Field names are searchable data categories used in SPQL, and Web Scanner searches.
Scanned data is grouped into separate repositories, known as a data sources.
There are 6 data sources available in SPQL, each with their own set of field names that you can use to search through the data contained within them:
webscantorscanservicesopendirectorywebscanhistorywebscanfailure
Read this article for more information on each data source, and some example queries.
Important!
The "Datestring" data type is taken as YYYY-MM-DD
'webscan' field names
Here's a list of field names you can search across using the webscan data source.
| Field name | Description | Type |
|---|---|---|
adtech.ads_txt |
Has /ads.txt | Boolean |
adtech.ads_txt_sha256 |
sha256 of /ads.txt | String |
adtech.app_ads_txt |
Has /app-ads.txt | Boolean |
adtech.app-ads_txt_sha256 |
sha256 of /app-ads.txt | String |
adtech.sellers_json |
Has /sellers.json | Boolean |
adtech.sellers_json_sha256 |
sha256 of /sellers.json | String |
body_analysis.adsense |
String | |
body_analysis.adserver |
String | |
body_analysis.analytics |
String | |
body_analysis.body_sha256 |
SHA256 hash of the <body> |
String |
body_analysis.footer_sha256 |
SHA256 hash of the <footer> |
String |
body_analysis.google-adstag |
String | |
body_analysis.google-GA4 |
GA4 tag | String |
body_analysis.google-UA |
UA tag | String |
body_analysis.header_sha256 |
SHA256 hash of the <header> |
String |
body_analysis.ICP_license |
Chinese ICP LIcense | String |
body_analysis.js_sha256 |
List of referenced js files in the HTML content, in the form of "url sha256" | String |
body_analysis.js_ssdeep |
List of referenced js files in the HTML content, in the form of "url ssdeep" | String |
body_analysis.language |
List of languages found in the HTML content, comma separated, from most used to least used | String |
body_analysis.onion |
List of onion addresses that are in the HTML response | String |
body_analysis.SHV |
Script Hash Value, based on js scripts used by a website. | String |
datahash |
A unique hash of the overall scan result | String |
domain |
The final domain that the origin domain that was scanned redirects to | String |
favicon_avg |
Visual similarity image hash of the website's favicon file | String |
favicon2_avg |
Visual similarity image hash of the website's favicon2 file | String |
favicon_md5 |
Favicon MD5 Hash | String |
favicon_murmur3 |
Favicon Murmur3 Hash | String |
favicon_path |
Favicon Path | String |
favicon2_md5 |
Favicon2 MD5 Hash | String |
favicon2_murmur3 |
Favicon2 Murmur3 Hash | String |
favicon2_path |
Favicon2 Path | String |
favicon_urls |
List of the URLs of the favicons | String |
file |
Does URL scanned point to a file | Boolean |
file_sha256 |
Hash of file pointed to | String |
geoip.asn |
Autonomous System Name (ASN) | Integer |
geoip.as_org |
AS Organization | String |
geoip.city_name |
City of IP geolocation | String |
geoip.continent_code |
Continent of IP geolocation | String |
geoip.country_code2 |
Country code of IP geolocation | String |
geoip.country_code3 |
Country code of IP geolocation | String |
geoip.country_name |
Country name of IP geolocation | String |
geoip.dma_code |
Designated marketing area | String |
geoip.latitude |
Latitude value of IP geolocationll | Float |
geoip.location.lat |
Latitude value of IP geolocation | Float |
geoip.location.lon |
Longtitude value of IP geolocation | Float |
geoip.longitude |
Longtitude value of IP geolocation | Float |
geoip.postal_code |
Postal code of IP geolocation | String |
geoip.region_code |
Region code of IP geolocation | String |
geoip.region_name |
Region name of IP geolocation | String |
geoip.timezone |
Timezone of IP geolocation | String |
header.cache-control |
Instructions that control caching in browsers and shared caches (e.g. Proxies, CDNs) | String |
header.connection |
Whether the network connection stays open after the current transaction finishes | String |
header.content-length |
Size of the message body, in bytes, sent to the recipient. | Number |
header.content-type |
Original media type of the resource (prior to any content encoding applied for sending). | String |
header.etag |
The ETag (or entity tag) HTTP response header | String |
header.refresh |
String | |
header.server |
Software used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirect | String |
header.x-powered-by |
Value returned from server stating whatv it's powered by | String |
hhv |
A hash value based on the header keys | String |
hostname |
Hostname of domain that original domain that was scanned redirects to | String |
html_body_murmur3 |
A Murmur3 hash of the HTML body | Number |
html_body_length |
Number of bytes in the HTML body | Integer |
html_body_sha256 |
A SHA256 hash of the HTML body | String |
html_body_similarity |
Percentage difference in the HTML body for this scan versus the previous scan - based on the SSDeep hash | Number |
html_body_ssdeep |
SSDeep hash of the HTML body | String |
htmltitle |
HTML Title | String |
ip |
IP hosting URL that origin URL that was scanned redirects to | String |
jarm |
JARM Hash fingerprinting the TLS configurations of the host | String |
opendirectory |
Is this an open directory | Boolean |
origin_domain |
Domain that was scanned | String |
origin_hostname |
Hostname of domain that was scanned | String |
origin_ip |
IP hosting URL that was originally scanned | String |
origin_path |
URL path that was originally scanned | String |
origin_port |
URL port that was originally scanned | String |
origin_scheme |
Scheme of URL that was originally scanned | String |
origin_url |
URL that was originally scanned | URL |
path |
Path of URL that originally scanned URL redirects to | String |
port |
Port of URL that originally scanned URL redirects to | Number |
redirect |
Does the URL scanned result in a redirect | Boolean |
redirect_count |
Number of URLs involved in a redirect | Integer |
redirect_list |
List of URLs that sit between the origin and destination URLs | String |
redirect_to_https |
Does the URL scanned result in a redirect to https | Boolean |
response |
Scan Request Response Code | Number |
scan_date |
The date that data was scanned | Datestring |
scheme |
Scheme of URL that originally scanned URL redirects to | String |
ssl.authority_key_id |
The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate. | String |
ssl.chv |
A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count | String |
ssl.expired |
Has SSL certificate expired | Boolean |
ssl.issuer.common_name |
SSL Certificate Issuer Common Name | String |
ssl.issuer.country |
SSL Certificate Issuer Country | String |
ssl.issuer.organization |
SSL Certificate Issuer Organization | List of strings |
ssl.not_after |
SSL Certificate Validity End Date | Datetime |
ssl.not_before |
SSL Certificate Validity Start Date | Datetime |
ssl.sans |
SSL Certificate Sans List | List of domains |
ssl.sans_count |
SSL Certificate Sans List Count | Number |
ssl.serial_number |
SSL Certificate Serial Number | String |
ssl.SHA1 |
S1SL Certificate SHA1 Hash | String |
ssl.SHA256 |
SSL Certificate SHA256 Hash | String |
ssl.sigalg |
SSL Certificate Signature Algorithm | String |
ssl.subject.common_name |
SSL Certificate Subject Common Name | String |
ssl.subject.country |
SSL Certificate Subject Country | String |
ssl.subject.names |
SSL Certificate Subject Names | List of domains |
ssl.subject.organization |
SSL Certificate Subject Organization | String |
ssl.wildcard |
Is this a wildcard SAN certificate, i.e. Sans List references wildcards | Boolean |
subdomain |
The subdomain value, if it exists, of the final domain that scanned original domain redirects to | String |
tld |
The top level domain of the final domain that scanned original domain redirects to | String |
url |
The final URL that the origin URL that was scanned redirects to | String |
'torscan' field names
Here's a list of field names you can search across using the torscan data source.
| Field name | Description | Type |
|---|---|---|
body_analysis.adsense |
String | |
body_analysis.adserver |
String | |
body_analysis.analytics |
String | |
body_analysis.body_sha256 |
SHA256 hash of the <body> |
String |
body_analysis.footer_sha256 |
SHA256 hash of the <footer> |
String |
body_analysis.google-adstag |
String | |
body_analysis.google-GA4 |
GA4 tag | String |
body_analysis.google-UA |
UA tag | String |
body_analysis.header_sha256 |
SHA256 hash of the <header> |
String |
body_analysis.js_sha256 |
List of referenced js files in the HTML content, in the form of "url sha256" | String |
body_analysis.js_ssdeep |
List of referenced js files in the HTML content, in the form of "url ssdeep" | String |
body_analysis.language |
List of languages found in the HTML content, comma separated, from most used to least used | String |
body_analysis.onion |
List of onion addresses that are in the HTML response | String |
body_analysis.SHV |
Script Hash Value, based on js scripts used by a website. | String |
datahash |
A unique hash of the overall scan result | String |
domain |
The final domain that scan redirects to | String |
favicon_avg |
Visual similarity image hash of the website's favicon file | String |
favicon2_avg |
Visual similarity image hash of the website's favicon2 file | String |
favicon_md5 |
Favicon MD5 Hash | String |
favicon_murmur3 |
Favicon Murmur3 Hash | String |
favicon_path |
Favicon Path | String |
favicon2_md5 |
Favicon2 MD5 Hash | String |
favicon2_murmur3 |
Favicon2 Murmur3 Hash | String |
favicon2_path |
Favicon2 Path | String |
favicon_urls |
List of the URLs of the favicons | String |
file |
Does URL scanned point to a file | Boolean |
file_sha256 |
Hash of file pointed to | String |
header.cache-control |
Instructions that control caching in browsers and shared caches (e.g. Proxies, CDNs) | String |
header.connection |
Whether the network connection stays open after the current transaction finishes | String |
header.content-length |
Size of the message body, in bytes, sent to the recipient. | Number |
header.content-type |
Original media type of the resource (prior to any content encoding applied for sending). | String |
header.etag |
The ETag (or entity tag) HTTP response header | String |
header.refresh |
String | |
header.server |
Software used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirect | String |
header.x-powered-by |
Value returned from server stating whatv it's powered by | String |
hhv |
A hash value based on the header keys | String |
hostname |
Hostname of domain that original domain that was scanned redirects to | String |
html_body_murmur3 |
A Murmur3 hash of the HTML body | Number |
html_body_sha256 |
A SHA256 hash of the HTML body | String |
html_body_ssdeep |
SSDeep hash of the HTML body | String |
htmltitle |
HTML Title | String |
opendirectory |
Is this an open directory | Boolean |
origin_hostname |
Hostname of domain that was scanned | String |
origin_ip |
IP hosting URL that was originally scanned | String |
origin_path |
URL path that was originally scanned | String |
origin_port |
URL port that was originally scanned | String |
origin_scheme |
Scheme of URL that was originally scanned | String |
origin_url |
URL that was originally scanned | URL |
path |
Path of URL that originally scanned URL redirects to | String |
port |
Port of URL that originally scanned URL redirects to | Number |
redirect |
Does the URL scanned result in a redirect | Boolean |
redirect_count |
Number of URLs involved in a redirect | Integer |
redirect_list |
List of URLs that sit between the origin and destination URLs | String |
redirect_to_https |
Does the URL scanned result in a redirect to https | Boolean |
response |
Scan Request Response Code | Number |
scan_date |
The date that data was scanned | Datestring |
scheme |
Scheme of URL that originally scanned URL redirects to | String |
ssl.authority_key_id |
The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate. | String |
ssl.chv |
A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count | String |
ssl.expired |
Has SSL certificate expired | Boolean |
ssl.issuer.common_name |
SSL Certificate Issuer Common Name | String |
ssl.issuer.country |
SSL Certificate Issuer Country | String |
ssl.issuer.organization |
SSL Certificate Issuer Organization | List of strings |
ssl.not_after |
SSL Certificate Validity End Date | Datetime |
ssl.not_before |
SSL Certificate Validity Start Date | Datetime |
ssl.sans |
SSL Certificate Sans List | List of domains |
ssl.sans_count |
SSL Certificate Sans List Count | Number |
ssl.serial_number |
SSL Certificate Serial Number | String |
ssl.SHA1 |
SSL Certificate SHA1 Hash | String |
ssl.SHA256 |
SSL Certificate SHA256 Hash | String |
ssl.sigalg |
SSL Certificate Signature Algorithm | String |
ssl.subject.common_name |
SSL Certificate Subject Common Name | String |
ssl.subject.country |
SSL Certificate Subject Country | String |
ssl.subject.names |
SSL Certificate Subject Names | List of domains |
ssl.subject.organization |
SSL Certificate Subject Organization | String |
ssl.wildcard |
Is this a wildcard SAN certificate, i.e. Sans List references wildcards | Boolean |
subdomain |
The subdomain value, if it exists, of the final domain that scanned original domain redirects to | String |
tld |
The top level domain of the final domain that scanned original domain redirects to | String |
url |
The final URL that the origin URL that was scanned redirects to | String |
'services' field names
Here's a list of field names you can search across using the services data source.
| Field name | Description | Type |
|---|---|---|
banner |
Service banner on a specific port | String |
datahash |
A unique hash of the overall scan result | String |
fingerprints.ECDSA |
Fingerprint of the ECDSA public key | String |
fingerprints.ED25519 |
Fingerprint of the ED25519 public key | String |
fingerprints.RSA |
Fingerprint of the RSA public key | String |
geoip.asn |
Autonomous System Name (ASN) | Integer |
geoip.as_org |
AS Organization | String |
ip |
IP hosting URL that origin URL that was scanned redirects to | String |
port |
Port of URL that originally scanned URL redirects to | Number |
scan_date |
The date that data was scanned | Datestring |
ssl.authority_key_id |
The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate. | String |
ssl.chv |
A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count | String |
ssl.expired |
Has SSL certificate expired | Boolean |
ssl.issuer.common_name |
SSL Certificate Issuer Common Name | String |
ssl.issuer.country |
SSL Certificate Issuer Country | String |
ssl.issuer.organization |
SSL Certificate Issuer Organization | List of strings |
ssl.not_after |
SSL Certificate Validity End Date | Datetime |
ssl.not_before |
SSL Certificate Validity Start Date | Datetime |
ssl.sans |
SSL Certificate Sans List | List of domains |
ssl.sans_count |
SSL Certificate Sans List Count | Number |
ssl.serial_number |
SSL Certificate Serial Number | String |
ssl.SHA1 |
SSL Certificate SHA1 Hash | String |
ssl.SHA256 |
SSL Certificate SHA256 Hash | String |
ssl.sigalg |
SSL Certificate Signature Algorithm | String |
ssl.subject.common_name |
SSL Certificate Subject Common Name | String |
ssl.subject.country |
SSL Certificate Subject Country | String |
ssl.subject.names |
SSL Certificate Subject Names | List of domains |
ssl.subject.organization |
SSL Certificate Subject Organization | String |
ssl.wildcard |
Is this a wildcard SAN certificate, i.e. Sans List references wildcards | Boolean |
'opendirectory' field names
Here's a list of field names you can search across using the opendirectory data source.
| Field name | Description | Type |
|---|---|---|
dir |
Is a directory | Boolean |
geoip.asn |
Autonomous System Name (ASN) | Integer |
geoip.as_org |
AS Organization | String |
hostname |
Hostname of domain that original domain that was scanned redirects to | String |
ip |
IP hosting URL that origin URL that was scanned redirects to | String |
last_modified |
Last modified date of a file in an open directory | Datestring |
name |
Filename or directory name of a file in an open directory | String |
port |
Port of URL that originally scanned URL redirects to | Number |
scan_date |
The date that data was scanned | Datestring |
scheme |
Scheme of URL that originally scanned URL redirects to | String |
size |
The filesize in bytes | Integer |
'webscanhistory' field names
Here's a list of field names you can search across using the webscanhistory data source.
| Field name | Description | Type |
|---|---|---|
datahash |
A unique hash of the overall scan result | String |
domain |
The final domain that the origin domain that was scanned redirects to | String |
hostname |
Hostname of domain that original domain that was scanned redirects to | String |
ip |
IP hosting URL that origin URL that was scanned redirects to | String |
origin_url |
URL that was originally scanned | URL |
scan_date |
The date that data was scanned | Datestring |
scheme |
Scheme of URL that originally scanned URL redirects to | String |
'webscanfailure' field names
Here's a list of field names you can search across using the webscanfailure data source.
| Field name | Description | Type |
|---|---|---|
domain |
The final domain that the origin domain that was scanned redirects to | String |
ip |
IP hosting URL that origin URL that was scanned redirects to | String |
port |
Port of URL that originally scanned URL redirects to | Number |
reason |
The reason a scanning failure occurred | String |
scan_date |
The date that data was scanned | Datestring |
scheme |
Scheme of URL that originally scanned URL redirects to | String |
url |
The final URL that the origin URL that was scanned redirects to | String |
Field name index
| Field name | Description | Type | Data source |
|---|---|---|---|
adtech.ads_txt |
Has /ads.txt | Boolean | webscan |
adtech.ads_txt_sha256 |
sha256 of /ads.txt | String | webscan |
adtech.app_ads_txt |
Has /app-ads.txt | Boolean | webscan |
adtech.app-ads_txt_sha256 |
sha256 of /app-ads.txt | String | webscan |
adtech.sellers_json |
Has /sellers.json | Boolean | webscan |
adtech.sellers_json_sha256 |
sha256 of /sellers.json | String | webscan |
banner |
Service banner on a specific port | String | services |
body_analysis.adsense |
String | webscan, torscan |
|
body_analysis.adserver |
String | webscan, torscan |
|
body_analysis.analytics |
String | webscan, torscan |
|
body_analysis.body_sha256 |
SHA256 hash of the <body> |
String | webscan, torscan |
body_analysis.footer_sha256 |
SHA256 hash of the <footer> |
String | webscan, torscan |
body_analysis.google-adstag |
String | webscan, torscan |
|
body_analysis.google-GA4 |
GA4 tag | String | webscan, torscan |
body_analysis.google-UA |
UA tag | String | webscan, torscan |
body_analysis.header_sha256 |
SHA256 hash of the <header> |
String | webscan, torscan |
body_analysis.ICP_license |
Chinese ICP LIcense | String | webscan |
body_analysis.js_sha256 |
List of referenced js files in the HTML content, in the form of "url sha256" | String | webscan, torscan |
body_analysis.js_ssdeep |
List of referenced js files in the HTML content, in the form of "url ssdeep" | String | webscan, torscan |
body_analysis.language |
List of languages found in the HTML content, comma separated, from most used to least used | String | webscan, torscan |
body_analysis.onion |
List of onion addresses that are in the HTML response | String | webscan, torscan |
body_analysis.SHV |
Script Hash Value, based on js scripts used by a website. | String | webscan, torscan |
datahash |
A unique hash of the overall scan result | String | webscan, torscan, services, webscanhistory |
datasource |
The index of the data | String | N/A |
dir |
Is a directory | Boolean | opendirectory |
domain |
The final domain that the origin domain that was scanned redirects to | String | webscan, torscan, webscanhistory, webscanfailure |
favicon_avg |
Visual similarity image hash of the website's favicon file | String | webscan, torscan |
favicon2_avg |
Visual similarity image hash of the website's favicon2 file | String | webscan, torscan |
favicon_md5 |
Favicon MD5 Hash | String | webscan, torscan |
favicon_murmur3 |
Favicon Murmur3 Hash | String | webscan, torscan |
favicon_path |
Favicon Path | String | webscan, torscan |
favicon2_md5 |
Favicon2 MD5 Hash | String | webscan, torscan |
favicon2_murmur3 |
Favicon2 Murmur3 Hash | String | webscan, torscan |
favicon2_path |
Favicon2 Path | String | webscan, torscan |
favicon_urls |
List of the URLs of the favicons | String | webscan, torscan |
file |
Does URL scanned point to a file | Boolean | webscan, torscan |
file_sha256 |
Hash of file pointed to | String | webscan, torscan |
fingerprints.ECDSA |
Fingerprint of the ECDSA public key | String | services |
fingerprints.ED25519 |
Fingerprint of the ED25519 public key | String | services |
fingerprints.RSA |
Fingerprint of the RSA public key | String | services |
geoip.asn |
Autonomous System Name (ASN) | Integer | webscan, services, opendir |
geoip.as_org |
AS Organization | String | webscan, services, opendirectory |
geoip.city_name |
City of IP geolocation | String | webscan |
geoip.continent_code |
Continent of IP geolocation | String | webscan |
geoip.country_code2 |
Country code of IP geolocation | String | webscan |
geoip.country_code3 |
Country code of IP geolocation | String | webscan |
geoip.country_name |
Country name of IP geolocation | String | webscan |
geoip.dma_code |
Designated marketing area | String | webscan |
geoip.latitude |
Latitude value of IP geolocationll | Float | webscan |
geoip.location.lat |
Latitude value of IP geolocation | Float | webscan |
geoip.location.lon |
Longtitude value of IP geolocation | Float | webscan |
geoip.longitude |
Longtitude value of IP geolocation | Float | webscan |
geoip.postal_code |
Postal code of IP geolocation | String | webscan |
geoip.region_code |
Region code of IP geolocation | String | webscan |
geoip.region_name |
Region name of IP geolocation | String | webscan |
geoip.timezone |
Timezone of IP geolocation | String | webscan |
header.cache-control |
Instructions that control caching in browsers and shared caches (e.g. Proxies, CDNs) | String | webscan, torscan |
header.connection |
Whether the network connection stays open after the current transaction finishes | String | webscan, torscan |
header.content-length |
Size of the message body, in bytes, sent to the recipient. | Number | webscan, torscan |
header.content-type |
Original media type of the resource (prior to any content encoding applied for sending). | String | webscan, torscan |
header.etag |
The ETag (or entity tag) HTTP response header | String | webscan, torscan |
header.refresh |
String | webscan, torscan |
|
header.server |
Software used to serve the HTTP response. If a redirect is present, this field shows data from the server that performed the last redirect | String | webscan, torscan |
header.x-powered-by |
Value returned from server stating whatv it's powered by | String | webscan, torscan |
hhv |
A hash value based on the header keys | String | webscan, torscan |
hostname |
Hostname of domain that original domain that was scanned redirects to | String | webscan, torscan, webscanhistory |
html_body_length |
Number of bytes in the HTML body | Integer | webscan |
html_body_murmur3 |
A Murmur3 hash of the HTML body | Number | webscan, torscan |
html_body_sha256 |
A SHA256 hash of the HTML body | String | webscan, torscan |
html_body_similarity |
Percentage difference in the HTML body for this scan versus the previous scan - based on the SSDeep hash | Number | webscan |
html_body_ssdeep |
SSDeep hash of the HTML body | String | webscan, torscan |
htmltitle |
HTML Title | String | webscan, torscan |
ip |
IP hosting URL that origin URL that was scanned redirects to | String | webscan, services, opendirectory, webscanhistory, webscanfailure |
jarm |
JARM Hash fingerprinting the TLS configurations of the host | String | webscan |
last_modified |
Last modified date of a file in an open directory | Datestring | opendirectory |
name |
Filename or directory name of a file in an open directory | String | opendirectory |
opendirectory |
Is this an open directory | Boolean | webscan, torscan |
origin_domain |
Domain that was scanned | String | webscan |
origin_hostname |
Hostname of domain that was scanned | String | webscan, torscan |
origin_ip |
IP hosting URL that was originally scanned | String | webscan, torscan |
origin_path |
URL path that was originally scanned | String | webscan, torscan |
origin_port |
URL port that was originally scanned | String | webscan |
origin_scheme |
Scheme of URL that was originally scanned | String | webscan |
origin_url |
URL that was originally scanned | URL | webscan, torscan, webscanhistory |
path |
Path of URL that originally scanned URL redirects to | String | webscan, torscan |
port |
Port of URL that originally scanned URL redirects to | Number | webscan, torscan, services, opendirectory, webscanfailure |
reason |
The reason a scanning failure occurred | String | webscanfailure |
redirect |
Does the URL scanned result in a redirect | Boolean | webscan, torscan |
redirect_count |
Number of URLs involved in a redirect | Integer | webscan, torscan |
redirect_list |
List of URLs that sit between the origin and destination URLs | String | webscan, torscan |
redirect_to_https |
Does the URL scanned result in a redirect to https | Boolean | webscan, torscan |
response |
Scan Request Response Code | Number | webscan, torscan |
scan_date |
The date that data was scanned | Datestring | webscan, torscan, services, opendirectory, webscanhistory, webscanfailure |
scheme |
Scheme of URL that originally scanned URL redirects to | String | webscan, torscan, opendirectory, webscanhistory, webscanfailure |
size |
The filesize in bytes | Integer | opendirectory |
ssl.authority_key_id |
The authority key identifier (AKI) is an X.509 v3 certificate extension. It contains a key identifier which is derived from the public key in the issuer certificate. | String | webscan, torscan, services |
ssl.chv |
A fingerprint on how the issuer creates the certificate based on the certificate's issuer/subject/extension RDN keys/wildcard and SANS count | String | webscan, torscan, services |
ssl.expired |
Has SSL certificate expired | Boolean | webscan, torscan, services |
ssl.issuer.common_name |
SSL Certificate Issuer Common Name | String | webscan, torscan, services |
ssl.issuer.country |
SSL Certificate Issuer Country | String | webscan, torscan, services |
ssl.issuer.organization |
SSL Certificate Issuer Organization | List of strings | webscan, torscan, services |
ssl.not_after |
SSL Certificate Validity End Date | Datetime | webscan, torscan, services |
ssl.not_before |
SSL Certificate Validity Start Date | Datetime | webscan, torscan, services |
ssl.sans |
SSL Certificate Sans List | List of domains | webscan, torscan, services |
ssl.sans_count |
SSL Certificate Sans List Count | Number | webscan, torscan, services |
ssl.serial_number |
SSL Certificate Serial Number | String | webscan, torscan, services |
ssl.SHA1 |
SSL Certificate SHA1 Hash | String | webscan, torscan, services |
ssl.SHA256 |
SSL Certificate SHA256 Hash | String | webscan, torscan, services |
ssl.sigalg |
SSL Certificate Signature Algorithm | String | webscan, torscan, services |
ssl.subject.common_name |
SSL Certificate Subject Common Name | String | webscan, torscan, services |
ssl.subject.country |
SSL Certificate Subject Country | String | webscan, torscan, services |
ssl.subject.names |
SSL Certificate Subject Names | List of domains | webscan, torscan, services |
ssl.subject.organization |
SSL Certificate Subject Organization | String | webscan, torscan, services |
ssl.wildcard |
Is this a wildcard SAN certificate, i.e. Sans List references wildcards | Boolean | webscan, torscan, services |
subdomain |
The subdomain value, if it exists, of the final domain that scanned original domain redirects to | String | webscan, torscan |
timestamp |
A date string | String | |
tld |
The top level domain of the final domain that scanned original domain redirects to | String | webscan, torscan |
url |
The final URL that the origin URL that was scanned redirects to | String | webscan, torscan |