Retrieve sources for a keyword leak by hash

Retrieve paginated leak details matching the organization's active keywords. Returns the **same format** as `/leaks/details` (paginated response), with an additional `matched_keyword` field indicating which keyword matched each row. Searches `leaks_history` for rows where `hasToken(host, keyword)` is true for any active keyword, excluding the org's own monitored root domains. If the organization has no active keywords, returns an empty paginated response. **Parameters:** | Parameter | Default | Description | |-----------|---------|-------------| | `page` | 1 | Page number | | `page_size` | 50 | Items per page (max 200) | | `search` | - | Full-text search across username, host, domain, root_domain | | `sort_by` | `last_seen` | Sort order: `last_seen` (most recent first) | | `start_date` / `end_date` | last 14 days | Date range filter | Plus all standard DynamicFilters. **Response Format:** ```json { "data": [ { "username": "user@example.com", "password": "p****d", "type": "Stealer", "last_seen": "2026-03-15T10:30:00", "host": "acme-corp-recrute.talent-soft.com", "domain": "acme-corp-recrute.talent-soft.com", "local_part": "user", "protocol": "https", "email_domain": "example.com", "root_domain": "talent-soft.com", "log_date": "2026-03-10T08:00:00", "country": "FR", "software": "chrome, profile: 0", "stealer_name": "RedLine", "hash": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4", "machine_id": "DESKTOP-ABC1234", "computer_name": "LAPTOP-XYZ", "hardware_id": "hwid-1234-5678", "machine_user": "john.doe", "ip_address": "192.168.1.10", "upload_date": "2026-03-14T12:00:00", "source_count": 1, "matched_keyword": "acme-corp" } ], "total": 12345, "page": 1, "page_size": 50, "total_pages": 247 } ``` **Examples:** ```bash # Basic paginated request GET /leaks/keyword/search?page=1&page_size=50 # With search filter GET /leaks/keyword/search?search=admin&page=1&page_size=50 # With date range GET /leaks/keyword/search?start_date=2026-03-01&end_date=2026-03-28 ```