API reference synced to the live dashboard module surface

Developer docs with the same modules, finally.

API v2 now tracks the current dashboard search modules, exposes their real option sets, and documents the publishable surface in one place. Combined Search remains a dashboard workflow built on top of these endpoints rather than a standalone public v2 path.

28Published API v2 endpoints
24Dashboard-backed modules documented
2Published endpoint aliases

Overview

Ship against one base URL, not guesswork.

Every module below accepts both GET and POST. Use a bearer token with JSON, or send the key in the X-API-Key header.

Base URL

Route every request through the single v2 entrypoint and choose a module with the path parameter.

https://www.stolen.tax/api/v2/index.php

Auth

Preferred: Authorization: Bearer <api_key>. Also supported: X-API-Key.

Bearer YOUR_API_KEY_HERE

Request Model

Use POST with JSON for stable integrations. Endpoint-specific parameters also accept their legacy generic aliases where documented.

GET + POST supported

Publish Notes

Dashboard-only utilities like Combined Search are orchestration layers over the endpoints below. API-only modules such as Shodan are still documented here alongside the live dashboard-backed surface.

Dashboard + API modules

Endpoint Index

Pick a module, then go straight to code.

Each tile links to a full parameter reference and a ready-to-run cURL example.

Dashboard Modules

OsintCat osintcat
Dashboard-backed

OsintCat breach and database-search endpoint.

OsintCat Footprint osintcat-footprint
Dashboard-backed Alias: osintcat_footprint

OsintCat email and username footprint checks.

Snusbase snusbase
Dashboard-backed

Auto-detected breach lookup through Snusbase.

Eye-All eyeall
Dashboard-backed

Eye-All auto-detected search.

Reconly reconly
Dashboard-backed

Reconly search with the full mode selector from the dashboard.

IntelX intelx
Dashboard-backed IntelX gated

IntelX SystemID lookup with provider selection.

IntelBase intelbase
Dashboard-backed

IntelBase family endpoint with the dashboard modes plus extended IntelBase functions.

Inf0sec inf0sec
Dashboard-backed

Inf0sec with the full dashboard module list, including Discord.

Cypher Dynamics stealerlogs
Dashboard-backed Alias: cypher

Cypher Dynamics / stealer logs lookup with dashboard and extended categories.

LeakOSINT leakosint
Dashboard-backed

LeakOSINT lookup with provider-side auto-detection.

Akula akula
Dashboard-backed

Akula enrichment lookup.

SeekNow seeknow
Dashboard-backed

SeekNow lookup with auto-detect or explicit type selection.

LeakSight leaksight
Dashboard-backed

LeakSight with dashboard types plus extended upstream modes.

OsintDog osintdog
Dashboard-backed

OsintDog lookup with provider-side email/username/IP detection.

BreachBase breachbase
Dashboard-backed

BreachBase credential lookup via osintdog.com/api/breachbase. Supports email and username searches.

IntelVault intelvault
Dashboard-backed

IntelVault breach and stealer-log search via osintdog.com/api/intelvault.

HackCheck hackcheck
Dashboard-backed

HackCheck lookup with explicit or inferred category.

BreachDirectory breachdirectory
Dashboard-backed

BreachDirectory lookup with explicit or inferred type.

LeakCheck V2 leakcheck
Dashboard-backed

LeakCheck Pro API v2 breach search by email, username, phone, or keyword.

SEON seon
Dashboard-backed

SEON email enrichment with risk scoring, domain intelligence, account aggregates, and breach history.

xOsint xosint
Dashboard-backed

xOsint search.

Hudson Rock hudsonrock
Dashboard-backed

Hudson Rock infostealer exposure lookup.

AntiPublic antipublic
Dashboard-backed

AntiPublic email-only credential leak search.

BreachVIP breachvip
Dashboard-backed

BreachVIP search with explicit field selection, forced wildcard matching, and case-insensitive lookup.

Reference

Endpoint cards with the real function surface.

OsintCat

OsintCat breach and database-search endpoint.

Dashboard-backed
osintcat GET / POST
/api/v2/index.php?path=osintcat

Parameters

queryRequired

Search term passed to OsintCat.

osintcat_modeOptional

OsintCat function to run.

Aliases: mode

Default: breach

Available values

BreachDatabase Search · database-search

Notes

Matches the dashboard OsintCat mode selector.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=osintcat" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "osintcat_mode": "breach"
}'

OsintCat Footprint

OsintCat email and username footprint checks.

Dashboard-backed
osintcat-footprint GET / POST osintcat_footprint
/api/v2/index.php?path=osintcat-footprint

Parameters

queryRequired

Email address or username to footprint.

footprint_typeOptional

Footprint endpoint to run.

Aliases: osintcat_footprint_type, mode

Default: auto

Available values

EmailUsername

Notes

Runs email-footprint for email mode and user-footprint for username mode.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=osintcat-footprint" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "footprint_type": "email"
}'

Snusbase

Auto-detected breach lookup through Snusbase.

Dashboard-backed
snusbase GET / POST
/api/v2/index.php?path=snusbase

Parameters

queryRequired

Email, username, domain, password, or IP.

Notes

Queries Snusbase /data/search once using all supported search types: email, username, lastip, password, hash, name, and _domain.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=snusbase" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]"
}'

OsintBat

OsintBat lookup with the full upstream function list.

API-only
osintbat GET / POST
/api/v2/index.php?path=osintbat

Parameters

queryRequired

Search term for the selected OsintBat function.

osintbat_moduleOptional

Selects the OsintBat function.

Aliases: module

Default: database-breach

Available values

Database Breach · database-breachEmail Breach · email-breachUsername Breach · username-breachPhone Breach · phone-breachFacebook Breach · facebook-breachPhone OSINT · phone-osintIP Intelligence · ipDNSGitHub OSINT · github-osintTwitter/X OSINT · twitter-osintDiscordRobloxMinecraft

Notes

Available via API only; not surfaced in the dashboard module picker.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=osintbat" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "osintbat_module": "email-breach"
}'

Eye-All

Eye-All auto-detected search.

Dashboard-backed
eyeall GET / POST
/api/v2/index.php?path=eyeall

Parameters

queryRequired

Email, username, domain, IP, or free-form term.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=eyeall" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]"
}'

NoSINT

NoSINT search with explicit or inferred lookup type.

API-only
nosint GET / POST
/api/v2/index.php?path=nosint

Parameters

queryRequired

Value to search in NoSINT.

nosint_typeOptional

Overrides auto-detection for NoSINT.

Aliases: type_value, type

Available values

EmailUsernamePhoneIP Geolocation · ip

Notes

Non-IP NoSINT responses may be normalized from an upstream event stream.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=nosint" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "nosint_type": "email"
}'

Reconly

Reconly search with the full mode selector from the dashboard.

Dashboard-backed
reconly GET / POST
/api/v2/index.php?path=reconly

Parameters

queryRequired

Lookup value for the chosen Reconly mode.

reconly_modeOptional

Reconly function to run.

Aliases: mode

Available values

Auto Detect · autoDiscordDiscord Leak · discord-leakDiscord Lookup · discord-lookupDiscord Search · discord-searchDC Turkiye · dcturkiyeFiveMGitHubLeakCheckOwOBotPinterest

Notes

If you omit the mode, API v2 uses the same auto-detection rules as the dashboard.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=reconly" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "octocat",
    "reconly_mode": "github"
}'

IntelX

IntelX SystemID lookup with provider selection.

Dashboard-backed IntelX gated
intelx GET / POST
/api/v2/index.php?path=intelx

Parameters

queryRequired

IntelX SystemID UUID.

intelx_providerOptional

IntelX upstream provider.

Aliases: provider

Default: provider1

Available values

Provider 1 · provider1Provider 2 · provider2

Notes

The endpoint is only returned for API keys with IntelX access enabled.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=intelx" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "06c4a463-3de7-4cc7-9ed8-cb63497919b2",
    "intelx_provider": "provider1"
}'

IntelBase

IntelBase family endpoint with the dashboard modes plus extended IntelBase functions.

Dashboard-backed
intelbase GET / POST
/api/v2/index.php?path=intelbase

Parameters

queryRequired

Lookup value for the selected IntelBase function.

intelbase_moduleOptional

Selects the IntelBase family function to execute.

Aliases: module

Default: search_auto

Dashboard Search

Auto Detect · search_autoEmail · search_emailUsername · search_usernameIP Address · search_ipDomain · search_domainPassword · search_passwordName · search_nameHash · search_hash

Identity & Social

PhoneEmail Check · email_checkIP Lookup · ip_lookupGitHubRoblox Username · roblox_usernameRedditVINCourt

Bridges & Enrichment

LeakCheck Auto · leakcheck_autoDoxbin Auto · doxbin_autoHackCheck Email · hackcheck_emailHackCheck Username · hackcheck_usernameHackCheck IP · hackcheck_ipSEON Email · seon_emailSEON Phone · seon_phoneAkulaLeakSightLeakOSINTBreachVIP Email · breachvip_emailBreachVIP Password · breachvip_password

BMW

BMW Chassis · bmw_chassisBMW Registration · bmw_registrationBMW Name · bmw_nameBMW Mobile · bmw_mobile

Unified

Unified Email · unified_emailUnified Username · unified_usernameUnified IP · unified_ipUnified Phone · unified_phone

Structured

NPD

Notes

NPD requests require key=value filters in the query string or JSON string, for example first_name=John&last_name=Doe&state=CA.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=intelbase" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "intelbase_module": "search_email"
}'

Inf0sec

Inf0sec with the full dashboard module list, including Discord.

Dashboard-backed
inf0sec GET / POST
/api/v2/index.php?path=inf0sec

Parameters

queryRequired

Lookup value for the selected Inf0sec module.

inf0sec_moduleOptional

Selects the Inf0sec module.

Aliases: module

Default: leaks

Available values

LeaksDiscordNPDDomainUsernameHLRCFX

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=inf0sec" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "inf0sec_module": "leaks"
}'

Cypher Dynamics

Cypher Dynamics / stealer logs lookup with dashboard and extended categories.

Dashboard-backed
stealerlogs GET / POST cypher
/api/v2/index.php?path=stealerlogs

Parameters

queryRequired

Lookup value for the selected Cypher Dynamics category.

cypherdynamics_categoryOptional

Selects the Cypher Dynamics category.

Aliases: category

Dashboard Categories

EmailUsernamePasswordEmail:Password · email_passIP Address · ipDomainURL

Extended Categories

ASNHostnameUUIDWalletPhoneHashCookieTokenTelegramForumDarkweb

Notes

You can call this path as either stealerlogs or cypher.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=stealerlogs" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "cypherdynamics_category": "email"
}'

LeakOSINT

LeakOSINT lookup with provider-side auto-detection.

Dashboard-backed
leakosint GET / POST
/api/v2/index.php?path=leakosint

Parameters

queryRequired

Email, username, phone, domain, or IP.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=leakosint" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]"
}'

Akula

Akula enrichment lookup.

Dashboard-backed
akula GET / POST
/api/v2/index.php?path=akula

Parameters

queryRequired

Lookup term passed to Akula.

Notes

The current upstream request is sent in email lookup mode.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=akula" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]"
}'

SeekNow

SeekNow lookup with auto-detect or explicit type selection.

Dashboard-backed
seeknow GET / POST
/api/v2/index.php?path=seeknow

Parameters

queryRequired

Email, username, phone, IP, domain, name, hash, or URL.

seeknow_typeOptional

Forces the SeekNow query type instead of auto-detection.

Aliases: type_value

Default: auto

Available values

EmailUsernamePhoneIPDomainNameHashURL

Notes

Leave seeknow_type unset for auto-detect; supply one of email, username, phone, ip, domain, name, hash, url to force a type.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=seeknow" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "seeknow_type": "email"
}'

LeakSight

LeakSight with dashboard types plus extended upstream modes.

Dashboard-backed
leaksight GET / POST
/api/v2/index.php?path=leaksight

Parameters

queryRequired

Lookup value for the selected LeakSight type.

leaksight_typeOptional

Selects the LeakSight search type.

Aliases: type

Dashboard Types

Username / Email · usernameURLDomain · search_url_all_databasePasswordPhone · numberIP Address · ip

Extended Types

URL 2 · url2Subdomain Search · subdomainsearchSubdomains · subdmainsDomain Mapper · domainmapperIP Geo · ipgeoSubnetHWIDProxy Detect · proxydetectPort Scan · portscamTwitterNameCPFSearch String · searchstring

Notes

If you omit the type, API v2 infers it from the query value.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=leaksight" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "leaksight_type": "username"
}'

OsintDog

OsintDog lookup with provider-side email/username/IP detection.

Dashboard-backed
osintdog GET / POST
/api/v2/index.php?path=osintdog

Parameters

queryRequired

Email, username, or IP.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=osintdog" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]"
}'

BreachBase

BreachBase credential lookup via osintdog.com/api/breachbase. Supports email and username searches.

Dashboard-backed
breachbase GET / POST
/api/v2/index.php?path=breachbase

Parameters

queryRequired

Email or username to search.

breachbase_typeOptional

Overrides BreachBase search type auto-detection.

Aliases: search_type, type

Available values

EmailUsername

Notes

If you omit the type, API v2 infers email from the query value (falls back to username).

Returns breach credentials including email, username, password, and origin (source dataset).

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=breachbase" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "breachbase_type": "email"
}'

IntelVault

IntelVault breach and stealer-log search via osintdog.com/api/intelvault.

Dashboard-backed
intelvault GET / POST
/api/v2/index.php?path=intelvault

Parameters

queryRequired

Search term for breaches or stealer logs.

intelbase_moduleOptional

IntelVault mode. Use stealer-logs or breaches_<field> (e.g. breaches_email).

Aliases: module

Available values

Stealer Logs · stealer-logsBreaches Email · breaches_emailBreaches Username · breaches_usernameBreaches Password · breaches_passwordBreaches Phone · breaches_phoneBreaches Domain · breaches_domainBreaches IP · breaches_ipBreaches Hash · breaches_hash
intelvault_fieldOptional

Breach field when intelbase_module is breaches (without suffix).

Aliases: field, breach_field

Available values

EmailUsernamePasswordPhoneDomainIP Address · ipHash

Notes

Upstream is OsintDog IntelVault (POST https://osintdog.com/api/intelvault).

Breaches mode sends { type: "breaches", field: [{field: query}], useWildcard: true }.

Stealer-logs mode sends { type: "stealer-logs", query: "..." } and requires 4+ characters.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=intelvault" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "intelbase_module": "breaches_email"
}'

HackCheck

HackCheck lookup with explicit or inferred category.

Dashboard-backed
hackcheck GET / POST
/api/v2/index.php?path=hackcheck

Parameters

queryRequired

Email, username, or password.

hackcheck_categoryOptional

Overrides HackCheck category auto-detection.

Aliases: category

Available values

EmailUsernamePassword

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=hackcheck" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "hackcheck_category": "email"
}'

BreachDirectory

BreachDirectory lookup with explicit or inferred type.

Dashboard-backed
breachdirectory GET / POST
/api/v2/index.php?path=breachdirectory

Parameters

queryRequired

Email, username, or IP.

breachdirectory_typeOptional

Overrides BreachDirectory type auto-detection.

Aliases: type

Available values

EmailUsernameIP Address · ip

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=breachdirectory" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "breachdirectory_type": "email"
}'

LeakCheck V2

LeakCheck Pro API v2 breach search by email, username, phone, or keyword.

Dashboard-backed
leakcheck GET / POST
/api/v2/index.php?path=leakcheck

Parameters

queryRequired

Email address, username, phone number, or keyword (3+ characters).

leakcheck_typeOptional

Overrides LeakCheck search type auto-detection.

Aliases: type

Available values

EmailUsernamePhoneKeyword
leakcheck_limitOptional

Maximum rows to return (1-1000).

Aliases: limit

leakcheck_offsetOptional

Result offset for pagination (0-2500).

Aliases: offset

Notes

Upstream is LeakCheck Pro API v2 (https://leakcheck.io/api/v2/query/{query}).

Plan-limited to email, username, phone, and keyword searches.

Type is auto-inferred from the query when leakcheck_type is omitted.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=leakcheck" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "leakcheck_type": "email"
}'

SEON

SEON email enrichment with risk scoring, domain intelligence, account aggregates, and breach history.

Dashboard-backed
seon GET / POST
/api/v2/index.php?path=seon

Parameters

queryRequired

Email address to enrich.

Notes

Email-only enrichment. Upstream is SEON Email API v3.

Returns risk score, deliverability, domain WHOIS, social/account aggregates, and breach history.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=seon" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]"
}'

Infodra

Infodra lookup with inferred category.

API-only
infodra GET / POST
/api/v2/index.php?path=infodra

Parameters

queryRequired

Email, username, or domain.

Notes

API v2 infers domain or login mode from the query.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=infodra" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "example.com"
}'

xOsint

xOsint search.

Dashboard-backed
xosint GET / POST
/api/v2/index.php?path=xosint

Parameters

queryRequired

Email, username, phone, or domain.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=xosint" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]"
}'

Hudson Rock

Hudson Rock infostealer exposure lookup.

Dashboard-backed
hudsonrock GET / POST
/api/v2/index.php?path=hudsonrock

Parameters

queryRequired

Email address to search.

Notes

Current upstream flow is email-only.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=hudsonrock" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]"
}'

AntiPublic

AntiPublic email-only credential leak search.

Dashboard-backed
antipublic GET / POST
/api/v2/index.php?path=antipublic

Parameters

queryRequired

Email address to search in AntiPublic.

Notes

AntiPublic only supports email lookups. Results are returned as email:password pairs.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=antipublic" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]"
}'

BreachVIP

BreachVIP search with explicit field selection, forced wildcard matching, and case-insensitive lookup.

Dashboard-backed
breachvip GET / POST
/api/v2/index.php?path=breachvip

Parameters

queryRequired

Search term for the selected BreachVIP field set.

breachvip_fieldsOptional

Single field, comma-separated list, or JSON array of BreachVIP fields. Supports dashboard-style single-field requests and API-style multi-field requests.

Aliases: fields, breachvip_field, field

Available values

EmailUsernamePasswordPhone

Notes

This endpoint matches the dashboard picker and combined search.

The Stolen integration always sends wildcard=true and case_sensitive=false to BreachVIP.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=breachvip" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "[email protected]",
    "breachvip_fields": [
        "email"
    ]
}'

Shodan

Shodan host lookup.

API-only
shodan GET / POST
/api/v2/index.php?path=shodan

Parameters

queryRequired

IP address to submit to Shodan.

Notes

Published in API v2 even though it is not part of the current dashboard module picker.

Example

curl -X POST "https://www.stolen.tax/api/v2/index.php?path=shodan" \
  -H "Authorization: Bearer YOUR_API_KEY_HERE" \
  -H "Content-Type: application/json" \
  -d '{
    "query": "8.8.8.8"
}'