Open-source intelligence, refreshed in real time

The digital footprint of everyone you protect.

Open-source intelligence that fuses the dark web, social media, and the surface web into one identity-resolved footprint — so security and executive-protection teams see exactly what an adversary could find about their leaders, their people, and their brand.

For authorized security and executive-protection teams — monitoring the exposure of their own people, brands, and assets.

Identity records indexed
34,040,680,067
Breaches & leaks
3,421
Distinct sources
2,543
Refresh
Real-time

Intelligence sources

Surface, social, and dark web — one index.

Every source is normalized and resolved to the person or organization behind it, then fused into a single searchable footprint. One query reaches every layer — no stitching together tools or tabs.

Dark webThe deepest, richest layer — breach dumps, stealer logs, and leaks, resolved to the people behind them.

Breach data

users.csv
10.6M rows
emailssnpwd_hash
jane.d…@gmail.com***-**-2847$2$10$f9p…
alex.k…@yahoo.com***-**-9134$2$10$xa3…
sam.li…@proton.me***-**-5061$2$10$kl1…

Records from company breaches, resolved to a subject — so you see every place a person's identity leaked, not just one file. Email, name, postal address, SSN, password hashes; plaintext when the breach was that bad.

What gets exposed

emailnameaddressssndobpassword

Infostealer logs

session_1812.log
redline
user:jane.doe@gmail.com
pass:●●●●●●●●●●●●
card:4532 ●●●● ●●●● 482712/27
wallet:seed: ridge alley orbit shy…
cookie:__Secure-1PAPISID=pUq…

Output from infostealer malware on infected endpoints — the credentials, sessions, and secrets a device gave up, tied back to the identity that used it: saved logins, autofill, cookies, tokens, cards, wallet seeds.

What gets exposed

urlusernamepasswordcookiescredit_cardwallet_seed

Drop sites

onion-mirror · thread/429
3h ago
[DUMP] 50K • ssn + cc fullz
jane.d…|***-**-2847|4532●●●●4827
alex.k…|***-**-9134|5412●●●●1923
sam.li…|***-**-5061|4111●●●●3872
+49,997 more

Combolists, scraped profiles, and exfiltrated dumps from paste sites, exposed buckets, and adversary forums — normalized into the same footprint instead of a thousand loose files.

What gets exposed

emailusernamepasswordssncredit_cardip
Social & surface webThe public-facing exposure an adversary can see, scrape, or buy — resolved to the same identity.

Social media

Exposed personal profiles, impersonation, and lookalike accounts across major platforms — the public-facing risk to a principal or brand, resolved to the same identity.

Surface web & data brokers

What an adversary can scrape or buy about a principal — home addresses, phone numbers, and personal details sitting in the open. The doxxing surface, mapped.

Domains & infrastructure

Exposed assets, look-alike domains, and brand impersonation — the corporate attack surface, mapped alongside the people behind it.

The exposure workflow

From one identifier to the whole picture.

An OSINT workspace built for speed: pivot, resolve, and report — all from a single query, without switching tools.

01

Pivot from one identifier

For any person, brand, or domain you're responsible for, start with an email, name, phone, username, or domain. One boolean query reaches every connected record across the entire index — no per-source lookups.

02

Resolve the footprint

Matches collapse into one subject: every exposed attribute — credentials, addresses, accounts — deduplicated, grouped, and traced back to the breach that leaked it.

03

Report the exposure

Turn any footprint into a complete, shareable exposure report in one click — the full picture, ready for a security review or a protection detail.

04

Automate it

Everything the UI does is a clean REST API. Wire continuous footprint checks for your people and organizations into your own stack.

Who it's for

Built for the teams protecting people, brands, and infrastructure.

Security, risk, and protective-intelligence teams inside the enterprise — seeing what an adversary sees, first.

Executive & personnel protection

Map the digital footprint of your executives, board, and key personnel — exposed home addresses, personal credentials, and leaked accounts that create doxxing and physical-security risk. See it before anyone acts on it.

Corporate threat exposure

Find leaked employee credentials, exposed corporate data, and brand impersonation across the dark web — then close the gap before it's weaponized against your organization.

Third-party & pre-deal diligence

Assess what's exposed for a vendor, partner, or acquisition target — the credentials, data, and people behind their attack surface — before you sign.

Latest intelligence

Recent high-impact disclosures.

The largest collections currently in the catalog, ranked by record count. Click into any to inspect the schema, the source provenance, and run a scoped query.

Browse the full catalog

Singularity0x01

3,200,088,096
records
Disclosed Feb 2, 2021scraping

The Compilation of Many Breaches (COMB) is a massive 2021 leak containing over 3.2 billion unique pairs of cleartext emails and passwords, largely sourced from previous hacks, including Netflix, LinkedIn, and Yahoo. Posted by a user on RaidForums, this database is notable for its immense size and inclusion of user-friendly scripts to facilitate widespread credential stuffing attacks.

Collection #1

2,296,383,998
records
Disclosed Jan 17, 2019combolist

Collection #1 is a massive aggregated credential dump containing approximately 773 million unique email addresses and passwords compiled from thousands of separate data breaches. The data is organized into numbered combo files (email:password or email;password format) and was publicly distributed via forums and file-sharing services. It is not a breach of a single entity but rather a large compilation of credentials harvested from many breaches over many years.

Collection #1

2,282,619,926
records
Disclosed Jan 17, 2019combolist

Collection #1 is a massive compilation of email address and password combinations aggregated from numerous individual data breaches. It contains approximately 773 million unique email addresses and over 21 million unique passwords. The data is organized into numbered combo list files and includes credentials from many different sources, not a single breach of one company. It was publicly circulated on hacking forums and reported by Troy Hunt (Have I Been Pwned) in January 2019.

Breach Compilation 2017

1,539,783,937
records
Disclosed Dec 11, 2017database

A gigantic credential dump containing about 1.4 billion email/password pairs, much of it in plain text, was found circulating online. It was notable less because it was “new” and more because it centralized hundreds of old breaches into one highly usable weaponized dataset, making credential stuffing and password reuse attacks a lot easier.

NAZ.API

1,501,736,801
records
Disclosed Jan 17, 2024combolist

NAZ.API is a large credential stuffing dataset (~1 billion records, ~104 GB) compiled from stealer logs and other sources. It contains URL:username:password triplets (login credentials paired with the site they were stolen from), aggregated from numerous prior breaches and infostealer malware campaigns. The dataset was indexed by Have I Been Pwned in January 2024. Data includes plaintext passwords, email addresses, and usernames across a wide variety of websites.

Compilation of Many Breaches B

1,170,018,690
records
Disclosed Jun 1, 2026combolist

A large credential compilation dataset containing email:password pairs aggregated from numerous individual breaches. The data is organized alphabetically by email prefix across many files, covering a wide range of global email providers including mail.ru, gmail.com, yahoo.com, hotmail.com, and many others. This appears to be the 'B' partition of a larger multi-part compilation, containing records unique to this subset. Data is plaintext credentials with no hashing.

For engineers

Footprint intelligence, on tap.

The same engine that powers this workspace, as a clean REST API. Boolean queries, cursor pagination, sparse fields, HATEOAS links. Automate continuous footprint checks for your people and organizations — free for the first 500 calls a day, with quota tiers for production.

Read the API docs