Use cases
Tracking an individual from a username
A handle found on a forum, a Telegram username, a Reddit account. This is often where investigations start.Run a pseudonym search
Go to Search, select Pseudonym, and enter the handle. Results stream in from social platforms, forums, and leak databases.
Identify linked emails or phone numbers
Check the module cards for associated contact data. If you find an email, run a new Email search in the same project to expand the profile.
Stack searches across modules
Layer results: username to email to phone to IP. Each layer adds context and confirms or rules out connections between accounts.
Review breach exposure
The Leaked Results and Breached Accounts panels show what data appeared in known breaches: password hashes, previous IPs, service names.
Investigating a suspicious email address
You received a phishing email, a threat, or a contact request you cannot verify. The email address is your starting point.Run an email search
Select Email and paste the address. The search checks breach databases, registered accounts, and social profiles at the same time.
Check Registered Accounts
The Registered Accounts panel lists services where this email has an active account. It tells you a lot about the person behind it.
Review breach history
Breached Accounts shows which data breaches included this address and what fields were exposed: password hash, username, IP, and more.
Mapping suspicious infrastructure
You have a domain or IP from a malware sample, a C2 server, or a suspicious redirect. You need to understand what is behind it.Start with the domain
Select Domain and enter the root domain. Review DNS records, subdomains, WHOIS registration data, and linked IPs.
Pivot to each IP
For every IP discovered, run a new IP address search. Check ASN, hosting provider, geolocation, and threat intelligence signals.
Use the map view
Geographic clustering of IPs can reveal whether infrastructure is centralized or deliberately spread across jurisdictions.
Tracing a cryptocurrency wallet
A wallet address appears in a fraud report, a ransom payment, or a transaction you need to understand.Run a cryptocurrency search
Select Cryptocurrency and paste the full wallet address. Osintly returns transaction history, linked addresses, and risk signals.
Identify linked wallets
Follow the transaction graph to find wallets that sent or received funds from this address.
Corporate due diligence
You are evaluating a potential partner, supplier, or acquisition target and need a broad picture quickly.Start with the company domain
A Domain search surfaces WHOIS registration history, hosting details, subdomains, and any breach exposure linked to the company’s infrastructure.
Search key personnel emails
If you have emails for founders or executives, run Email searches to check for breach exposure or linked accounts.
Monitor for changes
Set a domain monitor to track infrastructure changes, new subdomains, or data leak appearances going forward.
Export a report
Use Export to PDF or DOCX to produce a structured deliverable for internal review or legal counsel.
Export formats depend on your plan. See Billing & Plans.
Verifying an anonymous source
A source contacts you via a pseudonymous account. You need to assess credibility without revealing your investigation.Mask your query first
Enable Mask query from result page title in Search Settings. This keeps the search term out of browser history and tab titles.
Check account age and activity patterns
Module cards surface account creation dates, post history, and activity across platforms. A freshly created account with no activity history is a clear signal.