This page gives information on what the entries in a receipt file indicate.
As of v0.13 receipt files are periodically regenerated and history is tracked for various fields. As a result, fields like ptr will sometimes show comma separated values, the rightmost value being the most recent.
IP Information
IP: the IP address associated with the reportrDNS: The configured reverse DNS record for the IP (note that this is under control of the IP owner).ASN: The Autonomous System that the IP is advertised as being part ofTor Exit Node: Whether Tor Project's DNSEL service says that this is a Tor exit node or not.
Overiew
Observed Requests: The number of requests observed by the IP, taken at the time the receipt file is generatedFirst Seen: When the first request was seen for this botLast Seen: When the bot was most recently seen (as of the receipt's generation date)Average number of daily requests: the mean number of daily requests observed by the bot
Observed Useragents
A list of user-agents associated with this IP. Most bots will only list one, if there are a broad range it may be a sign that the IP is that of a NAT pool (or perhaps a VPN endpoint).
Observed Paths
A list of the paths that the IP has been observed placing requests to.
Details of specific paths and their relative sensitivity can be found in Request Paths
Flags
A list of flags raised about the bot's behaviour.
Possible flags are
Acquires-tokens: The bot has been observed making requests which include an authentication tokenFetches-robots.txt: The bot has been observed requestingrobots.txt(this is a good thing)Does-not-fetch-robots.txt: No requests forrobots.txthave been observed for this bot (not good, but common)Ignores-robots.txt: Observed fetching arobots.txtwhich disallows all, but making requests anyway (very bad)Subnet-Match: Indicates that this file/match is for a known subnet rather than a single IP
Notes
A set of textual notes containing any additional pertinent information