The digital footprint of everyone you protect.
Open-source intelligence that fuses the dark web, social media, and the surface web into one identity-resolved footprint — so security and executive-protection teams see exactly what an adversary could find about their leaders, their people, and their brand.
For authorized security and executive-protection teams — monitoring the exposure of their own people, brands, and assets.
Intelligence sources
Surface, social, and dark web — one index.
Every source is normalized and resolved to the person or organization behind it, then fused into a single searchable footprint. One query reaches every layer — no stitching together tools or tabs.
Breach data
Records from company breaches, resolved to a subject — so you see every place a person's identity leaked, not just one file. Email, name, postal address, SSN, password hashes; plaintext when the breach was that bad.
What gets exposed
Infostealer logs
Output from infostealer malware on infected endpoints — the credentials, sessions, and secrets a device gave up, tied back to the identity that used it: saved logins, autofill, cookies, tokens, cards, wallet seeds.
What gets exposed
Drop sites
Combolists, scraped profiles, and exfiltrated dumps from paste sites, exposed buckets, and adversary forums — normalized into the same footprint instead of a thousand loose files.
What gets exposed
Social media
Exposed personal profiles, impersonation, and lookalike accounts across major platforms — the public-facing risk to a principal or brand, resolved to the same identity.
Surface web & data brokers
What an adversary can scrape or buy about a principal — home addresses, phone numbers, and personal details sitting in the open. The doxxing surface, mapped.
Domains & infrastructure
Exposed assets, look-alike domains, and brand impersonation — the corporate attack surface, mapped alongside the people behind it.
The exposure workflow
From one identifier to the whole picture.
An OSINT workspace built for speed: pivot, resolve, and report — all from a single query, without switching tools.
Pivot from one identifier
For any person, brand, or domain you're responsible for, start with an email, name, phone, username, or domain. One boolean query reaches every connected record across the entire index — no per-source lookups.
Resolve the footprint
Matches collapse into one subject: every exposed attribute — credentials, addresses, accounts — deduplicated, grouped, and traced back to the breach that leaked it.
Report the exposure
Turn any footprint into a complete, shareable exposure report in one click — the full picture, ready for a security review or a protection detail.
Automate it
Everything the UI does is a clean REST API. Wire continuous footprint checks for your people and organizations into your own stack.
Who it's for
Built for the teams protecting people, brands, and infrastructure.
Security, risk, and protective-intelligence teams inside the enterprise — seeing what an adversary sees, first.
Map the digital footprint of your executives, board, and key personnel — exposed home addresses, personal credentials, and leaked accounts that create doxxing and physical-security risk. See it before anyone acts on it.
Find leaked employee credentials, exposed corporate data, and brand impersonation across the dark web — then close the gap before it's weaponized against your organization.
Assess what's exposed for a vendor, partner, or acquisition target — the credentials, data, and people behind their attack surface — before you sign.
Latest intelligence
Recent high-impact disclosures.
The largest collections currently in the catalog, ranked by record count. Click into any to inspect the schema, the source provenance, and run a scoped query.
Singularity0x01
The Compilation of Many Breaches (COMB) is a massive 2021 leak containing over 3.2 billion unique pairs of cleartext emails and passwords, largely sourced from previous hacks, including Netflix, LinkedIn, and Yahoo. Posted by a user on RaidForums, this database is notable for its immense size and inclusion of user-friendly scripts to facilitate widespread credential stuffing attacks.
Collection #1
Collection #1 is a massive aggregated credential dump containing approximately 773 million unique email addresses and passwords compiled from thousands of separate data breaches. The data is organized into numbered combo files (email:password or email;password format) and was publicly distributed via forums and file-sharing services. It is not a breach of a single entity but rather a large compilation of credentials harvested from many breaches over many years.
Collection #1
Collection #1 is a massive compilation of email address and password combinations aggregated from numerous individual data breaches. It contains approximately 773 million unique email addresses and over 21 million unique passwords. The data is organized into numbered combo list files and includes credentials from many different sources, not a single breach of one company. It was publicly circulated on hacking forums and reported by Troy Hunt (Have I Been Pwned) in January 2019.
Breach Compilation 2017
A gigantic credential dump containing about 1.4 billion email/password pairs, much of it in plain text, was found circulating online. It was notable less because it was “new” and more because it centralized hundreds of old breaches into one highly usable weaponized dataset, making credential stuffing and password reuse attacks a lot easier.
NAZ.API
NAZ.API is a large credential stuffing dataset (~1 billion records, ~104 GB) compiled from stealer logs and other sources. It contains URL:username:password triplets (login credentials paired with the site they were stolen from), aggregated from numerous prior breaches and infostealer malware campaigns. The dataset was indexed by Have I Been Pwned in January 2024. Data includes plaintext passwords, email addresses, and usernames across a wide variety of websites.
Compilation of Many Breaches B
A large credential compilation dataset containing email:password pairs aggregated from numerous individual breaches. The data is organized alphabetically by email prefix across many files, covering a wide range of global email providers including mail.ru, gmail.com, yahoo.com, hotmail.com, and many others. This appears to be the 'B' partition of a larger multi-part compilation, containing records unique to this subset. Data is plaintext credentials with no hashing.
Threat briefings
What our analysts are tracking.
Original reporting on emerging breaches, leak campaigns, and the operators behind them. No press releases. No reposts.
Threat brief
Plaintext credentials from ys168.com surface in a Chinese-language dump
A plaintext credential dump from ys168.com, a Chinese file-hosting service, is being shared on BreachForums. The archive contains around 657,000 records of usernames, plaintext pas…
Threat brief
An expanded Elance archive resurfaces with 2.6M user records and admin accounts
A new variant of the Elance breach archive is being shared on BreachForums. Elance was the early freelance-work marketplace that eventually merged into what became Upwork, and this…
Threat brief
Havenly database dump exposes 1.7M interior-design-platform accounts
A MySQL database dump and customer CSV from Havenly, the Denver-based online interior-design platform, is circulating on dark-web forums. The combined data covers roughly 1.7 milli…
For engineers
Footprint intelligence, on tap.
The same engine that powers this workspace, as a clean REST API. Boolean queries, cursor pagination, sparse fields, HATEOAS links. Automate continuous footprint checks for your people and organizations — free for the first 500 calls a day, with quota tiers for production.