Documentation

API Reference

Complete reference for all CFXDATA endpoints.

Authentication

All requests require an API key

Base URL

https://api.cfxdata.org

Header Authentication

X-API-Key: your_api_key_here

Alternatively, pass the key as a query parameter: ?key=YOUR_KEY

Rate Limits

Usage limits per plan

PlanDailyRate
Starter300/day3/sec
Professional700/day3/sec
Enterprise2,000/day3/sec
Data Breach APIs

Snusbase

Comprehensive breach database

GET
GET/snusbase?query={query}&key={KEY}
query- email, username, etc.

LeakCheck

Official LeakCheck API v2

GET
GET/leakcheck?query={query}&type={type}&key={KEY}
query- email, username, phone, hashtype- auto, email, domain, username, phone, hash
GET/leakcheck/query?query={query}&key={KEY}

LeakOsint

Multi-source OSINT search

GET
GET/leakosint?query={query}&key={KEY}

OathNet

Breach & stealer logs search (Complete)

GET

Search API

GET /oathnet/search/init?query={query}&key={KEY}

Initialize search

GET /oathnet/search/breach?query={query}&key={KEY}

Search breach databases

GET /oathnet/search/stealer?query={query}&key={KEY}

Search stealer logs

GET /oathnet/v2/stealer/search?q={query}&limit={limit}&key={KEY}

V2 stealer search with pagination

GET /oathnet/v2/stealer/subdomain?domain={domain}&key={KEY}

Search by subdomain

Victims API

GET /oathnet/v2/victims/search?q={query}&key={KEY}

Search victims (IP, Discord ID, Email)

GET /oathnet/v2/victims/{logId}?key={KEY}

Get victim manifest by log ID

GET /oathnet/v2/file-search?query={query}&file_type={type}&key={KEY}

Create file search job

GET /oathnet/v2/file-search/{jobId}?key={KEY}

Get file search status and results

IntelX DID

Search IntelX by DID (Data Identifier)

GET
GET /intelx-did?did={did}&maxresults={max}&key={KEY}

Search by IntelX (DID) - Professional plan required

did- IntelX (required) maxresults- Max results (optional, default: 10000)

IntelX Storage NEW

Retrieve content from IntelX storage buckets

GET
GET /intelx-storage?storageid={id}&bucket={bucket}&key={KEY}

Retrieve content from IntelX storage - IntelX plan required (intelxstarter, intelxpro, intelxultime)

storageid- IntelX Storage ID (required) bucket- Data source bucket (required, see list below)

Available Buckets

darknet.i2pI2P Darknet (.i2p)
darknet.torTor Darknet (.onion)
dnsDNS Records
documents.public.scihubSci-Hub Documents
dumpsterDumpster (misc)
dumpster.web.1Dumpster: Websites
dumpster.web.ssnDumpster: SSN
leaks.logsStealer Logs (malware)
leaks.privatePrivate Leaks
leaks.private.combCombo Lists
leaks.private.generalRestricted Leaks
leaks.public.generalPublic Leaks
leaks.public.wikileaksWikiLeaks / Snowden / Cryptome
pastesPastes
patent.usUS Patents
usenetUsenet
whoisWHOIS Data
web.gov.ruRussia Gov (.gov.ru)
web.public.afAfrica
web.public.amsAmericas
web.public.aqAntarctica
web.public.business.biz .icu .shop .work .site
web.public.ceeCentral/East Europe
web.public.cnChina (.cn)
web.public.com.com
web.public.de.de .at .ch .lu .li
web.public.eu.eu
web.public.govUS Gov (.gov)
web.public.info.info
web.public.kpNorth Korea (.kp)
web.public.meaMiddle East / Asia
web.public.misc.top .wang .xyz
web.public.net.net
web.public.nordUK/IE/Scandinavia
web.public.ocOceania
web.public.org.org
web.public.peerDecentralized (.bit .bazar)
web.public.ru.ru .ua .kz
web.public.social.club .vip
web.public.tech.app .io .online
web.public.weWest Europe (FR/ES/IT/NL/BE)

Stealer

Search 12B+ stealer logs

POST
POST/stealerlogs/search

Request Body (JSON)

{"query": "[email protected]", "type": "email", "limit": 100}

Available Search Types:

emailusernamepassworddomainphoneipnameuuid

Example cURL Request:

$ curl -X POST \ "https://api.cfxdata.org/stealerlogs/search" \ -H "Content-Type: application/json" \ -H "x-api-key: YOUR_KEY" \ -d '{"query":"[email protected]","type":"email","limit":100}'

Stealer V2

Advanced stealer logs

NEW

Search through database with email, domain, password hash lookup and unlock features.

Email / Username Search

POST /stealer-v2/email

Search stealer logs by email address or username

Request Body (JSON)

{
  "query": "[email protected]",
  "is_email": true,
  "search": null,
  "page": 1,
  "page_size": 100,
  "auto_unlock": false
}

Parameters:

query- Email or username to search (required) is_email- true = email, false = username (optional) search- Filter keyword within results (optional) page- Page number, default: 1 page_size- Results per page, default: 100 auto_unlock- Auto-unlock all results (⚠️ consumes points), default: false

Domain Search

POST /stealer-v2/domain

Search stealer logs by domain (employees, customers, third parties)

Request Body (JSON)

{
  "query": "example.com",
  "leak_type": "employees",
  "search": null,
  "is_email": null,
  "page": 1,
  "page_size": 100,
  "auto_unlock": false
}

Parameters:

query- Domain to search (required) leak_type- Type of leak to search, default: employees search- Filter keyword within results (optional) is_email- Filter by email type (optional) page- Page number, default: 1 page_size- Results per page, default: 100 auto_unlock- Auto-unlock all results (⚠️ consumes points), default: false

Leak types available:

employees customers third_parties

Password Hash Search

POST /stealer-v2/password

Search by SHA-1 password hash prefix (5-40 hex chars) - FREE

Request Body (JSON)

{
  "query": "5baa6",
  "limit": 1000,
  "suffix_only": false
}

Parameters:

query- SHA-1 hash prefix, 5-40 hex characters (required) limit- Max results to return, default: 1000 suffix_only- Return only suffixes (k-anonymity), default: false

Unlock Leaks

POST /stealer-v2/unlock

Unlock leaks by their IDs to reveal full data - ⚠️ Consumes 1 point per leak

Request Body (JSON)

{
  "leak_ids": ["leak_123", "leak_456"],
  "target_list_id": null
}

Parameters:

leak_ids- Array of leak IDs to unlock, max 10,000 (required) target_list_id- Add unlocked leaks to a list (optional)

Global Statistics

GET /stealer-v2/stats?key={KEY}

Get global statistics (total leaks, databases, etc.) - FREE

Example cURL Requests:

Email Search

$ curl -X POST \
  "https://api.cfxdata.org/stealer-v2/email" \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_KEY" \
  -d '{"query":"[email protected]","is_email":true,"page":1,"page_size":100,"auto_unlock":false}'

Domain Search with Auto-Unlock

$ curl -X POST \
  "https://api.cfxdata.org/stealer-v2/domain" \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_KEY" \
  -d '{"query":"example.com","leak_type":"employees","auto_unlock":true}'

Unlock Leaks

$ curl -X POST \
  "https://api.cfxdata.org/stealer-v2/unlock" \
  -H "Content-Type: application/json" \
  -H "x-api-key: YOUR_KEY" \
  -d '{"leak_ids":["leak_123","leak_456"]}'

Breach2.bz (B2BZ)

Search 1.5B+ breach records

1.5B+ Records

Access comprehensive data breach records with multiple search types including email, phone, username, IP, Discord, personal information, and more.

Basic Identifiers

GET /b2bz/email/{email}

Search by email address

Example: /b2bz/email/[email protected]?key=YOUR_KEY
GET /b2bz/phone/{phone}

Search by phone number

Example: /b2bz/phone/+33612345678?key=YOUR_KEY
GET /b2bz/username/{username}

Search by username

Example: /b2bz/username/john_doe?key=YOUR_KEY
GET /b2bz/ip/{ip}

Search by IP address

Example: /b2bz/ip/192.168.1.1?key=YOUR_KEY
GET /b2bz/discord/{discord_id}

Search by Discord ID

Example: /b2bz/discord/123456789012345678?key=YOUR_KEY
GET /b2bz/uid/{uid}

Search by UID (User Identifier)

Example: /b2bz/uid/ABC123456?key=YOUR_KEY
GET /b2bz/displayname/{displayname}

Search by display name

Example: /b2bz/displayname/JohnDoe123?key=YOUR_KEY

Personal Information

GET /b2bz/name?firstName={firstName}&lastName={lastName}

Search by first name and/or last name

Example: /b2bz/name?firstName=John&lastName=Doe&key=YOUR_KEY
GET /b2bz/birthname/{birthname}

Search by birth name (maiden name)

Example: /b2bz/birthname/Smith?key=YOUR_KEY
GET /b2bz/birthdate?birthdate={birthdate}

Search by birthdate (also supports birthYear parameter)

Example: /b2bz/birthdate?birthdate=15/06/1990&key=YOUR_KEY
GET /b2bz/gender/{gender}

Search by gender

Example: /b2bz/gender/male?key=YOUR_KEY
GET /b2bz/bio/{bio}

Search by biography or profile description

Example: /b2bz/bio/developer?key=YOUR_KEY
GET /b2bz/ssn/{ssn}

⚠️ Search by Social Security Number (sensitive data)

Example: /b2bz/ssn/123-45-6789?key=YOUR_KEY

Location Searches

GET /b2bz/address?city={city}&postalCode={postalCode}

Search by address (supports: address, city, postalCode, country)

Example: /b2bz/address?city=Paris&postalCode=75001&key=YOUR_KEY
GET /b2bz/city/{city}

Search by city

Example: /b2bz/city/Paris?key=YOUR_KEY
GET /b2bz/postalcode/{postalcode}

Search by postal code / ZIP code

Example: /b2bz/postalcode/75001?key=YOUR_KEY
GET /b2bz/country/{country}

Search by country

Example: /b2bz/country/France?key=YOUR_KEY
GET /b2bz/birthcity/{birthcity}

Search by birth city

Example: /b2bz/birthcity/Lyon?key=YOUR_KEY
GET /b2bz/birthcountry/{birthcountry}

Search by birth country

Example: /b2bz/birthcountry/France?key=YOUR_KEY

Financial & Identity

GET /b2bz/iban/{iban}

Search by IBAN (International Bank Account Number)

Example: /b2bz/iban/FR7630006000011234567890189?key=YOUR_KEY
GET /b2bz/vin/{vin}

Search by VIN (Vehicle Identification Number)

Example: /b2bz/vin/1HGBH41JXMN109186?key=YOUR_KEY

Security

GET /b2bz/hashed-password/{hashedpassword}

Search by hashed password (MD5, SHA1, SHA256, etc.)

Example: /b2bz/hashed-password/5f4dcc3b5aa765d61d8327deb882cf99?key=YOUR_KEY

Response Example:

{
  "success": true,
  "total": 1,
  "results": [{
    "email": ["[email protected]"],
    "first_name": "John",
    "last_name": "Doe",
    "phone": ["+33612345678"],
    "city": "Paris",
    "country": "France",
    "source": "breach_name"
  }],
  "provider": "cfxdata.org"
}

BreachVIP

Search breach.vip database (15 req/min limit)

GET
GET /breachvip/search?term={term}&fields={fields}&key={KEY}
term- Search term (required) fields- Comma-separated: email,phone,username,ip,discordid,steamid,etc.
Example: /breachvip/[email protected]&fields=email&key=YOUR_KEY

Valid fields:

name email phone password discordid ip username uuid domain steamid

Rate limit: 15 requests per minute

Breachbase

Direct access to breachbase.com database

GET POST
GET /breachbase?type={type}&query={query}&key={KEY}
type- Search type (optional, auto-detected) query- Search term (required) page- Pagination (optional, default: 1)
Example: /[email protected]&key=YOUR_KEY
With type: /breachbase?type=username&query=john123&key=YOUR_KEY
POST /breachbase/bulk
type- Search type (required) queries- Array of searches (max 100) page- Pagination (optional)
POST body: 
{
  "type": "email",
  "queries": ["[email protected]", "[email protected]"],
  "page": 1
}
cURL example: 
curl -X POST https://api.cfxdata.org/breachbase/bulk \
  -H "x-api-key: YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"type":"email","queries":["[email protected]"]}'

Available types:

email username ip phone name password

Auto-detection (GET only):

• Contains @ → email

• IP format → ip

• Only digits (7-15) → phone

• Letters/numbers/underscore → username

Each page returns 100 results

Bulk requests support up to 100 queries

Minecraft

Minecraft breach database & social lookups

POST
POST /minecraft/breach
query- Search value (username, email, IP, etc.) type- username, email, ip, password, uuid
POST body: 
{"query": "Notch", "type": "username"}
Alternative (GET): /minecraft/breach?query=Notch&type=username&key=YOUR_KEY
POST /minecraft/social
username- Minecraft username
POST body: 
{"username": "Notch"}
Alternative (GET): /minecraft/social?username=Notch&key=YOUR_KEY

Search types for /minecraft/breach:

username email ip password uuid

Returns linked social accounts (Twitter, YouTube, Discord)

OSINTCat NEW

Multi-platform OSINT intelligence

GET
GET/osintcat/breach?query={email}&key={KEY}

Search data breaches and compilations

query- Email or username
GET/osintcat/roblox?query={username}&key={KEY}

Get Roblox user profile and stats

query- Roblox username
GET/osintcat/discord-to-roblox?query={discord_id}&key={KEY}

Find linked Roblox account from Discord ID

query- Discord User ID (18 digits)
GET/osintcat/twitter?query={username}&key={KEY}

Get Twitter/X profile information and stats

query- Twitter username (without @)
GET/osintcat/user?query={username}&key={KEY}

Search username across TikTok, Twitter, Instagram, Xbox, and leak databases

query- Username to search
GET/osintcat/database?query={term}&key={KEY}

Search global breach databases

query- Search term (email, username, keyword)
Cfxdata Services

FiveM

Player database & server lookup

GET
GET /fivem/lookup?query={query}&key={KEY}

Search FiveM players by username, Discord, Steam, IP, License, Xbox, Live, FiveM ID

query- Search term page- Page number (optional) limit- Max 100 (optional)
GET /fivem-dump/{serverId}?key={KEY}

Get FiveM server info (players, resources, hostname, IP)

serverId- Server ID (e.g. y4lg95)

IPinfo

IP geolocation & ASN

GET
GET/ipinfo?ip={ip}&key={KEY}

Discord

User lookup & username history

GET
GET /discord/lookup?query={query}&key={KEY}

Discord History

Username/Avatar/Display name tracking

GET
GET /discord/history?user_id={user_id}&key={KEY}

Get complete history of username, avatar, and display name changes for a Discord user (tracked in real-time by our bot)

user_id- Discord User ID

Discord Stalker

Real-time Discord user activity tracking

POST
POST /stalker/create?key={KEY}

Create a new Discord stalk (costs 30 credits)

user_id- Discord User ID (17-19 digits) webhook_url- Discord webhook URL events- Array: message, username, avatar, etc.
GET /stalker/list?key={KEY}

List all your active stalks (free)

GET /stalker/{stalk_id}?key={KEY}

Get stalk details (free)

DELETE /stalker/{stalk_id}?key={KEY}

Delete a stalk (free)

Trackable Events

message, username, display, avatar, banner, 
status, activity, voice_join, voice_leave, custom_status

GitHub

User info & commit emails extraction

GET
GET /github?username={username}&key={KEY}

Get GitHub user profile information

username- GitHub username
GET /github/events?username={username}&key={KEY}

Get user events + extract emails from commits

username- GitHub username

Medal.tv

Gaming clips & user profiles

GET
GET /medal/user?username={username}&key={KEY}

Get Medal.tv user by username

username- Medal.tv username
GET /medal/user?userId={userId}&key={KEY}

Get Medal.tv user by ID

userId- Medal.tv user ID

TikTok

User profile & statistics

GET
GET /tiktok?username={username}&key={KEY}

Get TikTok user profile, stats, avatar, bio, followers, videos count

username- TikTok username (with or without @)

Example Response

{
  "success": true,
  "username": "username",
  "display_name": "Display Name",
  "avatar": "https://...",
  "signature": "Bio text",
  "verified": false,
  "private": false,
  "followers": 12345,
  "following": 678,
  "total_likes": 98765,
  "total_videos": 42,
  "profile_link": "https://www.tiktok.com/@username"
}
GET /tiktok/check?identifier={identifier}&key={KEY}

Check if email/phone/username exists on TikTok (leaks partial contact via password reset)

identifier- Email, phone, or username

Telegram

User lookup, message scraping & channel monitoring

GET
GET /telegram/user?username={username}&key={KEY}

Get Telegram user info (ID, username, name, photo, bio)

username- Telegram username (with or without @)
GET /telegram/user?user_id={user_id}&key={KEY}

Get Telegram user by ID

user_id- Telegram user ID (numeric)
GET /telegram/history?username={username}&key={KEY}

Get user message history with timestamps, media, and metadata

username- Telegram username offset- Pagination offset (optional)

Example Response

{
  "success": true,
  "user": {
    "id": 123456789,
    "username": "example_user",
    "first_name": "John",
    "last_name": "Doe",
    "phone": "+1234567890",
    "bio": "User biography",
    "photo": "https://...",
    "verified": false,
    "scam": false
  },
  "messages": [{
    "id": 12345,
    "text": "Message content",
    "date": "2026-02-01T00:00:00Z",
    "media": null,
    "views": 100,
    "forwards": 5
  }]
}

Steam Lookup

GET
GET /steam?steam_id={steam_id}&key={KEY}

Get public Steam profile information using SteamID64

Example: /steam?steam_id=76561198000000000&key=YOUR_KEY

Steam Friends Network

Map Steam friend connections

GET
GET /steam/network?steamid={steamid}&key={KEY}

Get complete Steam friends network map up to 2 levels deep (no API key needed for Steam, uses public XML API)

steamid- Steam ID64 (e.g. 76561198000000000) max_level- Optional: 1-2 (default: 2) max_friends- Optional: Max friends per level (default: 50)
Infrastructure

Shodan

Internet-wide scanning

GET
GET/shodan/host?ip={ip}&key={KEY}

Host information

GET/shodan/search?query={query}&key={KEY}

Search Shodan

DNS Lookup

Complete DNS records

GET
GET/dns-lookup?domain={domain}&key={KEY}
domain- example.com

Returns A, AAAA, MX, TXT, NS, CNAME, SOA records

WHOIS

Domain information

GET
GET/whois?domain={domain}&key={KEY}
domain- example.com
Social & Identity

Reddit Lookup

Reddit user information and activity

GET
GET /reddit?query={username}&key={KEY}

Get Reddit user profile and activity information

Example: /reddit?query=spez&key=YOUR_KEY

Email OSINT

Comprehensive email intelligence

GET
GET /email-osint?query={email}&key={KEY}

Comprehensive email intelligence gathering and breach checking

Example: /[email protected]&key=YOUR_KEY

Username Lookup

Search username across platforms

GET
GET /username?query={username}&key={KEY}

Search for username across multiple social platforms

Example: /username?query=johndoe&key=YOUR_KEY

Gravatar

Email to profile photo & info

GET
GET /gravatar/email?email={email}&key={KEY}

Get Gravatar profile photo, name, social accounts from email (returns full profile info, avatar URLs in multiple sizes)

email- Email address
Other

Error Handling

HTTP status codes

200SuccessRequest completed
400Bad RequestInvalid parameters
401UnauthorizedInvalid API key
403ForbiddenKey revoked
429Rate LimitedLimit exceeded
500Server ErrorInternal error