{"filters":{"Core":[{"name":"url","type":"text","description":"URL (fuzzy match with trigram similarity)","store":"pg","examples":["paypal.com","*.bank.com","http://example.com"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"domain","type":"text","description":"Extracted domain name","store":"pg","examples":["paypal.com","example.org"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"title","type":"text","description":"Page title (substring match)","store":"pg","examples":["login","PayPal","verify your account"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"status","type":"enum","description":"Scan status","store":"pg","examples":["completed","failed"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":["completed","failed","error","queued","processing"]},{"name":"scan_type","type":"enum","description":"Scan visibility type","store":"pg","examples":["public"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":["public","unlisted","private"]},{"name":"worker","type":"text","description":"Worker ID that processed the scan","store":"pg","examples":["chrome-worker-1"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"load_time","type":"float","description":"Page load time in seconds","store":"pg","examples":[">5","<1","2..10"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"submitted","type":"date","description":"Scan submission timestamp","store":"pg","examples":["last7d","last24h","last30d",">2024-01-01","2024-01..2024-06"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"completed","type":"date","description":"Scan completion timestamp","store":"pg","examples":[">2024-01-01"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"error","type":"text","description":"Error message text","store":"pg","examples":["timeout","connection refused"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"proxy","type":"bool","description":"Whether a proxy was used","store":"pg","examples":["true","false"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"http_status","type":"int","description":"HTTP response status code in any transaction (200, 301, 403, 404, 500, etc.)","store":"pg","examples":["403","404","500","301","400..499"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null}],"Network":[{"name":"ip","type":"inet","description":"Server IP address (supports CIDR notation)","store":"pg","examples":["1.1.1.1","192.168.0.0/16"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"primary_ip","type":"inet","description":"Primary server IP address","store":"pg","examples":["1.1.1.1"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"asn","type":"int","description":"Autonomous System Number","store":"pg","examples":["13335","15169"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"asn_org","type":"text","description":"ASN organization name","store":"pg","examples":["Cloudflare","Google","Amazon"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"country","type":"text","description":"ISO 2-letter country code","store":"pg","examples":["US","RU","CN","DE"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"city","type":"text","description":"City name","store":"pg","examples":["New York","London","Tokyo"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"ip_count","type":"int","description":"Number of unique IPs contacted","store":"pg","examples":[">10","1..5"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null}],"WHOIS":[{"name":"registrar","type":"text","description":"Domain registrar name","store":"pg","examples":["namecheap","godaddy","cloudflare"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"domain_age","type":"int","description":"Domain age in days (since registration)","store":"pg","examples":["<30","<7",">365"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"registration_date","type":"date","description":"Domain registration date","store":"pg","examples":[">2024-01-01"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"expiration_date","type":"date","description":"Domain expiration date","store":"pg","examples":["<2024-12-31"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"whois_server","type":"text","description":"WHOIS server used for lookup","store":"pg","examples":["whois.namecheap.com"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"nameserver","type":"text","description":"Nameserver hostname (from RDAP data)","store":"pg","examples":["ns1.cloudflare.com"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"rir","type":"enum","description":"Regional Internet Registry","store":"pg","examples":["RIPE","ARIN"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":["RIPE","ARIN","APNIC","LACNIC","AFRINIC"]},{"name":"ip_network","type":"cidr","description":"IP network CIDR block (from RDAP)","store":"pg","examples":["104.16.0.0/12"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null}],"Security":[{"name":"verdict","type":"enum","description":"AI security classification","store":"pg","examples":["HIGH_RISK","CONFIRMED_SCAM","LEGITIMATE"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":["LEGITIMATE","LOW_RISK","MODERATE_RISK","HIGH_RISK","CONFIRMED_SCAM"]},{"name":"ai_risk_score","type":"int","description":"AI risk score (0-100)","store":"pg","examples":[">50",">80","0..20"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"ai_confidence","type":"int","description":"AI confidence percentage (0-100)","store":"pg","examples":[">80",">90"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"category","type":"text","description":"Content category (ML classification)","store":"pg","examples":["phishing scam","e-commerce","finance banking","gaming","malicious"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"safe_browsing","type":"enum","description":"Google Safe Browsing threat type","store":"pg","examples":["MALWARE","SOCIAL_ENGINEERING"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":["MALWARE","SOCIAL_ENGINEERING","UNWANTED_SOFTWARE"]},{"name":"clamav","type":"enum","description":"ClamAV scan result","store":"pg","examples":["infected"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":["clean","infected"]},{"name":"virus","type":"text","description":"ClamAV virus/malware name","store":"pg","examples":["Trojan","Phishing","Downloader"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"ioc","type":"text","description":"IOC indicator value","store":"pg","examples":["evil.com","1.2.3.4"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"ioc_type","type":"enum","description":"IOC indicator type","store":"pg","examples":["domain","ip"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":["ip","domain","hash","url","email"]},{"name":"threat_feed","type":"text","description":"Threat intelligence feed source","store":"pg","examples":["OTX","AlienVault"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"rpki","type":"enum","description":"RPKI BGP origin validation status","store":"pg","examples":["invalid","valid"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":["valid","invalid","not-found"]}],"TLS":[{"name":"cert_issuer","type":"text","description":"Certificate issuer (CN or organization)","store":"pg","examples":["Let's Encrypt","DigiCert","Cloudflare"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"cert_subject","type":"text","description":"Certificate subject common name","store":"pg","examples":["*.example.com"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"cert_org","type":"text","description":"Certificate subject organization","store":"pg","examples":["Google LLC","Cloudflare, Inc."],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"cert_expired","type":"bool","description":"Certificate is expired","store":"pg","examples":["true","false"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"cert_self_signed","type":"bool","description":"Certificate is self-signed","store":"pg","examples":["true"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"cert_wildcard","type":"bool","description":"Certificate is wildcard","store":"pg","examples":["true"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"cert_ev","type":"bool","description":"Extended Validation certificate","store":"pg","examples":["true"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"cert_lets_encrypt","type":"bool","description":"Let's Encrypt certificate","store":"pg","examples":["true","false"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"cert_valid","type":"bool","description":"Certificate chain is valid","store":"pg","examples":["false"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"cert_revoked","type":"bool","description":"Certificate is revoked","store":"pg","examples":["true"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"cert_weak_key","type":"bool","description":"Weak cryptographic key detected","store":"pg","examples":["true"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"tls_algorithm","type":"text","description":"TLS signature algorithm","store":"pg","examples":["SHA256withRSA","SHA384withECDSA"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"key_algorithm","type":"text","description":"Public key algorithm","store":"pg","examples":["RSA","ECDSA","Ed25519"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"key_size","type":"int","description":"Public key size in bits (use with key_algorithm for meaningful results, e.g. key_algorithm:RSA key_size:<2048)","store":"pg","examples":["<2048",">4096","2048..4096"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"cert_days","type":"int","description":"Days until certificate expiry","store":"pg","examples":["<30","<7",">365"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"cert_fingerprint","type":"text","description":"Certificate SHA-256 fingerprint","store":"pg","examples":["a1b2c3d4..."],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"cert_risk","type":"int","description":"Certificate risk score (0-100)","store":"pg","examples":[">60",">80"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"cert_shared","type":"int","description":"Number of domains sharing this certificate","store":"pg","examples":[">100",">1000"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"caa","type":"bool","description":"Has CAA DNS records","store":"pg","examples":["true","false"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"caa_compliant","type":"bool","description":"Certificate is CAA compliant","store":"pg","examples":["false"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"ct_logged","type":"bool","description":"Certificate is in CT logs","store":"pg","examples":["false"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null}],"JARM":[{"name":"jarm","type":"text","description":"JARM TLS fingerprint hash","store":"pg","examples":["29d29d15d29d29d..."],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"jarm_known","type":"bool","description":"Matches a known JARM signature","store":"pg","examples":["true"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null}],"Technology":[{"name":"technology","type":"text","description":"Detected technology name","store":"pg","examples":["WordPress","jQuery","React","nginx"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"tech_category","type":"text","description":"Technology category","store":"pg","examples":["cms","web-frameworks","analytics","cdn"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"tech_version","type":"text","description":"Technology version","store":"pg","examples":["1.12","3.7","5.0"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"cpe","type":"text","description":"CPE identifier","store":"pg","examples":["cpe:2.3:a:wordpress*","cpe:2.3:a:jquery*"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null}],"JavaScript":[{"name":"js_risk","type":"enum","description":"JS obfuscation risk level","store":"pg","examples":["high","critical"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":["low","medium","high","critical"]},{"name":"js_risk_score","type":"int","description":"JS max risk score (0-100)","store":"pg","examples":[">70",">90","60..100"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"js_eval","type":"int","description":"Number of eval() calls detected","store":"pg","examples":[">0",">5"],"supports_comparison":true,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"js_func_constructor","type":"int","description":"Function() constructor calls","store":"pg","examples":[">0"],"supports_comparison":true,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"js_hash","type":"text","description":"JS code segment SHA-256 hash","store":"pg","examples":["a1b2c3d4e5f6..."],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"js_tlsh","type":"text","description":"JS code segment TLSH fuzzy hash","store":"pg","examples":["T1A1B2C3D4..."],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"js_library","type":"text","description":"Matched JavaScript library name","store":"pg","examples":["jquery","react","lodash"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"js_suspicious","type":"bool","description":"JS segment flagged as suspicious","store":"pg","examples":["true"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"js_obfuscated","type":"bool","description":"JavaScript is obfuscated","store":"pg","examples":["true"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"obfuscation_score","type":"int","description":"Obfuscation risk score (0-100)","store":"pg","examples":[">50",">80"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null},{"name":"js_cdn","type":"text","description":"CDN type serving the JavaScript","store":"pg","examples":["cloudflare","jsdelivr","unpkg"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"js_server","type":"text","description":"HTTP server type for JavaScript","store":"pg","examples":["nginx","apache","cloudflare"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"js_npm","type":"text","description":"NPM package name","store":"pg","examples":["react","lodash","axios"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"malware_family","type":"text","description":"Malware pattern category","store":"pg","examples":["miner","skimmer","stealer","dropper","backdoor"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"malware_pattern","type":"text","description":"Malware pattern name","store":"pg","examples":["CoinHive","Magecart"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null}],"Hashes":[{"name":"phash","type":"text","description":"Perceptual screenshot hash","store":"pg","examples":["a1b2c3d4e5f6"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"dhash","type":"text","description":"Difference screenshot hash","store":"pg","examples":["f0e1d2c3b4a5"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"ahash","type":"text","description":"Average screenshot hash","store":"pg","examples":["a1b2c3d4e5f6"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"whash","type":"text","description":"Wavelet screenshot hash","store":"pg","examples":["a1b2c3d4e5f6"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"color_hash","type":"text","description":"Screenshot color hash","store":"pg","examples":["#a1b2c3"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"favicon_hash","type":"text","description":"Favicon MMH3 hash","store":"pg","examples":["-12345678","116323821"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"tlsh","type":"text","description":"TLSH fuzzy hash of page content (exact match)","store":"pg","examples":["T1CA048E77329A063986558498E057430D9F20B543B50ACDBC7ABCBAD8BFDED06107BB78"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"ssdeep","type":"text","description":"ssdeep fuzzy hash of page content (exact match)","store":"pg","examples":["3072:VfQho9PKBb9JsE9RHCbZgRjFtSBaw9QWg:yhoC9J395CbZgLtSL3gc"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"favicon_md5","type":"text","description":"Favicon MD5 hash","store":"pg","examples":["d41d8cd98f00b204e9800998ecf8427e"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null}],"Tracking":[{"name":"tracker","type":"text","description":"Tracker type","store":"pg","examples":["google_analytics","facebook_pixel","hotjar"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"tracking_id","type":"text","description":"Specific tracking ID","store":"pg","examples":["UA-12345678","G-XXXXXXXXXX"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"tracker_category","type":"text","description":"Tracker category","store":"pg","examples":["analytics","advertising","social"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"tracker_risk","type":"text","description":"Tracker risk level","store":"pg","examples":["high","medium","low"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null}],"Content":[{"name":"ocr","type":"text","description":"OCR text from screenshot","store":"pg","examples":["verify your account","login","password"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"ocr_language","type":"text","description":"OCR detected language","store":"pg","examples":["en","ru","zh"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"pastejacking_severity","type":"enum","description":"Pastejacking severity level","store":"pg","examples":["high","critical"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":["low","medium","high","critical"]},{"name":"bot_detection","type":"text","description":"Bot protection type encountered","store":"pg","examples":["cloudflare","captcha","access_denied","imperva","aws_waf","rate_limit"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"bot_evasion","type":"bool","description":"Bot evasion was attempted","store":"pg","examples":["true"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"is_clone","type":"bool","description":"Detected as a clone of a legitimate site","store":"pg","examples":["true"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"clone_score","type":"float","description":"Clone similarity score","store":"pg","examples":[">0.8",">0.9"],"supports_comparison":true,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"clearfake_type","type":"text","description":"ClearFake detection type","store":"pg","examples":["eval_atob","atob_chain","powershell","atob_large"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"ids_signature","type":"text","description":"Suricata IDS signature name","store":"pg","examples":["ET TROJAN","ET MALWARE"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"ids_category","type":"text","description":"IDS alert category","store":"pg","examples":["A Network Trojan was detected","Potentially Bad Traffic"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"ids_severity","type":"int","description":"IDS alert severity (1=highest, 4=lowest)","store":"pg","examples":["1","<=2"],"supports_comparison":true,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"ids_alerts","type":"int","description":"Total IDS alert count","store":"pg","examples":[">0",">10"],"supports_comparison":true,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"bundler","type":"text","description":"JavaScript bundler type","store":"pg","examples":["webpack","rollup"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"bundle_modules","type":"int","description":"Number of modules in bundle","store":"pg","examples":[">50",">100"],"supports_comparison":true,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"warning_page","type":"bool","description":"Browser warning page was detected","store":"pg","examples":["true"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"warning_type","type":"text","description":"Warning page type","store":"pg","examples":["deceptive_site","malware"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null}],"DNS":[{"name":"ns","type":"text","description":"Nameserver hostname (from DNS zone data)","store":"es_zones","examples":["ns1.cloudflare.com","ns1.digitalocean.com"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"zone_domain","type":"text","description":"Domain in DNS zone files","store":"es_zones","examples":["example.com"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null}],"CT":[{"name":"ct_domain","type":"text","description":"Domain in Certificate Transparency logs","store":"es_ct","examples":["*.paypal.com","*paypa1*"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"ct_san","type":"text","description":"Certificate Subject Alternative Name","store":"es_ct","examples":["*.example.com"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"ct_hash","type":"text","description":"Certificate hash in CT logs","store":"es_ct","examples":["abc123..."],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"ct_log","type":"text","description":"CT log source","store":"es_ct","examples":["Google"],"supports_comparison":false,"supports_wildcard":false,"supports_range":false,"enum_values":null},{"name":"ct_issued","type":"date","description":"Certificate issuance date in CT","store":"es_ct","examples":[">2024-01-01","last7d","last30d"],"supports_comparison":true,"supports_wildcard":false,"supports_range":true,"enum_values":null}],"rDNS":[{"name":"rdns","type":"text","description":"Reverse DNS hostname","store":"es_rdns","examples":["*mail*","*hosted-by*"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null},{"name":"ptr","type":"text","description":"PTR record value","store":"es_rdns","examples":["*static*","*dedicated*"],"supports_comparison":false,"supports_wildcard":true,"supports_range":false,"enum_values":null}]},"has_checks":[{"name":"malware","description":"Malware detected by ClamAV","store":"pg"},{"name":"tracker","description":"Has tracking codes","store":"pg"},{"name":"pastejacking","description":"Pastejacking detected","store":"pg"},{"name":"ioc","description":"Has IOC threat intelligence matches","store":"pg"},{"name":"jarm","description":"Has JARM TLS fingerprint","store":"pg"},{"name":"certificate","description":"Has TLS certificate data","store":"pg"},{"name":"screenshot","description":"Has screenshot","store":"pg"},{"name":"ocr","description":"Has OCR text extracted","store":"pg"},{"name":"bot_detection","description":"Bot protection was encountered","store":"pg"},{"name":"safe_browsing","description":"Flagged by Google Safe Browsing","store":"pg"},{"name":"clipboard","description":"Has clipboard events","store":"pg"},{"name":"clone","description":"Detected as a clone site","store":"pg"},{"name":"clearfake","description":"ClearFake attack detected","store":"pg"},{"name":"ids","description":"Has IDS/Suricata alerts","store":"pg"},{"name":"rpki_invalid","description":"Has RPKI invalid result","store":"pg"},{"name":"pcap","description":"Has decrypted PCAP capture","store":"pg"},{"name":"fallback","description":"Has fallback scan (bot bypass)","store":"pg"},{"name":"whois","description":"Has WHOIS/RDAP domain data","store":"pg"},{"name":"webpack","description":"Has webpack/rollup bundle","store":"pg"},{"name":"phishing","description":"Has phishing detection result","store":"pg"},{"name":"ct","description":"Has Certificate Transparency entries","store":"es_ct"},{"name":"rdns_entry","description":"Has reverse DNS record","store":"es_rdns"}],"syntax":{"text_search":"paypal login","filter":"field:value","quoted":"field:\"value with spaces\"","comparison":"field:>value, field:<value, field:>=value, field:<=value","range":"field:value1..value2","wildcard":"field:*.example.com","boolean":"filter1 AND filter2, filter1 OR filter2","negation":"-field:value or NOT field:value","grouping":"(filter1 OR filter2) AND filter3","existence":"has:feature"}}