Domain Search
Search for domain-wide compromises, with options for internal or external domains.
Simple Domain Search
Endpoint:
/search-by-domain
Required Permissions:
search-by-domain
Single Domain Search
Search for all compromised credentials related to tesla.com:
The following query will return 20 stealers where there is at least one credential for either tesla.com sorted by date_compromised in desc order, and for each stealer - the credentials field will be filtered to return only credentials where the domain is either tesla.com
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com"
]
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com']
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = { "domains": ["tesla.com"] }
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Credential Example:
{
"url": "https://auth.tesla.com/oauth2/v1/register",
"domain": "tesla.com",
"username": "β’β’β’β’.β’β’β’β’@gmail.com", // Censored for privacy
"password": "β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type": "user"
}Multi-Domain Search
Search across multiple domains simultaneously.
The following query will return 20 stealers where there is at least one credential for either tesla.com or teslamotors.com sorted by date_compromised in desc order, and for each stealer - the credentials field will be filtered to return only credentials where the domain is either tesla.com or teslamotors.com:
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
]
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com']
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = { "domains": ["tesla.com", "teslamotors.com"] }
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Credentials Example:
[
{
"url": "https://www.tesla.com/no_NO/user/login",
"domain": "tesla.com",
"username": "β’β’β’β’β’β’β’@outlook.com", // Censored for privacy
"password": "β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type": "user"
},
{
"url": "https://www.teslamotors.com/no_NO/user/login",
"domain": "teslamotors.com",
"username": "β’β’β’β’β’β’β’@outlook.com", // Censored for privacy
"password": "β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type": "user"
}
]Type-Specific Search
If no type is being specified, our API will return all credential types.
Filter for employees
employees
Required Permissions:
employees
The following query will return 20 stealers where there is at least one employee credential for either tesla.com or teslamotors.com sorted by date_compromised in desc order, and for each stealer - the credentials field will be filtered to return only credentials where the domain is either tesla.com or teslamotors.com:
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"types": ["employees"]
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com'],
types: ['employees']
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = {
"domains": ["tesla.com", "teslamotors.com"],
"types": ["employees"]
}
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Credential Example:
{
"url": "https://auth.tesla.com/en_us/oauth2/v1/authorize",
"domain": "tesla.com",
"username": "β’β’β’β’β’β’β’@tesla.com", // Censored for privacy
"password": "β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type": "employee"
}Filter for users
users
Required Permissions:
users
The following query will return 20 stealers where there is at least one user credential for either tesla.com or teslamotors.com sorted by date_compromised in desc order, and for each stealer - the credentials field will be filtered to return only credentials where the domain is either tesla.com or teslamotors.com:
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"types": ["users"]
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com'],
types: ['users']
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = {
"domains": ["tesla.com", "teslamotors.com"],
"types": ["users"]
}
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Credentials Example
[
{
"url": "https://www.tesla.com/no_NO/user/login",
"domain": "tesla.com",
"username": "β’β’β’β’β’β’β’@outlook.com", // Censored for privacy
"password": "β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type": "user"
},
{
"url": "https://www.teslamotors.com/no_NO/user/login",
"domain": "teslamotors.com",
"username": "β’β’β’β’β’β’β’@outlook.com", // Censored for privacy
"password": "β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type": "user"
}
]Third Party Domains
Required Permissions:
employees
Companies often suffer data breaches caused by 3rd-parties and are in need of a risk management solution that focuses on identifying and reducing risks relating to their supply chain (sometimes referred to as vendors, suppliers, partners, contractors, or service providers).
The following query will return 20 stealers where there is at least one third_party credential for any domain where the login email belongs to either tesla.com or teslamotors.com for example - [email protected] or [email protected] sorted by date_compromised in desc order, and for each stealer - the credentials field will be filtered to return only credentials where the domain is either tesla.com or teslamotors.com:
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"types": ["third_parties"]
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com'],
types: ['third_parties']
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = {
"domains": ["tesla.com", "teslamotors.com"],
"types": ["third_parties"]
}
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Credential Example
{
"url":"https://www.ticketsatwork.com/tickets",
"domain":"ticketsatwork.com",
"username":"β’β’β’β’β’β’β’@tesla.com", // Censored for privacy
"password":"β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type":"third_party"
}Combined Type Search
Search for multiple types simultaneously:
The following query will return 20 stealers where there is at least one third_party credential for any domain where the login email belongs to either tesla.com or teslamotors.com for example - [email protected] or [email protected] OR at least one employee credential for either tesla.com or teslamotors.com sorted by date_compromised in desc order, and for each stealer - the credentials field will be filtered to return only credentials where the domain is either tesla.com or teslamotors.com
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"types": ["third_parties", "employees"]
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com'],
types: ['third_parties', 'employees']
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = {
"domains": ["tesla.com", "teslamotors.com"],
"types": ["third_parties", "employees"]
}
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Credentials Example
[
{
"url":"https://auth.tesla.com/en_us/oauth2/v1/authorize",
"domain":"tesla.com",
"username":"β’β’β’β’β’β’β’β’@tesla.com", // Censored for privacy
"password":"β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type":"employee"
},
{
"url":"https://www.ticketsatwork.com/tickets",
"domain":"ticketsatwork.com",
"username":"β’β’β’β’β’β’β’β’@tesla.com", // Censored for privacy
"password":"β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type":"third_party"
}
]Keyword-Enhanced Search
The keyword filtering feature allows users to refine domain search results by specifying keywords that must appear in certain parts of a URL. These filters help target specific domains, subdomains, subdirectories, or paths that match the provided criteria.
When a keyword filter is applied, the API scans the following URL components:
- Subdomains β
keyword.example.com - Subdirectories β
example.com/keyword - Paths β
example.com/page/keyword
Only URLs containing at least one of the specified keywords in these components will be included in the response.
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"keywords": ["sso"]
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com'],
keywords: ['sso']
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = {
"domains": ["tesla.com", "teslamotors.com"],
"keywords": ["sso"]
}
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Credential Example:
{
"url":"https://sso.tesla.com",
"domain":"tesla.com",
"username":"β’β’β’β’β’β’β’β’β’@gmail.com", // Censored for privacy
"password":"β’β’β’β’β’β’β’β’β’β’β’β’β’β’β’β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type":"user"
}Keyword + Type Combo
Retrieve SSO + employee credentials only and narrow it even further by combining with employees type:
SSO + employee credentials only and narrow it even further by combining with employees type:
Required Permissions:
employees
The following query will return 20 stealers where there is at least one employee credential for either tesla.com or teslamotors.com and the url contain the phrase sso sorted by date_compromised in desc order, and for each stealer - the credentials field will be filtered to return only credentials where the domain is either tesla.com or teslamotors.com and the url contain the phrase sso:
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"types": ["employees"],
"keywords": ["sso"]
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com'],
types: ["employees"],
keywords: ['sso']
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = {
"domains": ["tesla.com", "teslamotors.com"],
"types": ["employees"],
"keywords": ["sso"]
}
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Credential Example:
{
"url":"https://sso.tesla.com/adfs/ls",
"domain":"tesla.com",
"username":"β’β’β’β’β’β’β’β’β’@tesla.com", // Censored for privacy
"password":"β’β’β’β’β’β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type":"employee"
}Multiple Keywords Filter
Retrieve either SSO+ employee OR oauth2 + employee credentials only:
SSO+ employee OR oauth2 + employee credentials only:This query will match both URLs:
sso URL
oauth2 URL
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"types": ["employees"],
"keywords": ["sso", "oauth2"],
"keywords_match": "any" # Default
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com'],
types: ["employees"],
keywords: ['sso', 'oauth2'],
keywords_match: 'any' // Default
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = {
"domains": ["tesla.com", "teslamotors.com"],
"types": ["employees"],
"keywords": ["sso", "oauth2"],
"keywords_match": "any" # Default
}
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Credentials Example:
[
{
"url":"https://sso.tesla.com",
"domain":"tesla.com",
"username":"β’β’β’β’@tesla.com", // Censored for privacy
"password":"β’β’β’β’β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type":"employee"
},
{
"url":"https://tesla.com/adfs/oauth2/authorize",
"domain":"tesla.com",
"username":"β’β’β’β’@tesla.com", // Censored for privacy
"password":"β’β’β’β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type":"employee"
}
]The keywords_match Parameter
keywords_match Parameter| OPTION | DESCRIPTION | DEFAULT |
|---|---|---|
any | Match any of the specified keywords. | YES |
all | Match all of the specified keywords within the same URL. | NO |
Retrieve eitherSSO+ employee AND oauth2 + employee credentials only by setting the keywords_match to all:
This query will match:
https://sso.tesla.com/adfs/oauth2/authorize
This query will NOT match:
https://tesla.com/adfs/oauth2/authorize
https://sso.tesla.com/login
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"types": ["employees"],
"keywords": ["sso", "oauth2"],
"keywords_match": "all"
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com'],
types: ["employees"],
keywords: ['sso', 'oauth2'],
keywords_match: 'all'
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = {
"domains": ["tesla.com", "teslamotors.com"],
"types": ["employees"],
"keywords": ["sso", "oauth2"],
"keywords_match": "all"
}
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Credential Example
{
"url":"https://sso.tesla.com/adfs/oauth2/authorize",
"domain":"tesla.com",
"username":"β’β’β’β’β’β’β’β’β’@tesla.com", // Censored for privacy
"password":"β’β’β’β’β’β’β’β’β’β’β’", // Censored for privacy
"type":"employee"
}Date-Range Search
The date-range search feature allows you to filter results based on either the compromise date or upload date of credentials. You can specify a start date, end date, or both.
Basic Usage
| PARAMETER | TYPE | DEFAULT | DESCRIPTION |
|---|---|---|---|
start_date | ISO 8601 | - | Start of date range |
end_date | ISO 8601 | - | End of date range |
sort_by | ISO 8601 | date_compromised | Determines date context |
At least one of
start_dateorend_datemust be provided when using date filtering.
{
"domains": ["tesla.com"],
"start_date": "2023-01-01T00:00:00Z",
"end_date": "2024-01-01T00:00:00Z",
"sort_by": "date_compromised"
}Date Context
The date context is determined by the sort_by parameter:
date_compromised: Sort by when credentials were stolendate_uploaded: Sort by when credentials were uploaded to our system
{
"domains": ["tesla.com"],
"start_date": "2023-01-01T00:00:00Z",
"sort_by": "date_uploaded"
}Full Example
The following query searches for employee credentials from tesla.com and teslamotors.com domains, specifically looking for SSO OR OAuth2 related compromises which have been UPLOADED to our system during 2023 (between 2023-01-01T00:00:00Z and 2024-01-01T00:00:00Z), sorted by date_uploaded.
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"types": ["employees"],
"keywords": ["sso", "oauth2"],
"keywords_match": "any",
"sort_by": "date_uploaded",
"start_date": "2023-01-01T00:00:00Z",
"end_date": "2024-01-01T00:00:00Z"
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com'],
types: ["employees"],
keywords: ['sso', 'oauth2'],
keywords_match: 'all',
sort_by: 'date_uploaded',
start_date: '2023-01-01T00:00:00Z',
end_date: '2024-01-01T00:00:00Z'
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = {
"domains": ["tesla.com", "teslamotors.com"],
"types": ["employees"],
"keywords": ["sso", "oauth2"],
"keywords_match": "all",
"sort_by": "date_uploaded",
"start_date": "2023-01-01T00:00:00Z",
"end_date": "2024-01-01T00:00:00Z"
}
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Sorted Results
The API supports flexible result ordering through the sort_by and sort_direction parameters.
If no
sort_byis being specified, results will be sorted bydate_compromised.
| PARAMETER | TYPE | DEFAULT | OPTIONS |
|---|---|---|---|
sort_by | string | date_compromised | date_compromised, date_uploaded |
sort_direction | string | desc | asc, desc |
date_compromised: Sort by when credentials were stolendate_uploaded: Sort by when credentials were uploaded to our system
Examples
Example - Sorting by date_uploaded (descending order)
date_uploaded (descending order){
"domains": ["tesla.com"],
"sort_by": "date_uploaded",
"sort_direction": "desc"
}Example - Sorting by date_compromised (descending order)
date_compromised (descending order){
"domains": ["tesla.com"],
"sort_by": "date_compromised",
"sort_direction": "desc"
}Filtered Credentials
The filter_credentials parameter controls how credentials are returned in the response.
| VALUE | DEFAULT | DESCRIPTION |
|---|---|---|
true | β | Returns only credentials matching your search criteria |
false | X | Returns all credentials from matching stealers |
Example Scenario
When searching for domain "example.com":
filter_credentials: true- Returns only example.com credentialsfilter_credentials: false- Returns example.com credentials plus any other domains compromised in the same stealer
Use Cases
- True (Default): When you need precise results matching your search
- False: When investigating broader compromise scope from the same infection
{
"domains": ["example.com"],
"filter_credentials": false
}Example Query
The following query will return 20 stealers where there is at least one credential for either tesla.com sorted by date_compromised in desc order, and for each stealer - the credentials field will not be filtered:
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com"
],
"filter_credentials": false
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com'],
filter_credentials: false
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = { "domains": ["tesla.com"], "filter_credentials": false }
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Credentials Example:
[
{
"url": "https://auth.riotgames.com/login",
"domain": "riotgames.com",
"username": "β’β’β’β’β’β’.β’β’β’β’β’β’@gmail.com",
"password": "β’β’β’β’β’β’β’β’β’β’",
"type": "user"
},
{
"url": "https://auth.tesla.com/oauth2/v1/register",
"domain": "tesla.com",
"username": "β’β’β’β’β’β’.β’β’β’β’β’β’@gmail.com",
"password": "β’β’β’β’β’β’β’β’β’β’",
"type": "user"
}
]Paginated Search
The API uses cursor-based pagination for efficient result retrieval.
The nextCursor field enables efficient pagination through search results. It's returned in the response when there are more results available.
Technical Details
The cursor is a base64-encoded string that combines:
- Your selected sort field (
date_compromisedordate_uploaded) - The document's unique identifier (
_id)
Example Request
The following query will return 20 stealers where there is at least one employee credential for either tesla.com or teslamotors.com and the url contain the phrase sso sorted by date_compromised in desc order, and for each stealer - the credentials field will be filtered to return only credentials where the domain is either tesla.com or teslamotors.com and the url contain the phrase sso:
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"types": ["employees"],
"keywords": ["sso"],
"keywords_match": "any",
"filter_credentials": true
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com'],
types: ["employees"],
keywords: ['sso'],
keywords_match: 'any',
filter_credentials: true
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = {
"domains": ["tesla.com", "teslamotors.com"],
"types": ["employees"],
"keywords": ["sso"],
"keywords_match": "all",
"filter_credentials": true
}
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Pagination Usage & Flow
- Initial request without cursor
- Use nextCursor from response for next page
- Continue until nextCursor is null
- Maximum 20 results per request
Example Response
{
"data": [
{...},
{...}
],
"nextCursor": "MjAyNC0xMS0xMlQwOToyNTozNi4wMDBafDY3M2U1Mzg4MzUwMWIwOWZlYWQzYTViMA"
}Next Page Request
Request for the next page for the same query will look like this:
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"types": ["employees"],
"keywords": ["sso"],
"keywords_match": "any",
"filter_credentials": true,
"curdor": "MjAyNC0xMS0xMlQwOToyNTozNi4wMDBafDY3M2U1Mzg4MzUwMWIwOWZlYWQzYTViMA"
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com'],
types: ["employees"],
keywords: ['sso'],
keywords_match: 'any',
filter_credentials: true,
curdor: "MjAyNC0xMS0xMlQwOToyNTozNi4wMDBafDY3M2U1Mzg4MzUwMWIwOWZlYWQzYTViMA"
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = {
"domains": ["tesla.com", "teslamotors.com"],
"types": ["employees"],
"keywords": ["sso"],
"keywords_match": "all",
"filter_credentials": true,
"curdor": "MjAyNC0xMS0xMlQwOToyNTozNi4wMDBafDY3M2U1Mzg4MzUwMWIwOWZlYWQzYTViMA"
}
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)Additional Fields
The additional_fields parameter allows you to request extra data fields in the response.
installed_software
installed_softwareReturns list of software installed on the compromised machine.
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"types": ["employees"],
"keywords": ["sso"],
"keywords_match": "any",
"filter_credentials": true,
"additional_fields": ["installed_software"]
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com'],
types: ["employees"],
keywords: ['sso'],
keywords_match: 'any',
filter_credentials: true,
additional_fields: ["installed_software"]
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = {
"domains": ["tesla.com", "teslamotors.com"],
"types": ["employees"],
"keywords": ["sso"],
"keywords_match": "all",
"filter_credentials": true,
"additional_fields": ["installed_software"]
}
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text){
"_id": "67a08ccd465561f4625e840f",
"stealer": "...",
"stealer_family": "Lumma",
"date_uploaded": "2025-02-03T09:30:52.468Z",
"employeeAt": [{"..."}],
"clientAt": [{"..."}],
"date_compromised": "2025-01-25T12:03:26.000Z",
"ip": "...",
"computer_name": "...",
"operating_system": "...",
"malware_path": "...",
"antiviruses": [{"..."}],
"installed_software": [
{
"program": "CPUID HWMonitor",
"version": "1.53"
},
{
"program": "Microsoft Visual C++ 2015-2022 Redistributable (x86)",
"version": "14.30.30704"
},
{
"program": "Microsoft Visual C++ 2010 x86 Redistributable",
"version": "10.0.30319"
},
{
"program": "Microsoft Visual C++ 2022 X86 Additional Runtime",
"version": "14.30.30704"
},
{
"program": "CPUID ROG CPU-Z",
"version": "2.01"
},
{
"program": "Microsoft Visual C++ 2022 X64 Minimum Runtime",
"version": "14.38.33135"
},
{
"program": "Microsoft Visual C++ 2022 X64 Additional Runtime",
"version": "14.38.33135"
},
{
"program": "Revo Uninstaller",
"version": "2.4.5"
},
{
"program": "Microsoft Visual C++ 2015-2022 Redistributable (x64)",
"version": "14.38.33135"
},
{
"program": "Microsoft Visual C++ 2022 X86 Minimum Runtime",
"version": "14.30.30704"
}
],
"credentials": [{"..."}]
}Use Cases
- Identifying security vulnerabilities
- Software inventory analysis
- Compliance verification
employee_session_cookies
employee_session_cookiesReturns active session cookies found on the compromised machine.
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"types": ["employees"],
"keywords": ["sso"],
"keywords_match": "any",
"filter_credentials": true,
"additional_fields": ["employee_session_cookies"]
}
'import axios from 'axios';
const options = {
method: 'POST',
url: 'https://api.hudsonrock.com/json/v3/search-by-domain',
headers: {
accept: 'application/json',
'content-type': 'application/json',
'api-key': '<API_KEY>'
},
data: {
domains: ['tesla.com', 'teslamotors.com'],
types: ["employees"],
keywords: ['sso'],
keywords_match: 'any',
filter_credentials: true,
additional_fields: ["employee_session_cookies"]
}
};
axios
.request(options)
.then(res => console.log(res.data))
.catch(err => console.error(err));import requests
url = "https://api.hudsonrock.com/json/v3/search-by-domain"
payload = {
"domains": ["tesla.com", "teslamotors.com"],
"types": ["employees"],
"keywords": ["sso"],
"keywords_match": "all",
"filter_credentials": true,
"additional_fields": ["employee_session_cookies"]
}
headers = {
"accept": "application/json",
"content-type": "application/json",
"api-key": "<API_KEY>"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text){
"_id": "67a08ccd465561f4625e840f",
"stealer": "...",
"stealer_family": "Lumma",
"date_uploaded": "2025-02-03T09:30:52.468Z",
"employeeAt": [{"..."}],
"clientAt": [{"..."}],
"date_compromised": "2025-01-25T12:03:26.000Z",
"ip": "...",
"computer_name": "...",
"operating_system": "...",
"malware_path": "...",
"antiviruses": [{"..."}],
"employee_session_cookies": [
{
"url": "google.com",
"url_stripped": "google.com",
"name": "SEARCH_SAMESITE",
"value": "β’β’β’β’β’β’β’β’",
"expiry": "2025-07-19T20:15:35.000Z"
},
{
"url": "ebay.com",
"url_stripped": "ebay.com",
"name": "__uzmc",
"value": "β’β’β’β’β’β’β’β’",
"expiry": "2025-07-24T23:25:08.000Z"
},
],
"credentials":[{"..."}],
}Use Cases
- Session hijacking prevention
- Active session termination
- Account takeover mitigation
Important Notes
- Fields are optional and can be combined
- Additional processing time may apply
- Default is empty array []
- Available on most search endpoints
Updated 17 days ago