Skip to main content
Retrieve full victim records — host metadata, malware identification, and installed software — for one or more known victim IDs in a single call. Useful when you’ve already collected victim_id/log_victim_id values from other endpoints and want their full profiles in bulk.

Request

POST /v1/search/stealer-id · Required scope: search:stealer (all tiers) · Not paginated
ParameterTypeRequiredDefaultDescription
stealersstring[]YesVictim IDs — SHA-256 victim_id hashes and/or log_victim_id values, in any mix, min 1 item
filter_credentialsbooleanNofalseWhen true, only return victims with at least one stored credential
sort_directionasc | descNodescSort order of results
cursorstring | nullNoAccepted but unused — this endpoint is not paginated
limitintegerNo251–500, clamped to your tier’s max_rows

Example request

curl -X POST https://api.vantaprism.me/v1/search/stealer-id \
  -H "api-key: $VANTAPRISM_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "stealers": ["9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"],
    "filter_credentials": true
  }'

Response

200 OK — array of VictimSummary, one per matched victim_id/log_victim_id. nextCursor is always null — this endpoint is not cursor-paginated; results are sorted and truncated to limit in one pass. 
{
  "data": [
    {
      "victim_id": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
      "log_victim_id": "RL-2026-AC91F3",
      "stealer_family": "RedLine",
      "stealer_version": "1.4",
      "ip": "203.0.x.x",
      "country": "US",
      "os": "Windows 11 Pro",
      "computer_name": "DE*************",
      "user_name": "jd**",
      "hwid": "A1*************",
      "machine_id": "8F*************",
      "log_date": "2026-05-02T14:22:31Z",
      "malware_location": "C:\\***",
      "timezone": "America/New_York",
      "cpu_name": "Intel Core i7-12700",
      "ram_total_bytes": 17179869184,
      "anti_viruses": ["Windows Defender"],
      "installed_browsers": ["Chrome", "Edge"],
      "installed_software": ["Microsoft Office", "Zoom", "Slack"]
    }
  ],
  "nextCursor": null,
  "meta": {
    "request_id": "req_01HZXK3Q7N8YV6F3M2P9JABCDE",
    "took_ms": 19.6,
    "tier": "free",
    "masked_fields": ["ip", "computer_name", "user_name", "hwid", "machine_id", "malware_location"]
  }
}
See Data Model — Victim for the full field reference.

Errors

StatuscodeCause
400VALIDATION_ERRORstealers is empty or exceeds limits
403FORBIDDEN_SCOPEKey lacks search:stealer
See Errors for the full catalog.

Tier notes

ip, computer_name, user_name, hwid, machine_id, and malware_location are masked per the standard free-tier rules in Data Masking — these are not values you searched for (you searched by victim_id/log_victim_id, a different field), so the “searched value is never masked” rule does not apply here.