Skip to main content
For a given stealer family, find which corporate domains its victims appear to be employees of (employeeAt) and which domains they appear to be customers/users of (clientAt), plus an industry-category map for those domains. Useful for scoping the blast radius of a stealer-family outbreak — e.g. “which of our partner companies have employees infected with LummaC2?”

Request

POST /v1/search/categorize-domains · Required scope: search:stealer (all tiers) · Not paginated
ParameterTypeRequiredDefaultDescription
stealerstringYesStealer family name to categorize co-occurring domains for, e.g. "LummaC2"
This endpoint is counted as an aggregation request against your tier’s agg_per_min limit — see Rate Limits & Tiers.

Example request

curl -X POST https://api.vantaprism.me/v1/search/categorize-domains \
  -H "api-key: $VANTAPRISM_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "stealer": "LummaC2" }'

Response

200 OK — a single CategorizeDomainsResult object. nextCursor is not present — this endpoint is not paginated. 
{
  "data": {
    "employeeAt": ["acme-corp.com", "globex.io"],
    "clientAt": ["netflix.com", "amazon.com", "spotify.com"],
    "categories": {
      "acme-corp.com": "Manufacturing",
      "globex.io": "Technology",
      "netflix.com": "Streaming Media",
      "amazon.com": "E-commerce",
      "spotify.com": "Streaming Media"
    }
  },
  "meta": {
    "request_id": "req_01HZXK3Q7N8YV6F3M2P9JABCDE",
    "took_ms": 412.6,
    "tier": "free",
    "masked_fields": []
  }
}
FieldDescription
employeeAtDomains where matched victims appear to be employees, based on corporate email match
clientAtDomains where matched victims appear to be customers/users
categoriesMap of domain → industry category label, derived from VantaPrism’s domain category taxonomy
No fields are masked on this endpoint — domains and categories are returned as-is on every tier.

Not paginated

This endpoint always returns a single object. cursor/limit/sort_direction do not apply.

Errors

StatuscodeCause
400VALIDATION_ERRORstealer is missing
403FORBIDDEN_SCOPEKey lacks search:stealer
429RATE_LIMIT_EXCEEDEDExceeded your tier’s agg_per_min
See Errors for the full catalog.