Skip to main content
GET
/
service
/
v2
/
victims
/
{log_id}
Get Victim Manifest (File Tree)
curl --request GET \
  --url https://oathnet.org/api/service/v2/victims/{log_id} \
  --header 'x-api-key: <api-key>'
{
  "success": true,
  "message": "<string>",
  "data": {
    "log_id": "<string>",
    "log_name": "<string>",
    "victim_tree": {
      "id": "<string>",
      "name": "<string>",
      "type": "file",
      "size_bytes": 123,
      "children": "<array>"
    },
    "_meta": {
      "user": {
        "plan": "Pro",
        "plan_type": "pro",
        "is_plan_active": true
      },
      "lookups": {
        "used_today": 5,
        "left_today": 995,
        "daily_limit": 1000,
        "is_unlimited": false
      },
      "service": {
        "name": "Service Name",
        "id": "service-id",
        "category": "general",
        "is_premium": false,
        "is_available": true,
        "session_quota": 10
      },
      "performance": {
        "duration_ms": 111.47,
        "timestamp": "2026-01-06T00:44:08.191547"
      }
    }
  }
}

What is a Victim Manifest?

A victim manifest is the complete profile of an infected device, including:
  • System information (OS, hardware)
  • All files captured by the stealer
  • Credentials, cookies, tokens
  • Browser history and autofill data

Understanding log_id

The log_id is a unique identifier for a specific victim’s stealer log. You get this from: 
# Get log_id from stealer search
results = search_stealer("[email protected]")
log_id = results["items"][0]["log_id"]

# Use log_id to get full manifest
manifest = requests.get(
    f"https://oathnet.org/api/service/v2/victims/{log_id}",
    headers={"x-api-key": API_KEY}
).json()

Manifest Contents

The manifest includes a file tree of everything captured: 
{
  "log_id": "abc123def456",
  "system_info": {
    "os": "Windows 10",
    "computer_name": "DESKTOP-ABC123",
    "username": "victim_user"
  },
  "files": [
    {
      "file_id": "f1",
      "path": "Passwords/Chrome.txt",
      "size": 1024,
      "type": "passwords"
    },
    {
      "file_id": "f2",
      "path": "Cookies/Discord.txt",
      "size": 2048,
      "type": "cookies"
    }
  ],
  "summary": {
    "total_files": 150,
    "passwords_count": 45,
    "cookies_count": 80
  }
}

Accessing File Contents

Use the file_id from the manifest to get file contents: 
# Get specific file content
file_content = requests.get(
    f"https://oathnet.org/api/service/v2/victims/{log_id}/files/{file_id}",
    headers={"x-api-key": API_KEY}
).json()
See Get File Content for details.

Authorizations

x-api-key
string
header
required

API key for authentication (lowercase header name)

Path Parameters

log_id
string
required

Response

Victim manifest

success
boolean
message
string
data
object