The Data Breach Detection API response includes up to 10 entities and a Meta Info area with reference to API consumption and the request itself, such as the "next" URL to get the next batch of entities matching your query.
The Data Breach Detection (DBD) API response consists of two main objects:
• docs Object: Represents compromised entities sourced from data breaches
Contains three sub-objects:
• Document Object: Represents a single compromised entity.
• Leaked Record Object: Represents a mention of the compromised entity as part of a breach, including a list of leaked records.
• Additional_Info Object: Provides extended information on the compromised content.
• stealerLogs Object: Represents compromised computer-related entities sourced from infostealer malware leaks.
Contains three sub-objects:
• stealerLogs Document Object: Represents a single compromised machine by an infostealer malware.
• Credentials: Contains information about the compromised credentials, including URL, domain, username, and password.
• Infected Computer: Contains details about the infected machine, such as computer username, country, operating system, and hardware ID.
docs Object
Document Object
| Field Name | Description | Type |
|---|---|---|
| value | Compromised entity value. e.g. [email protected] | String |
| type | Type of compromised entity. Possible Values: • "email" • "Creditcard" • "SSN" • "PHONE" • "ACCOUNT_NAME" • "PASSPORT" | String |
| uuid | A unique ID representing the compromised entity | String |
| crawled | The date/time when the compromised entity was collected by Webz.io. | Date Format: yyyy-MM-dd'T'HH:mm:ss.SSSXXX |
| updated (See the note below) | The date/time the compromised entity was updated, when a crawler detects a change in the breach | Date Format: yyyy-MM-dd'T'HH:mm:ss.SSSXXX |
| leaks | An array of leaked records of the compromised entity | Object |
Leaked Record Object
A breach can be retrieved, in one of the following formats:
• File - breached database or file found in a file hosting by Webz.io platform.
• Snippet - part of a post in the dark networks, either a discussion threat or blog or paste.
| Field Name | Description | Type |
|---|---|---|
| uuid | A unique ID representing the breach | String |
| name | The name of the breach | String |
| filename | The name of the compromised file | String |
| login_url | The URL linked to the compromised credentials. | String |
| breach_date | The official date of the breach | Date Format: yyyy-MM-dd'T'HH:mm:ss.SSSXXX |
| fields | List of compromised fields detected as part of the breach | Array[Strings] |
| network | The name of the dark network , where the breach was found. Possible Values: • "tor" • "openweb" • "zeronet" • "i2p" • "openbazaar" • "telegram" | String |
| domain | The domain of the site where the breach was found. | String |
| cyber_doc_ref | The official URL of the leaked mention | String |
| updated | The latest time the entity was identified and crawled. Format is date/time | Date Format: yyyy-MM-dd'T'HH:mm:ss.SSSXXX |
| additional_info | An extended object providing more information on the compromised content | Object |
Additional_Info Object
| Field Name | Description | Relevant to Parameter | Type |
|---|---|---|---|
| password | The sanitized password relevant to the compromised entity | email, account_name | String |
| is_hashed | Is the password was hashed | email, account_name | Boolean |
| expy | Expiration Year of the compromised card | Creditcard, bin6, bin8 | String |
| expm | Expiration Month of compromised Card | Creditcard, bin6, bin8 | String |
stealerLogs Object
stealerLogs Document Object
| Field Name | Description | Type |
|---|---|---|
| id | A unique ID representing the stealer log | String |
| crawled | The date/time when the compromised entity was collected by Webz.io. | The date/time when the compromised entity was first leaked |
| infectionDate | The official date when the machine was infected with the infostealer malware. | Date Format: yyyy-MM-dd'T'HH:mm:ss.SSSXXX |
| logFileName | The name of the leaked file associated with the stealer log. | String |
| infostealerFamily | The family of the infostealer malware that infected the machine. | String |
| malwarePath | The file path where the infostealer malware was installed on the infected machine. | String |
| ipAddress | The IP address of the infected machine. | String |
Credentials
| Field Name | Description | Type |
|---|---|---|
| url | The URL linked to the compromised credentials. | String |
| domain | The domain extracted from the URL. | String |
| creds | Array of objects, with each object containing both the username and password. | array/list |
| creds.username | The leaked username used for logging into the URL. | String |
| creds.password | The leaked password used for logging into the URL. | String |
Infected Computer
| Field Name | Description | Type |
|---|---|---|
| computerUsername | The username of the infected computer's user. | String |
| country | The country of the infected machine. | String |
| operationSystem | The operating system installed on the infected machine. | String |
| hardwareId | The unique hardware identifier of the infected machine. | String |
Meta Info
| Field Name | Description | Type |
|---|---|---|
| totalDocs | The total number of documents matching your query sourced from data breaches. | Integer |
| totalStealerLogs | The total number of documents matching your query sourced from stealer logs. | Integer |
| moreStealerLogsAvailable | The number of additional stealer logs documents available. | Integer |
| moreDocsAvailable | The number of additional data breach documents available. | Integer |
| next | A URL to get the next batch of documents matching your query | String |
| requestsLeft | How many more records are available in your current subscription plan | Integer |
{
"docs": [
{
"value": "gabrielleg@****.com",
"type": "email",
"uuid": "50ecd14646cac54c88c885e0bf0928625bb11e53",
"crawled": "2024-02-01T13:50:54.711+02:00",
"updated": "2024-02-01T13:50:54.711+02:00",
"leaks": [
{
"uuid": "ee5074e8b0821710b6a0e4d12776c25ce43b4a12",
"name": "Nada.org 300K",
"filename": "nada.org 300K.csv",
"breach_date": "2023-12-08T02:00:00.000+02:00",
fields: [
"email",
"phone",
"password"
],
"network": null,
"domain": breachforums.is,
"cyber_doc_ref": "https://qu.ax/gjag.zip",
"crawled": "2020-06-10T11:31:08.000+03:00",
additional_info: [
{
"password": "a****fi",
"is_hashed": false,
}
]
}
]
}
],
"stealerLogs": [
{
"id": "bf7b74abe56526c6fc0d89f5217c41f1",,
"infectionDate": "2024-03-11T13:50:54.711+02:00",,
"logFileName": "[BR]179.254.43",,
"infostealerFamily": "LummaC2",,
"malwarePath": null,,
"ipAddress": "179.254.43.83",,
"credentials": [ ,
{
"url": "https://www.netflix.com/Login",,
"domain": "www.netflix.com",,
"creds": [ ,
{
"username": "revirtech@****.com",,
"password": "111111111",
}
]
}
],
"infectedComputer":,
{
"computerUsername": "KILLORRAN",,
"country": "BR",,
"operationSystem": "Windows 10 (10.0.19045) x64",,
"hardwareId": "ACA807A4FE70F947A7382236C33E52A1",,
}
},
],
"totalDocs": 25811,
"totalStealerLogs": 42,
"moreStealerLogsAvailable": 0,
"moreDocsAvailable": 25803
"next": "/dbdocFilter?token=xxxxx&ts=1705527140892&since=0&email_domain=fb.com&snxt=ZG9uZSUlJTE3MTAxNjA2ODM2MzMlJSU0MiUlJTQy",,
"requestsLeft": 8914
}