Use the following filters to focus only on the PII Leaks you need.
Escaping reserved characters
If you need to use any of the characters which function as operators in your query itself (and not as operators), then you should escape them with a leading backslash. For instance, to search for (1+1)=2, you would need to write your query as (1+1)\=2.
The reserved characters are: + - = && || > < ! ( ) { } [ ] ^ " ~ * ? : \ /
Failing to escape these special characters correctly could lead to a syntax error which prevents your query from running.
- The filters are available as part of the query.
- The usage of AND OR NOT is allowed as part of the query.
Partial values are permitted, excluding dates - Example1: http://webhose.io/piiFilter?token=xxx&format=json&q=email.value:*@webhose.io AND leak.name:linkedin
- Example2: http://webhose.io/piiFilter?token=xxx&format=json&q=cc.value:3755%20AND%20referring_url:paypalskqofs37jo.onion*
uuid
Unique Identifier for the PII Leak Document
uuid:a41435176158ff0b42463c66741db95f
site.domain
Limit the results to a specific site or sites
site.domain:pbbnzshcgemf3d5y.onion
site.network
Filter posts by network
Possible values are: tor,
zeronet, i2P, openbazaar,
telegram, discord, irc, openweb
file.name
Filter by the file name of the PII Leak (relevant only for the dumps and not for the unstructured web)
file.name:7k7k
file.date
Filter by the PII Leak file date (in milliseconds)
file.date:>1522530000000
leak.name
Filter by the name of the leak
leak.name:LinkedIn
leak.breach_date
Filter by the date of the leak (in milliseconds)
leak.breach_date:>1506805200000
leak.field
Filter by the compromised fields
This could be one of the following: cc, ssn, passport, email, password, phone, account_name
Filter Email leaks of webhose.io domain , that include email, password as compromised fields:
email.value:*@webhose.io AND leak.field:(email AND password)
cc
Filter by credit card value : exact or partial (depends on the permissions)
In the case of partial permissions: up to 6 digits in the beginning and up to 4 digits at the end
Filter by credit cards that starts with 4580 and ends with 1713:
cc.value:4580*1713
ssn
Filter by Social Security Number (SSN): exact or partial (depends on the permissions)
In the case of partial permissions: up to 2 digits in the beginning and up to 2 digits in the end
ssn.value:62*
passport
Filter by passport number: exact or partial (depends on the permissions)
In the case of partial permissions: up to 2 digits in the beginning and up to 2 digits in the end
passport.value:*
Filter by email value: exact or partial (depends on the permissions)
In the case of partial permissions: based on the domains allowed
email.value:*@webhose.io
email.value:sam.vinny@webhose.io
phone
Filter by phone value: exact or partial (depends on the permission)
In the case of partial permissions: no limitation
phone.value:*8765287652
account_name
Filter by account name : exact or partial (depends on the permission)
In the case of partial permissions: no limitation
account_name.value:amomo531
author
Filter by the author / actor of the PII leak document
author:brainstorm
language
Filter by the main language of the text field
language:english
text
Filter by the text field
This field is relevant only to unstructured data
text:webhose
referring_url
Filter by the URL relevant to the PII Leak
This field is only relevant to unstructured data
Filter by pastebin urls and leaks of email domain webhose.io:
referring_url:pastebin.com AND email.value:*@webhose.io
crawled
A timestamp (in milliseconds) that enables you to filter pages that were crawled before or after a certain date/time
Return leak records crawled after
Thu, 30 Mar 2017 09:16:28 GMT:
crawled:>1490865388000
A thread contains global information about the content of the whole page and its content. A thread can contain multiple posts grouped together.
What's Next
Output Reference |