Request
POST /v1/search/pc-name · Required scope: search:stealer (all tiers)
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
pc_names | string[] | Yes | — | Computer names to search, min 1 item. Lowercased automatically before matching, e.g. ["DESKTOP-3ESCSGH"] |
start_date | string (date-time) | null | No | — | Inclusive start filter, clamped by query_window_days |
end_date | string (date-time) | null | No | — | Inclusive end filter |
sort_direction | asc | desc | No | desc | Must stay constant across pages |
cursor | string | null | No | — | Pagination token |
limit | integer | No | 25 | 1–500, clamped to your tier’s max_rows |
Example request
Response
200 OK — array of PCNameExposureResult, cursor-paginated.
| Field | Description |
|---|---|
stealer_id | log_victim_id of the infected machine |
victim_id | SHA-256 victim ID — use with Victim Profiles |
computer_name | Returned unmasked — exactly matches a value you searched for in pc_names |
ip | Masked via subnet_mask on free tier |
country | ISO 3166-1 alpha-2 |
operating_system | |
stealer_family | |
hwid / user_name / machine_id | Masked via partial_identifier on free tier |
malware_location | Masked via partial_filepath on free tier |
infection_date | When the log was captured |
Pagination
Cursor-paginated — see Pagination.Errors
| Status | code | Cause |
|---|---|---|
| 400 | VALIDATION_ERROR | pc_names is empty or exceeds limits |
| 400 | INVALID_CURSOR | Tampered or stale cursor |
| 403 | FORBIDDEN_SCOPE | Key lacks search:stealer |