[BUG] HudsonRock analyzer endpoints return 404 — analyzer non-functional

[juandiego-bmu]

What happened

All three endpoints called by api_app/analyzers_manager/observable_analyzers/hudsonrock.py return HTTP 404 from HudsonRock's backend. The analyzer cannot complete a successful run against the live service.

Reproduction

curl -X POST -H "Content-Type: application/json" -H "api-key: ANY_KEY" \
     -d '{"ip":"1.1.1.1"}' \
     "https://cavalier.hudsonrock.com/api/json/v2/search-by-ip"
# HTTP/2 404 - "Cannot POST /api/json/v2/search-by-ip"

Same 404 for /search-by-domain and /search-by-login. Verified with multiple User-Agents (browser, default, "IntelOwl"). Response headers include x-powered-by: Express, confirming the backend itself is replying — not a Cloudflare/proxy error.

Result: when an IntelOwl user runs the HudsonRock analyzer, response.raise_for_status() (line 116 of hudsonrock.py) raises HTTPError: 404 Client Error and the analyzer reports failure for every input.

Apparent current API

A different free endpoint set does work:

curl "https://cavalier.hudsonrock.com/api/json/v2/osint-tools/search-by-ip?ip=1.1.1.1"
# HTTP 200 with real JSON data

Differences vs current code: GET instead of POST, osint-tools/ path prefix, query string instead of JSON body, no API key required. The parameters currently passed by the analyzer (installed_software, compromised_since, filtered, third_party_domains, page, etc.) do not appear in either the free osint-tools endpoints or in the documented paid Cavalier API (docs.hudsonrock.com, which uses a wholly different parameter set — additional_fields array, cursor pagination, etc.).

Possible directions

1. Migrate to the free OSINT tools endpoints (drops API key requirement and most current params).
2. Migrate to the documented paid Cavalier API (different parameter model entirely).
3. Deprecate the analyzer.

Happy to submit a PR once the preferred direction is confirmed.

Environment

• Branch: latest master / develop
• Verified: 2026-04-26

[mlodic]

you need to provide proof of the error with a screenshot from a working intelowl installation

[juandiego-bmu]

Proof from a working IntelOwl v6.6.1 install (fresh Docker deploy on latest master). Configured the HudsonRock analyzer with a dummy api-key and ran it on one observable per supported type. All three endpoints return 404:

IP 1.1.1.1 → 404 Client Error: Not Found for url: https://cavalier.hudsonrock.com/api/json/v2/search-by-ip.
domain example.com → 404 Client Error: Not Found for url: https://cavalier.hudsonrock.com/api/json/v2/search-by-domain.
email test@example.com (generic) → 404 Client Error: Not Found for url: https://cavalier.hudsonrock.com/api/json/v2/search-by-login

Screenshots of each Full Report tab attached. The 404 doesn't depend on the api-key value; HudsonRock's Express backend doesn't expose these routes. Can open a PR once you tell me the direction (free OSINT tools endpoints, paid Cavalier API, or deprecate).