP services (e.g., SSH, DNS), including TLS/SSL certificate data.
opendirectory	Data from open directories, including file and directory metadata.
webscanhistory	Log of successful scanning attempts, tracking domains and IPs scanned.
webscanfailure	Log of failed scanning attempts, including reasons for failure.

Important!

The "Datestring" data type is taken as YYYY-MM-DD

Use Field Names in Queries

Field names are used in SPQL queries to target specific data within a data source. For example:

Query: domain = crypto* AND datasource = torscan
- Searches the torscan data source for .onion domains starting with “crypto”.
Query: ssl.expired = true AND datasource = services
- Returns all expired SSL certificates in the services data source.

To search across multiple data sources, use square brackets with a comma-separated list:

Query: domain = payments* AND datasource = [webscan, torscan]
- Searches for domains starting with “payments” in both webscan and torscan.

For guidance on constructing queries, see Manage and Run Queries in Web Scanner.

'webscan' field names

Here's a list of field names you can search across using the webscan data source.

Field name	Description	Type
`adtech.ads_txt`	Has /ads.txt	Boolean
`adtech.ads_txt_sha256`	sha256 of /ads.txt	String
`adtech.app_ads_txt`	Has /app-ads.txt	Boolean
`adtech.app-ads_txt_sha256`	sha256 of /app-ads.txt	String
`adtech.sellers_json`	Has /sellers.json	Boolean
`adtech.sellers_json_sha256`	sha256 of /sellers.json	String
`body_analysis.adsense`		String
`body_analysis.adserver`		String
`body_analysis.analytics`		String
`body_analysis.body_sha256`	SHA256 hash of the `<body>`	String
`body_analysis.footer_sha256`	SHA256 hash of the `<footer>`	String
`body_analysis.google-adstag`		String
`body_analysis.google-GA4`	GA4 tag	String
`body_analysis.google-UA`	UA tag	String
`body_analysis.header_sha256`	SHA256 hash of the `<header>`	String
`body_analysis.ICP_license`	Chinese ICP LIcense	String
`body_analysis.js_sha256`	List of referenced js files in the HTML content, in the form of "url sha256"	String
`body_analysis.js_ssdeep`	List of referenced js files in the HTML content, in the form of "url ssdeep"	String
`body_analysis.language`	List of languages found in the HTML content, comma separated, from most used to least used	String
`body_analysis.onion`	List of onion addresses that are in the HTML response	String
`body_analysis.SHV`	Script Hash Value, based on js scripts used by a website.	String
`datahash`	A unique hash of the overall scan result	String
`domain`	The final domain that the origin domain that was scanned redirects to	String
`favicon_avg`	Visual similarity image hash of the website's favicon file	String
`favicon2_avg`	Visual similarity image hash of the website's favicon2 file	String
`favicon_md5`	Favicon MD5 Hash	String
`favicon_murmur3`	Favicon Murmur3 Hash	String
`favicon_path`	Favicon Path	String
`favicon2_md5`	Favicon2 MD5 Hash	String
`favicon2_murmur3`	Favicon2 Murmur3 Hash	String
`favicon2_path`	Favicon2 Path	String
`favicon_urls`	List of the URLs of the favicons	String
`file`	Does URL scanned point to a file	Boolean
`file_sha256`	Hash of file pointed to	String
`geoip.asn`	Autonomous System Name (ASN)	Integer
`geoip.as_org`	AS Organization	String
`geoip.city_name`	City of IP geolocation	String
`geoip.continent_code`	Continent of IP geolocation	String
`geoip.country_code2`	Country code of IP geolocation	String
`geoip.country_code3`	Country code of IP geolocation	String
`geoip.country_name`	Country name of IP geolocation	String
`geoip.dma_code`	Designated marketing area	String
`geoip.latitude`	Latitude value of IP geolocationll	Float
`geoip.location.lat`	Latitude value of IP geolocation	Float
`geoip.location.lon`	Longtitude value of IP geolocation	Float
`geoip.longitude`	Longtitude value of IP geolocation	Float
`geoip.postal_code`	Postal code of IP geolocation	String
`geoip.region_code`	Region code of IP geolocation	String
`geoip.region_name`	Region name of IP geolocation	String
`geoip.timezone`	Timezone of IP geolocation	String
`header.cache-control`	Instructions that control caching in browsers and shared caches (e.g. Proxies, CDNs)	String
`header.connection`	Whether the network connection stays open after the current transaction finishes	String
`header.content-length`	Size of the message body, in bytes, sent to the recipient.	Number
`header.content-type`	Original media type of the resource (prior to any content encoding applied for sending).	String
`header.etag`	The ETag (or entity tag) HTTP response header	String
`header.refresh`		String
`header.server`	Software used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirect	String
`header.x-powered-by`	Value returned from server stating whatv it's powered by	String
`hhv`	A hash value based on the header keys	String
`hostname`	Hostname of domain that original domain that was scanned redirects to	String
`html_body_murmur3`	A Murmur3 hash of the HTML body	Number
`html_body_length`	Number of bytes in the HTML body	Integer
`html_body_sha256`	A SHA256 hash of the HTML body	String
`html_body_similarity`	Percentage difference in the HTML body for this scan versus the previous scan - based on the SSDeep hash	Number
`html_body_ssdeep`	SSDeep hash of the HTML body	String
`htmltitle`	HTML Title	String
`ip`	IP hosting URL that origin URL that was scanned redirects to	String
`jarm`	JARM Hash fingerprinting the TLS configurations of the host	String
`opendirectory`	Is this an open directory	Boolean
`origin_domain`	Domain that was scanned	String
`origin_hostname`	Hostname of domain that was scanned	String
`origin_ip`	IP hosting URL that was originally scanned	String
`origin_path`	URL path that was originally scanned	String
`origin_port`	URL port that was originally scanned	String
`origin_scheme`	Scheme of URL that was originally scanned	String
`origin_url`	URL that was originally scanned	URL
`path`	Path of URL that originally scanned URL redirects to	String
`port`	Port of URL that originally scanned URL redirects to	Number
`redirect`	Does the URL scanned result in a redirect	Boolean
`redirect_count`	Number of URLs involved in a redirect	Integer
`redirect_list`	List of URLs that sit between the origin and destination URLs	String
`redirect_to_https`	Does the URL scanned result in a redirect to https	Boolean
`response`	Scan Request Response Code	Number
`scan_date`	The date that data was scanned	Datestring
`scheme`	Scheme of URL that originally scanned URL redirects to	String
`ssl.authority_key_id`	The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate.	String
`ssl.chv`	A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count	String
`ssl.expired`	Has SSL certificate expired	Boolean
`ssl.issuer.common_name`	SSL Certificate Issuer Common Name	String
`ssl.issuer.country`	SSL Certificate Issuer Country	String
`ssl.issuer.organization`	SSL Certificate Issuer Organization	List of strings
`ssl.not_after`	SSL Certificate Validity End Date	Datetime
`ssl.not_before`	SSL Certificate Validity Start Date	Datetime
`ssl.sans`	SSL Certificate Sans List	List of domains
`ssl.sans_count`	SSL Certificate Sans List Count	Number
`ssl.serial_number`	SSL Certificate Serial Number	String
`ssl.SHA1`	S1SL Certificate SHA1 Hash	String
`ssl.SHA256`	SSL Certificate SHA256 Hash	String
`ssl.sigalg`	SSL Certificate Signature Algorithm	String
`ssl.subject.common_name`	SSL Certificate Subject Common Name	String
`ssl.subject.country`	SSL Certificate Subject Country	String
`ssl.subject.names`	SSL Certificate Subject Names	List of domains
`ssl.subject.organization`	SSL Certificate Subject Organization	String
`ssl.wildcard`	Is this a wildcard SAN certificate, i.e. Sans List references wildcards	Boolean
`subdomain`	The subdomain value, if it exists, of the final domain that scanned original domain redirects to	String
`tld`	The top level domain of the final domain that scanned original domain redirects to	String
`url`	The final URL that the origin URL that was scanned redirects to	String

'torscan' field names

Here's a list of field names you can search across using the torscan data source.

Field name	Description	Type
`body_analysis.adsense`		String
`body_analysis.adserver`		String
`body_analysis.analytics`		String
`body_analysis.body_sha256`	SHA256 hash of the `<body>`	String
`body_analysis.footer_sha256`	SHA256 hash of the `<footer>`	String
`body_analysis.google-adstag`		String
`body_analysis.google-GA4`	GA4 tag	String
`body_analysis.google-UA`	UA tag	String
`body_analysis.header_sha256`	SHA256 hash of the `<header>`	String
`body_analysis.js_sha256`	List of referenced js files in the HTML content, in the form of "url sha256"	String
`body_analysis.js_ssdeep`	List of referenced js files in the HTML content, in the form of "url ssdeep"	String
`body_analysis.language`	List of languages found in the HTML content, comma separated, from most used to least used	String
`body_analysis.onion`	List of onion addresses that are in the HTML response	String
`body_analysis.SHV`	Script Hash Value, based on js scripts used by a website.	String
`datahash`	A unique hash of the overall scan result	String
`domain`	The final domain that scan redirects to	String
`favicon_avg`	Visual similarity image hash of the website's favicon file	String
`favicon2_avg`	Visual similarity image hash of the website's favicon2 file	String
`favicon_md5`	Favicon MD5 Hash	String
`favicon_murmur3`	Favicon Murmur3 Hash	String
`favicon_path`	Favicon Path	String
`favicon2_md5`	Favicon2 MD5 Hash	String
`favicon2_murmur3`	Favicon2 Murmur3 Hash	String
`favicon2_path`	Favicon2 Path	String
`favicon_urls`	List of the URLs of the favicons	String
`file`	Does URL scanned point to a file	Boolean
`file_sha256`	Hash of file pointed to	String
`header.cache-control`	Instructions that control caching in browsers and shared caches (e.g. Proxies, CDNs)	String
`header.connection`	Whether the network connection stays open after the current transaction finishes	String
`header.content-length`	Size of the message body, in bytes, sent to the recipient.	Number
`header.content-type`	Original media type of the resource (prior to any content encoding applied for sending).	String
`header.etag`	The ETag (or entity tag) HTTP response header	String
`header.refresh`		String
`header.server`	Software used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirect	String
`header.x-powered-by`	Value returned from server stating whatv it's powered by	String
`hhv`	A hash value based on the header keys	String
`hostname`	Hostname of domain that original domain that was scanned redirects to	String
`html_body_murmur3`	A Murmur3 hash of the HTML body	Number
`html_body_sha256`	A SHA256 hash of the HTML body	String
`html_body_ssdeep`	SSDeep hash of the HTML body	String
`htmltitle`	HTML Title	String
`opendirectory`	Is this an open directory	Boolean
`origin_hostname`	Hostname of domain that was scanned	String
`origin_ip`	IP hosting URL that was originally scanned	String
`origin_path`	URL path that was originally scanned	String
`origin_port`	URL port that was originally scanned	String
`origin_scheme`	Scheme of URL that was originally scanned	String
`origin_url`	URL that was originally scanned	URL
`path`	Path of URL that originally scanned URL redirects to	String
`port`	Port of URL that originally scanned URL redirects to	Number
`redirect`	Does the URL scanned result in a redirect	Boolean
`redirect_count`	Number of URLs involved in a redirect	Integer
`redirect_list`	List of URLs that sit between the origin and destination URLs	String
`redirect_to_https`	Does the URL scanned result in a redirect to https	Boolean
`response`	Scan Request Response Code	Number
`scan_date`	The date that data was scanned	Datestring
`scheme`	Scheme of URL that originally scanned URL redirects to	String
`ssl.authority_key_id`	The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate.	String
`ssl.chv`	A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count	String
`ssl.expired`	Has SSL certificate expired	Boolean
`ssl.issuer.common_name`	SSL Certificate Issuer Common Name	String
`ssl.issuer.country`	SSL Certificate Issuer Country	String
`ssl.issuer.organization`	SSL Certificate Issuer Organization	List of strings
`ssl.not_after`	SSL Certificate Validity End Date	Datetime
`ssl.not_before`	SSL Certificate Validity Start Date	Datetime
`ssl.sans`	SSL Certificate Sans List	List of domains
`ssl.sans_count`	SSL Certificate Sans List Count	Number
`ssl.serial_number`	SSL Certificate Serial Number	String
`ssl.SHA1`	SSL Certificate SHA1 Hash	String
`ssl.SHA256`	SSL Certificate SHA256 Hash	String
`ssl.sigalg`	SSL Certificate Signature Algorithm	String
`ssl.subject.common_name`	SSL Certificate Subject Common Name	String
`ssl.subject.country`	SSL Certificate Subject Country	String
`ssl.subject.names`	SSL Certificate Subject Names	List of domains
`ssl.subject.organization`	SSL Certificate Subject Organization	String
`ssl.wildcard`	Is this a wildcard SAN certificate, i.e. Sans List references wildcards	Boolean
`subdomain`	The subdomain value, if it exists, of the final domain that scanned original domain redirects to	String
`tld`	The top level domain of the final domain that scanned original domain redirects to	String
`url`	The final URL that the origin URL that was scanned redirects to	String

'services' field names

Here's a list of field names you can search across using the services data source.

Field name	Description	Type
`banner`	Service banner on a specific port	String
`datahash`	A unique hash of the overall scan result	String
`fingerprints.ECDSA`	Fingerprint of the ECDSA public key	String
`fingerprints.ED25519`	Fingerprint of the ED25519 public key	String
`fingerprints.RSA`	Fingerprint of the RSA public key	String
`geoip.asn`	Autonomous System Name (ASN)	Integer
`geoip.as_org`	AS Organization	String
`ip`	IP hosting URL that origin URL that was scanned redirects to	String
`port`	Port of URL that originally scanned URL redirects to	Number
`scan_date`	The date that data was scanned	Datestring
`ssl.authority_key_id`	The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate.	String
`ssl.chv`	A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count	String
`ssl.expired`	Has SSL certificate expired	Boolean
`ssl.issuer.common_name`	SSL Certificate Issuer Common Name	String
`ssl.issuer.country`	SSL Certificate Issuer Country	String
`ssl.issuer.organization`	SSL Certificate Issuer Organization	List of strings
`ssl.not_after`	SSL Certificate Validity End Date	Datetime
`ssl.not_before`	SSL Certificate Validity Start Date	Datetime
`ssl.sans`	SSL Certificate Sans List	List of domains
`ssl.sans_count`	SSL Certificate Sans List Count	Number
`ssl.serial_number`	SSL Certificate Serial Number	String
`ssl.SHA1`	SSL Certificate SHA1 Hash	String
`ssl.SHA256`	SSL Certificate SHA256 Hash	String
`ssl.sigalg`	SSL Certificate Signature Algorithm	String
`ssl.subject.common_name`	SSL Certificate Subject Common Name	String
`ssl.subject.country`	SSL Certificate Subject Country	String
`ssl.subject.names`	SSL Certificate Subject Names	List of domains
`ssl.subject.organization`	SSL Certificate Subject Organization	String
`ssl.wildcard`	Is this a wildcard SAN certificate, i.e. Sans List references wildcards	Boolean

'opendirectory' field names

Here's a list of field names you can search across using the opendirectory data source.

Field name	Description	Type
`dir`	Is a directory	Boolean
`geoip.asn`	Autonomous System Name (ASN)	Integer
`geoip.as_org`	AS Organization	String
`hostname`	Hostname of domain that original domain that was scanned redirects to	String
`ip`	IP hosting URL that origin URL that was scanned redirects to	String
`last_modified`	Last modified date of a file in an open directory	Datestring
`name`	Filename or directory name of a file in an open directory	String
`port`	Port of URL that originally scanned URL redirects to	Number
`scan_date`	The date that data was scanned	Datestring
`scheme`	Scheme of URL that originally scanned URL redirects to	String
`size`	The filesize in bytes	Integer

'webscanhistory' field names

Here's a list of field names you can search across using the webscanhistory data source.

Field name	Description	Type
`datahash`	A unique hash of the overall scan result	String
`domain`	The final domain that the origin domain that was scanned redirects to	String
`hostname`	Hostname of domain that original domain that was scanned redirects to	String
`ip`	IP hosting URL that origin URL that was scanned redirects to	String
`origin_url`	URL that was originally scanned	URL
`scan_date`	The date that data was scanned	Datestring
`scheme`	Scheme of URL that originally scanned URL redirects to	String

'webscanfailure' field names

Here's a list of field names you can search across using the webscanfailure data source.

Field name	Description	Type
`domain`	The final domain that the origin domain that was scanned redirects to	String
`ip`	IP hosting URL that origin URL that was scanned redirects to	String
`port`	Port of URL that originally scanned URL redirects to	Number
`reason`	The reason a scanning failure occurred	String
`scan_date`	The date that data was scanned	Datestring
`scheme`	Scheme of URL that originally scanned URL redirects to	String
`url`	The final URL that the origin URL that was scanned redirects to	String

Field name index

Field name	Description	Type	Data source
`adtech.ads_txt`	Has /ads.txt	Boolean	`webscan`
`adtech.ads_txt_sha256`	sha256 of /ads.txt	String	`webscan`
`adtech.app_ads_txt`	Has /app-ads.txt	Boolean	`webscan`
`adtech.app-ads_txt_sha256`	sha256 of /app-ads.txt	String	`webscan`
`adtech.sellers_json`	Has /sellers.json	Boolean	`webscan`
`adtech.sellers_json_sha256`	sha256 of /sellers.json	String	`webscan`
`banner`	Service banner on a specific port	String	`services`
`body_analysis.adsense`		String	`webscan`, `torscan`
`body_analysis.adserver`		String	`webscan`, `torscan`
`body_analysis.analytics`		String	`webscan`, `torscan`
`body_analysis.body_sha256`	SHA256 hash of the `<body>`	String	`webscan`, `torscan`
`body_analysis.footer_sha256`	SHA256 hash of the `<footer>`	String	`webscan`, `torscan`
`body_analysis.google-adstag`		String	`webscan`, `torscan`
`body_analysis.google-GA4`	GA4 tag	String	`webscan`, `torscan`
`body_analysis.google-UA`	UA tag	String	`webscan`, `torscan`
`body_analysis.header_sha256`	SHA256 hash of the `<header>`	String	`webscan`, `torscan`
`body_analysis.ICP_license`	Chinese ICP LIcense	String	`webscan`
`body_analysis.js_sha256`	List of referenced js files in the HTML content, in the form of "url sha256"	String	`webscan`, `torscan`
`body_analysis.js_ssdeep`	List of referenced js files in the HTML content, in the form of "url ssdeep"	String	`webscan`, `torscan`
`body_analysis.language`	List of languages found in the HTML content, comma separated, from most used to least used	String	`webscan`, `torscan`
`body_analysis.onion`	List of onion addresses that are in the HTML response	String	`webscan`, `torscan`
`body_analysis.SHV`	Script Hash Value, based on js scripts used by a website.	String	`webscan`, `torscan`
`datahash`	A unique hash of the overall scan result	String	`webscan`, `torscan`, `services`, `webscanhistory`
`datasource`	The index of the data	String	N/A
`dir`	Is a directory	Boolean	`opendirectory`
`domain`	The final domain that the origin domain that was scanned redirects to	String	`webscan`, `torscan`, `webscanhistory`, `webscanfailure`
`favicon_avg`	Visual similarity image hash of the website's favicon file	String	`webscan`, `torscan`
`favicon2_avg`	Visual similarity image hash of the website's favicon2 file	String	`webscan`, `torscan`
`favicon_md5`	Favicon MD5 Hash	String	`webscan`, `torscan`
`favicon_murmur3`	Favicon Murmur3 Hash	String	`webscan`, `torscan`
`favicon_path`	Favicon Path	String	`webscan`, `torscan`
`favicon2_md5`	Favicon2 MD5 Hash	String	`webscan`, `torscan`
`favicon2_murmur3`	Favicon2 Murmur3 Hash	String	`webscan`, `torscan`
`favicon2_path`	Favicon2 Path	String	`webscan`, `torscan`
`favicon_urls`	List of the URLs of the favicons	String	`webscan`, `torscan`
`file`	Does URL scanned point to a file	Boolean	`webscan`, `torscan`
`file_sha256`	Hash of file pointed to	String	`webscan`, `torscan`
`fingerprints.ECDSA`	Fingerprint of the ECDSA public key	String	`services`
`fingerprints.ED25519`	Fingerprint of the ED25519 public key	String	`services`
`fingerprints.RSA`	Fingerprint of the RSA public key	String	`services`
`geoip.asn`	Autonomous System Name (ASN)	Integer	`webscan`, `services`, `opendir`
`geoip.as_org`	AS Organization	String	`webscan`, `services`, `opendirectory`
`geoip.city_name`	City of IP geolocation	String	`webscan`
`geoip.continent_code`	Continent of IP geolocation	String	`webscan`
`geoip.country_code2`	Country code of IP geolocation	String	`webscan`
`geoip.country_code3`	Country code of IP geolocation	String	`webscan`
`geoip.country_name`	Country name of IP geolocation	String	`webscan`
`geoip.dma_code`	Designated marketing area	String	`webscan`
`geoip.latitude`	Latitude value of IP geolocationll	Float	`webscan`
`geoip.location.lat`	Latitude value of IP geolocation	Float	`webscan`
`geoip.location.lon`	Longtitude value of IP geolocation	Float	`webscan`
`geoip.longitude`	Longtitude value of IP geolocation	Float	`webscan`
`geoip.postal_code`	Postal code of IP geolocation	String	`webscan`
`geoip.region_code`	Region code of IP geolocation	String	`webscan`
`geoip.region_name`	Region name of IP geolocation	String	`webscan`
`geoip.timezone`	Timezone of IP geolocation	String	`webscan`
`header.cache-control`	Instructions that control caching in browsers and shared caches (e.g. Proxies, CDNs)	String	`webscan`, `torscan`
`header.connection`	Whether the network connection stays open after the current transaction finishes	String	`webscan`, `torscan`
`header.content-length`	Size of the message body, in bytes, sent to the recipient.	Number	`webscan`, `torscan`
`header.content-type`	Original media type of the resource (prior to any content encoding applied for sending).	String	`webscan`, `torscan`
`header.etag`	The ETag (or entity tag) HTTP response header	String	`webscan`, `torscan`
`header.refresh`		String	`webscan`, `torscan`
`header.server`	Software used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirect	String	`webscan`, `torscan`
`header.x-powered-by`	Value returned from server stating whatv it's powered by	String	`webscan`, `torscan`
`hhv`	A hash value based on the header keys	String	`webscan`, `torscan`
`hostname`	Hostname of domain that original domain that was scanned redirects to	String	`webscan`, `torscan`, `webscanhistory`
`html_body_length`	Number of bytes in the HTML body	Integer	`webscan`
`html_body_murmur3`	A Murmur3 hash of the HTML body	Number	`webscan`, `torscan`
`html_body_sha256`	A SHA256 hash of the HTML body	String	`webscan`, `torscan`
`html_body_similarity`	Percentage difference in the HTML body for this scan versus the previous scan - based on the SSDeep hash	Number	`webscan`
`html_body_ssdeep`	SSDeep hash of the HTML body	String	`webscan`, `torscan`
`htmltitle`	HTML Title	String	`webscan`, `torscan`
`ip`	IP hosting URL that origin URL that was scanned redirects to	String	`webscan`, `services`, `opendirectory`, `webscanhistory`, `webscanfailure`
`jarm`	JARM Hash fingerprinting the TLS configurations of the host	String	`webscan`
`last_modified`	Last modified date of a file in an open directory	Datestring	`opendirectory`
`name`	Filename or directory name of a file in an open directory	String	`opendirectory`
`opendirectory`	Is this an open directory	Boolean	`webscan`, `torscan`
`origin_domain`	Domain that was scanned	String	`webscan`
`origin_hostname`	Hostname of domain that was scanned	String	`webscan`, `torscan`
`origin_ip`	IP hosting URL that was originally scanned	String	`webscan`, `torscan`
`origin_path`	URL path that was originally scanned	String	`webscan`, `torscan`
`origin_port`	URL port that was originally scanned	String	`webscan`
`origin_scheme`	Scheme of URL that was originally scanned	String	`webscan`
`origin_url`	URL that was originally scanned	URL	`webscan`, `torscan`, `webscanhistory`
`path`	Path of URL that originally scanned URL redirects to	String	`webscan`, `torscan`
`port`	Port of URL that originally scanned URL redirects to	Number	`webscan`, `torscan`, `services`, `opendirectory`, `webscanfailure`
`reason`	The reason a scanning failure occurred	String	`webscanfailure`
`redirect`	Does the URL scanned result in a redirect	Boolean	`webscan`, `torscan`
`redirect_count`	Number of URLs involved in a redirect	Integer	`webscan`, `torscan`
`redirect_list`	List of URLs that sit between the origin and destination URLs	String	`webscan`, `torscan`
`redirect_to_https`	Does the URL scanned result in a redirect to https	Boolean	`webscan`, `torscan`
`response`	Scan Request Response Code	Number	`webscan`, `torscan`
`scan_date`	The date that data was scanned	Datestring	`webscan`, `torscan`, `services`, `opendirectory`, `webscanhistory`, `webscanfailure`
`scheme`	Scheme of URL that originally scanned URL redirects to	String	`webscan`, `torscan`, `opendirectory`, `webscanhistory`, `webscanfailure`
`size`	The filesize in bytes	Integer	`opendirectory`
`ssl.authority_key_id`	The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate.	String	`webscan`, `torscan`, `services`
`ssl.chv`	A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count	String	`webscan`, `torscan`, `services`
`ssl.expired`	Has SSL certificate expired	Boolean	`webscan`, `torscan`, `services`
`ssl.issuer.common_name`	SSL Certificate Issuer Common Name	String	`webscan`, `torscan`, `services`
`ssl.issuer.country`	SSL Certificate Issuer Country	String	`webscan`, `torscan`, `services`
`ssl.issuer.organization`	SSL Certificate Issuer Organization	List of strings	`webscan`, `torscan`, `services`
`ssl.not_after`	SSL Certificate Validity End Date	Datetime	`webscan`, `torscan`, `services`
`ssl.not_before`	SSL Certificate Validity Start Date	Datetime	`webscan`, `torscan`, `services`
`ssl.sans`	SSL Certificate Sans List	List of domains	`webscan`, `torscan`, `services`
`ssl.sans_count`	SSL Certificate Sans List Count	Number	`webscan`, `torscan`, `services`
`ssl.serial_number`	SSL Certificate Serial Number	String	`webscan`, `torscan`, `services`
`ssl.SHA1`	SSL Certificate SHA1 Hash	String	`webscan`, `torscan`, `services`
`ssl.SHA256`	SSL Certificate SHA256 Hash	String	`webscan`, `torscan`, `services`
`ssl.sigalg`	SSL Certificate Signature Algorithm	String	`webscan`, `torscan`, `services`
`ssl.subject.common_name`	SSL Certificate Subject Common Name	String	`webscan`, `torscan`, `services`
`ssl.subject.country`	SSL Certificate Subject Country	String	`webscan`, `torscan`, `services`
`ssl.subject.names`	SSL Certificate Subject Names	List of domains	`webscan`, `torscan`, `services`
`ssl.subject.organization`	SSL Certificate Subject Organization	String	`webscan`, `torscan`, `services`
`ssl.wildcard`	Is this a wildcard SAN certificate, i.e. Sans List references wildcards	Boolean	`webscan`, `torscan`, `services`
`subdomain`	The subdomain value, if it exists, of the final domain that scanned original domain redirects to	String	`webscan`, `torscan`
`timestamp`	A date string	String
`tld`	The top level domain of the final domain that scanned original domain redirects to	String	`webscan`, `torscan`
`url`	The final URL that the origin URL that was scanned redirects to	String	`webscan`, `torscan`