Documentation Index
Fetch the complete documentation index at: https://api.docs.flare.io/llms.txt
Use this file to discover all available pages before exploring further.
The stealer_log (also observed as bot in some indices) represents a record of a compromised device whose credentials and browsing data were harvested by an information stealer malware (such as RedLine, Raccoon, or Vidar).
These entries originate from dark-web marketplaces (for example, “Russian Market”) where attackers sell logs containing cookies, saved passwords, and session tokens from infected machines.
Each document corresponds to a single device or “bot,” with metadata describing where and when it was first seen, its environment (OS, IP, ISP), and the websites and services discovered in its data.
{
"event_type": "stealer_log",
"data": {
"victim_information": {
"ip_address": "127.0.0.1",
"ip_network": "127.0.0.0/8",
"username": "admin",
"country_code": "USA",
"zip_code": null,
"location": null,
"hwid": null,
"current_language": "en-US",
"screensize_width": 1920,
"screensize_height": 1080,
"timezone": "UTC+7",
"os": "Windows 10 22H2 Pro (Build 19045) (64 Bit)",
"uac": null,
"process_elevation": false,
"available_keyboards": [
"en-US"
],
"hardware": [
"CPU: Intel(R) Core(TM) i3-10105F CPU @ 3.70GHz (4 cores, 8 threads)",
"RAM: 31.92 GB",
"HOSTNAME: DESKTOP-123456"
],
"anti_viruses": [
"Windows Defender",
"Avast Antivirus"
]
},
"malware_information": {
"malware_family": "Lumastealer",
"build_id": "1234567890",
"file_location": "C:\\Windows\\System32\\malware.exe",
"infected_at": "2025-01-01T00:00:00"
}
},
"metadata": {
"estimated_created_at": "2025-01-01T00:00:00",
"flare_url": "https://app.flare.io/#/uid",
"matched_at": null,
"severity": "info",
"uid": "index/source/id"
}
}
