Overview
The search-by-domain endpoint enables searching for compromised credentials and related intelligence associated with specific domains. This guide outlines all supported query patterns and combinations.
Domain Intelligence
/search-by-domain
search-by-domain
The Domain Intelligence API allows you to search for compromised credentials and intelligence data associated with specific domains. This service helps organizations monitor their digital footprint and assess potential security risks.
The Problem: Cybersecurity professionals are tasked with protecting companies from ransomware attacks, network over-takes, and corporate espionage. In recent years, corporate credentials stolen from computers are a prominent attack vector used by cybercriminals to infiltrate corporate networks.
The Solution: Hudson Rock provides its clients the ability to query a database of over 30,000,000 computers which were compromised through global info-stealer campaigns performed by threat actors. The database is updated with new compromised computers every day, offering cybersecurity providers the ability to alert security teams ahead of imminent attacks, when users get compromised and have their credentials stolen.
Key Features
- Domain-Based Search: Search for compromised credentials using domain names
- Employee & User Stats: Get detailed statistics about compromised employees and users
- Historical Data: Track breach history with timestamps for compromises and uploads
- Pagination Support: Handle large result sets with cursor-based pagination
Use Cases
- Monitor your organization's exposure in data breaches
- Track compromised employee and user accounts
- Assess historical breach patterns
- Generate security reports and analytics
Available Endpoints
POST /search-by-domain: Search for stealers data by domainsExample Response{ "_id": "67a08ccd465561f4625e840f", "stealer": "...", "stealer_family": "Lumma", "date_uploaded": "2025-02-03T09:30:52.468Z", "employeeAt": [{"..."}], "clientAt": [{"..."}], "date_compromised": "2025-01-25T12:03:26.000Z", "ip": "...", "computer_name": "...", "operating_system": "...", "malware_path": "...", "antiviruses": [{"..."}], "employee_session_cookies": [{"..."}], "credentials":[{"..."}], }
POST /search-by-domain/overview: Get statistical overview of domainsExample Response{ "data": [ { "_id": "6128ffaa58a0e25d3001c031", "domain": "tesla.com", "compromised_employees": 384, "compromised_users": 18336, "last_employee_compromised": "2025-03-05T07:27:58.000Z", "last_user_compromised": "2025-03-05T07:27:58.000Z", "last_employee_uploaded": "2025-03-05T11:18:10.453Z", "last_user_uploaded": "2025-03-05T11:55:12.772Z" } ], "nextCursor": null }
POST /search-by-domain/discovery: Domain assets discoveryExample Response{ "data": [ { "_id": "6385c6b0d6b8e4ed58545c2a", "url": "https://auth.tesla.com/oauth2/v1/authorize", "domain": "tesla.com", "type": "user", "last_uploaded_date": "2025-03-05T11:52:41.247Z", "occurrence": 5806 }, // ... // ], "nextCursor": "MXw2NjFhYWQ5MjFlYmYwZTQxZmEzZTVhZmY" }
POST /search-by-domain/assessment: Third party risk assessmentExample Response{ "data": [ { "employee_urls": [ { "url": "https://sso.tesla.com/adfs/ls", "domain": "tesla.com", "type": "employee", "last_uploaded_date": "2025-01-15T23:43:40.481Z", "occurrence": 174 }, //...// ] }, { "third_party_urls": [ { "url": "https://uptimerobot.com/signup", "domain": "uptimerobot.com", "type": "third_party", "last_uploaded_date": "2025-01-13T14:15:11.775Z", "occurrence": 84, }, //...// ] }, { "user_urls": [ { "url": "https://auth.tesla.com/oauth2/v1/authorize", "domain": "tesla.com", "type": "user", "last_uploaded_date": "2025-03-05T11:52:41.247Z", "occurrence": 5806 }, //...// ] } ] }
Updated 16 days ago