Risk score
Public aggregateA prioritization signal derived from the domain's overall exposure pattern.
Check your domain for leaked credentials, exposed employees, infostealer activity, and historical dark web exposure. Start with a free risk preview, then escalate to a confidential report when the signal warrants it.
01 / Initiate scan
No account required. The browser preview stays aggregate-only and never exposes raw credentials or employee identities.
02 / Public telemetry
The public preview is deliberately concise: enough context to prioritize investigation without exposing sensitive source records in a browser session. v2 goes deeper only after an authorized report request.
A prioritization signal derived from the domain's overall exposure pattern.
The aggregate number of matched exposure records tied to the submitted domain.
A summary count of employee-linked identities represented in the exposure set.
The number of distinct credential records identified for the domain.
A recent-activity signal from the last 90 days, not the full boundary of the report scope.
The percentage signal for exposures associated with plaintext password findings.
03 / Extended report scope
The Active Threats (90d) metric remains a recency signal in the free preview. The confidential report can extend far beyond that window when historical dark web evidence exists for the domain.
Section availability depends on the evidence actually tied to the organization. Not every domain will populate every report group.
Historical exposure
The 90-day metric in the public preview is only a recency indicator. The confidential report can include broader historical exposure timelines and source distribution when evidence exists for the domain.
Identity impact
Authorized teams can investigate exposed employee identities, credential counts, and credential-linked patterns without exposing those raw records in the browser preview.
Threat intelligence
The report can correlate infostealer activity, market listings, breach references, and other underground signals tied to the domain footprint.
Third-party exposure
Where signals exist, the report can surface third-party services, cloud identity exposure, shadow IT indicators, and code-repository references associated with the organization.
Credential hygiene
Beyond counts alone, the report can highlight password-strength trends, reuse indicators, and other credential-quality patterns that affect remediation priority.
Infrastructure context
Some domains produce device, IP, ASN, organization, or geography context that helps investigators understand how the exposure set is distributed.
Open-source signals
The report can capture relevant Telegram and web references when those signals are present in the source evidence linked to the domain.
Remediation
The final output is designed to help security and IT teams decide what to reset, monitor, validate, and escalate next based on the domain's actual exposure pattern.
04 / Triage workflow
Treat the public preview as an entry point, then use the exposure pattern to decide whether you need a confidential report, tighter identity controls, or ongoing monitoring.
Submit the primary organizational domain for a free domain breach check.
Review risk score, exposure volume, identity impact, and the 90-day recency signal.
Escalate to the confidential report or continuous monitoring when the exposure pattern warrants follow-through.
Clear answers about the free preview, 90-day telemetry, confidential report scope, privacy, and next steps.