diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py
index e40e844..a9389e0 100644
--- a/misp_modules/modules/expansion/__init__.py
+++ b/misp_modules/modules/expansion/__init__.py
@@ -1,6 +1,3 @@
 from . import _vmray
 
-__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl',
-           'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache',
-           'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx',
-           'threatcrowd', 'vulndb', 'crowdstrike_falcon','yara_syntax_validator']
+__all__ = ['vmray_submit', 'asn_history', 'circl_passivedns', 'circl_passivessl', 'countrycode', 'cve', 'dns', 'domaintools', 'eupi', 'farsight_passivedns', 'ipasn', 'passivetotal', 'sourcecache', 'virustotal', 'whois', 'shodan', 'reversedns', 'geoip_country', 'wiki', 'iprep', 'threatminer', 'otx', 'threatcrowd', 'vulndb', 'crowdstrike_falcon', 'yara_syntax_validator', 'hashdd']
diff --git a/misp_modules/modules/expansion/hashdd.py b/misp_modules/modules/expansion/hashdd.py
new file mode 100755
index 0000000..beeaf8e
--- /dev/null
+++ b/misp_modules/modules/expansion/hashdd.py
@@ -0,0 +1,41 @@
+import json
+import requests
+
+misperrors = {'error': 'Error'}
+mispattributes = {'input': ['md5'], 'output': ['text']}
+moduleinfo = {'version': '0.1', 'author': 'Alexandre Dulaunoy', 'description': 'An expansion module to check hashes against hashdd.com including NSLR dataset.', 'module-type': ['hover']}
+moduleconfig = []
+hashddapi_url = 'https://api.hashdd.com/'
+
+
+def handler(q=False):
+    if q is False:
+        return False
+    request = json.loads(q)
+    if not request.get('md5'):
+        misperrors['error'] = 'MD5 hash value is missing missing'
+        return misperrors
+    v = request.get('md5').upper()
+    r = requests.post(hashddapi_url, data={'hash':v})
+    if r.status_code == 200:
+        state = json.loads(r.text)
+        if state:
+            if state.get(v):
+                summary = state[v]['known_level']
+        else:
+            summary = 'Unknown hash'
+    else:
+        misperrors['error'] = '{} API not accessible'.format(hashddapi_url)
+        return misperrors['error']
+
+    r = {'results': [{'types': mispattributes['output'], 'values': summary}]}
+    return r
+
+
+def introspection():
+    return mispattributes
+
+
+def version():
+    moduleinfo['config'] = moduleconfig
+    return moduleinfo
diff --git a/tests/bodyhashdd.json b/tests/bodyhashdd.json
new file mode 100644
index 0000000..b6d256c
--- /dev/null
+++ b/tests/bodyhashdd.json
@@ -0,0 +1 @@
+{"module": "hashdd", "md5": "838DE99E82C5B9753BAC96D82C1A8DCB"}
diff --git a/tests/query-cve.sh b/tests/query-hashdd.sh
similarity index 61%
rename from tests/query-cve.sh
rename to tests/query-hashdd.sh
index 215de4f..4d73663 100755
--- a/tests/query-cve.sh
+++ b/tests/query-hashdd.sh
@@ -1 +1 @@
-curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @bodycve.json -X POST
+curl -s http://127.0.0.1:6666/query -H "Content-Type: application/json" --data @bodyhashdd.json -X POST