Skip to content
  • There are no suggestions because the search field is empty.

Description of Ransomware API Fields

Response fields 

Field descriptions 

id 

The DarkOwl Vision identifier for the result. 

body 

The full text collected from the webpage/record/target. Note that this field will not be returned if detail=snippet or detail=nonbody is selected in the request. 

snippet 

Excerpt of the body, based on the first highlighted term in the body. This field will not be returned if detail=body or detail=nonbody is selected in the request, or if the request does not include a detail parameter (the detail default is body). 

hackishness 

Rating assigned by DarkOwl Vision, indicating the likelihood to which the information could be used for criminal activity. Assigned on a per-page basis. 

title 

If available, page title of the content collected. 

url 

URL or location of the content collected. 

crawlDate 

Date when DarkOwl Vision collected the content. 

fileSize 

The size of the content before normalization, in bytes. 

domain 

Domain of the content collected. 

ips 

A list of ip addresses found in the body, if available. 

emails 

A list of emails found in the body, if available. 

ssns 

A list of social security numbers found in the body, if available. 

ccns 

A list of credit card numbers found in the body, if available. 

cryptos 

A list of cryptocurrencies found in the body, if available. 

cves 

A list of Common Vulnerabilities and Exposures found in the body, if available. 

headers 

The httpHeader content collected with the result, if available. 

leak 

Leak information and metadata, if the document was sourced from a leak. May include the following fields, if available: name, actors, host, associations, downloadLocations, filepath, filename 

name: The name DarkOwl assigned to the leak, which is typically based on the  target, original post title or file name, or other generally-known name.  

To retrieve Leak Context: Pass the value from this name field to the Leak Context endpoint. 

actors: The name of the original poster or actor who made the data available, if known. 

host: The site name of the location where the leak was hosted. Examples: Doxbin, BreachForums, Mega. 

associations: Other categories that help classify the leak, or associate it with other leaks. Examples: Combolist, Ransomware, Twitter (if there are multiple Twitter-related breaches).