Filters Reference

Use the following filters to focus only on the Data Breaches you need.

Escaping reserved characters

If you need to use any of the characters which function as operators in your query itself (and not as operators), then you should escape them with a leading backslash. For instance, to search for (1+1)=2, you would need to write your query as (1+1)\=2.

The reserved characters are: + - = && || > < ! ( ) { } [ ] ^ " ~ * ? : \ /

Failing to escape these special characters correctly could lead to a syntax error which prevents your query from running.

Parameter
Description
Example

uuid

Unique Identifier for the Data Breach Detection Document

uuid:a41435176158ff0b42463c66741db95f

site.network

Filter posts by network

Possible values are: tor,
zeronet, i2P, openbazaar,
telegram, discord, irc, openweb

file.name

Filter by the file name (relevant only for the dumps and not for the unstructured web)

file.name:7k7k

file.date

Filter by the file date (in milliseconds)

file.date:>1522530000000

leak.name

Filter by the name of the leak

leak.name:LinkedIn

leak.breach_date

Filter by the date of the leak (in milliseconds)

leak.breach_date:>1506805200000

leak.field

Filter by the compromised fields
This could be one of the following: cc, ssn, passport, email, password, phone, account_name

Filter Email leaks of webhose.io domain , that include email, password as compromised fields:
email.value:*@webhose.io AND leak.field:(email AND password)

cc

Filter by credit card value : exact or partial (depends on the permissions)
In the case of partial permissions: up to 6 digits in the beginning and up to 4 digits at the end

Filter by credit cards that starts with 4580 and ends with 1713:
cc.value:4580*1713

ssn

Filter by Social Security Number (SSN): exact or partial (depends on the permissions)
In the case of partial permissions: up to 2 digits in the beginning and up to 2 digits in the end

ssn.value:62*

passport

Filter by passport number: exact or partial (depends on the permissions)
In the case of partial permissions: up to 2 digits in the beginning and up to 2 digits in the end

passport.value:*

email

Filter by email value: exact or partial (depends on the permissions)
In the case of partial permissions: based on the domains allowed

email.value:*@webhose.io
email.value:sam.vinny@webhose.io

phone

Filter by phone value: exact or partial (depends on the permission)
In the case of partial permissions: no limitation

phone.value:*8765287652

account_name

Filter by account name : exact or partial (depends on the permission)
In the case of partial permissions: no limitation

account_name.value:amomo531

language

Filter by the main language of the text field

language:english

text

Filter by the text field
This field is relevant only to unstructured data

text:webhose

crawled

A timestamp (in milliseconds) that enables you to filter pages that were crawled before or after a certain date/time

Return leak records crawled after
Thu, 30 Mar 2017 09:16:28 GMT:
crawled:>1490865388000

A thread contains global information about the content of the whole page and its content. A thread can contain multiple posts grouped together.


What's Next

Output Reference

Filters Reference


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.