StalkPhish.io - DATA Documentation (March 2024)

From Free plan:

'siteurl' : The analyzed URL/URI.
'sitedomain' : The Fully Qualified Domain Name (FQDN).
'pagetitle' : The title presented by the crawled webpage.
'firstseentime' : The first time StalkPhish checked the site url.
'firstseencode' : The HTTP code retrieved the first time we connected.
'ipaddress' : IP v4 address linked to the FQDN.
'asn' : The Autonomous System number.
'asndesc' : The Autonomous System description.
'asnreg' : The Autonomous System registrar.
'extracted_emails' : Emails embedded in the phishing kit source code, if the source code of the phishing kit is obtained.

From Standard plan (Free plan data and):

'GoogleSafebrowsing' : The Google Safe Browsing web threat type, when URL/URI is analyzed.
'phishing_score' : A phishing threat score associated to the potential phishing URL/URI.
'SSLcert_countryName' : The SSL/TLS certificate declared country.
'SSLcert_Issuer' : The entity that verified the information and signed the certificate.
'SSLcert_commonName' : The SSL/TLS certificate Common Name (CN).
'SSLcert_notBefore' : The earliest time and date on which the certificate is valid.
'SSLcert_notAfter' : The time and date past which the certificate is no longer valid.
'SSLcert_subjectAltName' : The list of domain names covered by the certificate.
'SSLcert_serialNumber_hex' : Used to uniquely identify the certificate within a CA's systems (Hex).
'SSLcert_md5' : The MD5 hash of the certificate.
'SSLcert_sha1' : The SHA1 hash of the certificate.
'SSLcert_sha256' : The SHA256 hash of the certificate.

From Pro plan (Standard plan data and):

'extracted_telegram' : Telegram botID, channelID, data about channel, users and channel admins.
'zipfilename' : The potential phishing kit file name stored in our database.
'zipfilehash' : The zipfilename's SHA256 hash.
'phishingkit_family' : The name of the Yara rule corresponding to the collected phishing kit, if the source code of the phishing kit is obtained (based on PhishingKit-Yara-Rules).
'page_hash' : The hash (without headers) of the webpage.
'favicon_mmh3' : The MurmurHash3 hash of the page favicon.
'targeted_brand' : The brand name URL/URI impersonate.