Is Your Organization on the Dark Web?
Run a free lookup against records currently available in the production index.
Scanning dark web sources...
Results for
Turn This Scan Into Continuous Monitoring
See what's happening now—then review new matching records through the dashboard or your configured delivery channels.
Start Free TrialFree scans remaining today: 3
No Matching Records Returned
for
Keep Monitoring This Criterion
This result only reflects the records currently available in the index. It is not proof that no exposure exists. Save the criterion to monitor future matches.
Start Free TrialFree scans remaining today: 3
Free Scan Limit Reached
You've used all 3 free scans. Sign up for a free trial to continue scanning and get continuous monitoring.
Start Free TrialHow AdverseMonitor's Scanner Works
When you submit a domain or company name, the scanner runs a single read-only lookup against our index of dark web sources. There is no outbound traffic from your network, no probe of the actor's infrastructure, and no notification to anyone you searched. The result is whatever we already know about that string as currently stored in the production index.
What we check
The lookup searches the threat records currently stored in the production index for the submitted domain or organization string. Available records can include ransomware and other dark-web-related categories, but source availability and historical depth vary. A zero result is not proof that no exposure exists.
What the free scan will not tell you
The free version returns a count by category. It does not return the underlying URL, the post body, the actor handle, the affected credentials, or additional source details. Those live behind the paid product because they are operationally sensitive (and because publishing them at scale would help the actors). The free scan is also rate-limited to three queries per IP per day to keep the index responsive for serious users.
What a positive hit actually means
A non-zero result is not the same as "you have been breached today." Three common patterns:
- Third-party credential exposure. Most common. An employee reused their work password on a site that was breached two years ago, and the combo now sits in an infostealer log. Rotate the password, check SSO logs.
- Forum chatter. Someone is asking about your company, posting an org chart, or shopping access. This is reconnaissance and a strong signal to tighten controls before something happens.
- Leak-site listing. A ransomware crew has named you. This is an active incident regardless of whether you have noticed encryption yet, and you should be on the phone with counsel and IR within the hour.
If you want help reading the result, our breakdown of the ten signs your company data is on the dark web walks through the indicators by severity.
Frequently Asked Questions
How is the free scan different from your paid monitoring?
The free scan is a point-in-time lookup against the existing index. Paid monitoring repeatedly checks configured criteria and provides the available underlying source evidence. Collection and delivery latency varies by source and destination. Free scans are capped at three per IP per day.
Which sources does the scanner check?
The scanner checks records currently stored in the production index. Source availability, category coverage, historical depth, and collection latency vary.
Will my domain be flagged as suspicious if I scan it?
No. The query hits our index, not the threat actor sites. There is no outbound traffic from your network at scan time and nothing for an attacker to observe. We log the query for rate-limiting only.
What do I do if the scan finds my organization?
Do not pay anyone. A hit usually means a credential reuse from a third-party breach, a forum mention (reconnaissance), or a leak-site listing (active incident). Start a trial to see the evidence, rotate exposed credentials, audit SSO and VPN logs going back 90 days for the affected accounts, and pull our breach response playbook.
How current is the data?
The scan reflects records already present in the production index. Collection and delivery latency varies by source, and no complete or instantaneous coverage is claimed.
Can I scan a domain I do not own?
The scanner performs a read-only lookup against the AdverseMonitor index. Only submit a domain or organization name when you are authorized to assess it.