ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
Artifact TypesArtifactsVirusTotalCensysURLScan
2
TLS CertificateCertificate AuthoritySearch by IP/domain => Details => Last HTTPS Certificate => under x509 extensions => CA Issuers
3
Common NameSearch by IP/domain => Details => Last HTTPS Certificate => Issuer & Subject CNsSelect Dataset as Hosts => Summary => VIEW ALL DATA => services.tls.certificates.leaf_data.(issuer/subject).common_name
Select Dataset as Certificates => Basic Information => (Subject/Issuer DN)		Search by IP/domain => Summary => Domain & IP information => Certs => Issuer/Subject CNs
4
SubjectSearch by IP/domain => Details => Last HTTPS Certificate => SubjectSelect Dataset as Hosts => Summary => VIEW ALL DATA => services.tls.certificates.leaf_data.subject.*
Select Dataset as Certificates (requires login) => Basic Information => Subject DN
5
TimeSearch by IP/domain => Details => Last HTTPS Certificate => ValiditySelect Dataset as Certificates (requires login) => Basic Information => Validity PeriodSearch by IP/domain => Summary => Domain & IP information => Certs => Validity
6
Served By Server/ClientSearched IP address/DomainSearched IP addressSearched IP address/Domain
7
SampleBehaviourBehavior => (ATT&CK TTPs and Capabilities)
8
Code SimilarityDetails => Basic Properties => (Vhash, Authentihash, Imphash, Rich PE header Hash, SSDEEP, TLSH)
Behaviour => Behavior Similarity Hashes
9
HashDetails => Basic Properties => (MD5, SHA-1, SHA-256, Vhash, Authentihash, Imphash, Rich PE header Hash, SSDEEP, TLSH)
10
References DomainBehavior => Network Communication => Memory Pattern Domains
11
Queries DomainRelations => Contacted Domains
12
References IPBehavior => Network Communication => Memory Pattern URLs
13
References User Agent
14
Connects To Server/ClientBehavior => Network Communication => IP Traffic
Relations => Contacted IP Addresses
15
Communicates To Server/ClientBehavior => Network Communication => IP Traffic
Relations => Contacted IP Addresses
16
DomainName ServerDetails => Last DNS Records => NS
Details => Whois Lookup => Name Server
17
Registation TimeDetails => Whois Lookup => Create dateSearch by IP/domain => Summary => Live information => Domain created
18
RegistrantDetails => Whois Lookup => Registrant Name
19
RegistrarDetails => Whois Lookup => Sponsoring RegistrarSearch by IP/domain => Summary => Live information => Domain registrar
20
TLDVisible in the searched domainSearch by IP/domain => Summary => Domain & IP information => Domains => Apex Domain
21
URL PathSearch by IP/domain => Returned results are URL Paths
22
Reverse DNSDetails => Last DNS Records => A Record TypeSearch by IP/domain => Summary => Live information => Current DNS A record
23
DNS HistoryDetails => Passive DNS Replication
24
IP AddressASNVisible under searched IP address
Details => Basic Properties => Autonomous System Number		Select Dataset as Hosts => Summary => Basic Information => Routing
Select Dataset as Hosts => Summary => VIEW ALL DATA => autonomous_system.asn		Search by IP/domain => Summary => Domain & IP information
Search by IP/domain => Summary => Domain & IP information => IP address => General Info
25
TrafficSearch by IP/domain => Summary => Domain & IP information => IP address => Direct Hits, Incoming Hits & Related Infrastructure
26
PortsSelect Dataset as Hosts => Summary => Services
Select Dataset as Hosts => Summary => VIEW ALL DATA => services.port
27
WHOIS DetailsDetails => WHOIS LookupSelect Dataset as Hosts => WHOIS
Select Dataset as Hosts => Summary => VIEW ALL DATA => whois.*		Search by IP/domain => Summary => Domain & IP information => IP address => (scroll to bottom) Whois for IP address
28
WHOIS HistoryRelations => Historical Whois LookupsSelect Dataset as Hosts => WHOIS => Events => Last Changed
29
Server/ClientBannerSelect Dataset as Hosts => Specific Port => Details => Banner
Select Dataset as Hosts => Summary => VIEW ALL DATA => services.banner		Search by IP/domain => HTTP => First Entry => Expand => Show Headers => (Response, Request & Redirect Headers)
30
ContentSelect Dataset as Hosts => Summary => VIEW ALL DATA => services.http.response.bodySearch by IP/domain => Content or DOM
31
FaviconSelect Dataset as Hosts => Summary => VIEW ALL DATA => services.http.response.favicons.hashes
Select Dataset as Hosts => Summary => VIEW ALL DATA => services.http.response.favicons.shodan_hash		Search by IP/domain => HTTP => Favicon.ico => Expand => Resource Hash
32
FingerprintDetails => Last HTTPS Certificate => JARM FingerprintSelect Dataset as Hosts => Specific HTTPS Port => TLS => Certificate => Fingerprint
Select Dataset as Hosts => Specific HTTPS Port => TLS => Fingerprint => (JARM, JA3S, JA4*)
Select Dataset as Hosts => Specific SSH Port => Details => Host Key => Fingerprint
Select Dataset as Hosts => Summary => VIEW ALL DATA => services.tls.certificates.leaf_fp_sha_256
Select Dataset as Hosts => Summary => VIEW ALL DATA => services.jarm.fingerprint
Select Dataset as Hosts => Summary => VIEW ALL DATA => services.tls.ja3*
Select Dataset as Hosts => Summary => VIEW ALL DATA => services.tls.ja4s
Select Dataset as Hosts => Summary => VIEW ALL DATA => services.ssh.server_host_key.fingerprint_sha256
33
Stores SamplesRelations => Communicating Files
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100