Dark Web Monitoring

Monitor the dark web for compromised credentials, breached email addresses, exposed passwords, and digital asset leaks with real-time alerting.

Check Email for Breaches

Check if an email address has been exposed in known data breaches. Returns detailed information about each breach including the types of data exposed, breach severity, and actionable recommendations.

POST/api/v1/darkweb/check/email

Check if an email address appears in known data breaches

Authentication:Bearer Token
ParameterTypeRequiredDescription
emailstring RequiredThe email address to check for breaches
device_idstringOptionalUnique identifier of the device making the request
curl -X POST https://guard.orbai.world/api/v1/darkweb/check/email \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "device_id": "iphone-15-xyz789"
  }'
200Email found in data breaches
{
  "email": "user@example.com",
  "is_breached": true,
  "breach_count": 3,
  "breaches": [
    {
      "name": "ExampleCorp2024",
      "title": "ExampleCorp Data Breach",
      "domain": "examplecorp.com",
      "breach_date": "2024-09-15",
      "pwn_count": 2500000,
      "description": "In September 2024, ExampleCorp suffered a data breach that exposed email addresses, hashed passwords, and user profile information for 2.5 million users.",
      "data_classes": ["email_addresses", "passwords", "usernames", "ip_addresses"],
      "is_verified": true,
      "severity": "high"
    },
    {
      "name": "SocialApp2023",
      "title": "SocialApp Database Leak",
      "domain": "socialapp.io",
      "breach_date": "2023-03-22",
      "pwn_count": 15000000,
      "description": "A database dump containing 15 million SocialApp user records was published on a dark web forum in March 2023.",
      "data_classes": ["email_addresses", "phone_numbers", "dates_of_birth", "geographic_locations"],
      "is_verified": true,
      "severity": "medium"
    },
    {
      "name": "ForumSite2022",
      "title": "ForumSite Credential Dump",
      "domain": "forumsite.net",
      "breach_date": "2022-11-08",
      "pwn_count": 800000,
      "description": "Credentials for 800,000 ForumSite users were found for sale on a dark web marketplace.",
      "data_classes": ["email_addresses", "passwords"],
      "is_verified": true,
      "severity": "critical"
    }
  ],
  "exposed_data_types": [
    "email_addresses",
    "passwords",
    "usernames",
    "phone_numbers",
    "ip_addresses",
    "dates_of_birth",
    "geographic_locations"
  ],
  "first_breach": "2022-11-08",
  "latest_breach": "2024-09-15",
  "risk_level": "high",
  "recommendations": [
    "Change the password for this email account immediately.",
    "Change passwords on any accounts that share the same password.",
    "Enable two-factor authentication (2FA) on all accounts using this email.",
    "Monitor this email address for unauthorized login attempts.",
    "Consider using a password manager to generate unique passwords for each service.",
    "Check your email for any password reset requests you did not initiate."
  ],
  "checked_at": "2026-02-08T10:50:00Z"
}
200Email not found in breaches
{
  "email": "safe-user@example.com",
  "is_breached": false,
  "breach_count": 0,
  "breaches": [],
  "exposed_data_types": [],
  "first_breach": null,
  "latest_breach": null,
  "risk_level": "safe",
  "recommendations": [
    "No breaches found. Continue using strong, unique passwords.",
    "Enable two-factor authentication for additional security."
  ],
  "checked_at": "2026-02-08T10:50:05Z"
}

Check Password Exposure

Check if a password has been exposed in known data breaches. The password is hashed client-side using SHA-256 before being sent; only the first 5 characters of the hash prefix are transmitted for k-anonymity privacy protection.

POST/api/v1/darkweb/check/password

Check if a password has been exposed in known breaches (password is hashed)

Authentication:Bearer Token
ParameterTypeRequiredDescription
passwordstring RequiredThe password to check. Will be hashed before transmission. Never stored in plaintext.
device_idstringOptionalUnique identifier of the device making the request

Privacy Protection

OrbGuard uses a k-anonymity model for password checking. The password is hashed using SHA-256, and only the first 5 characters of the hash are sent to the server. The server returns all matching hash suffixes, and the check is completed locally. Your full password hash is never transmitted or stored.

curl -X POST https://guard.orbai.world/api/v1/darkweb/check/password \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "password": "MyP@ssw0rd123",
    "device_id": "iphone-15-xyz789"
  }'
200Password found in breaches
{
  "is_breached": true,
  "breach_count": 1247,
  "risk_level": "critical",
  "message": "This password has been found in 1,247 known data breaches. It is extremely compromised and should be changed immediately on all accounts where it is used.",
  "checked_at": "2026-02-08T10:52:00Z"
}
200Password not found in breaches
{
  "is_breached": false,
  "breach_count": 0,
  "risk_level": "safe",
  "message": "This password was not found in any known data breaches. However, continue using unique passwords for each service.",
  "checked_at": "2026-02-08T10:52:05Z"
}

Risk Levels

LevelDescription
safePassword not found in any known breaches
weakPassword found in fewer than 10 breaches; consider changing
compromisedPassword found in 10-100 breaches; change immediately
criticalPassword found in over 100 breaches; extremely compromised

Add Monitored Asset

Register an asset (email, phone number, or password) for continuous dark web monitoring. OrbGuard will send alerts when the asset appears in new data breaches.

POST/api/v1/darkweb/monitor

Add an asset for continuous dark web monitoring

Authentication:Bearer Token
ParameterTypeRequiredDescription
asset_typestring RequiredType of asset to monitor. One of: email, phone, password
valuestring RequiredThe asset value to monitor (email address, phone number, or password hash)
user_idstring RequiredThe user ID that owns this monitored asset
device_idstringOptionalDevice ID for push notification delivery
curl -X POST https://guard.orbai.world/api/v1/darkweb/monitor \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "asset_type": "email",
    "value": "user@example.com",
    "user_id": "usr_12345",
    "device_id": "iphone-15-xyz789"
  }'
201Monitored asset created
{
  "id": "mon_a1b2c3d4e5f6",
  "asset_type": "email",
  "value": "user@example.com",
  "user_id": "usr_12345",
  "device_id": "iphone-15-xyz789",
  "status": "active",
  "created_at": "2026-02-08T10:55:00Z",
  "last_checked_at": null,
  "alert_count": 0
}
409Asset already being monitored
{
  "success": false,
  "error": {
    "code": "CONFLICT",
    "message": "This asset is already being monitored for this user."
  }
}

Get Monitored Assets

Retrieve all monitored assets for a specific user.

GET/api/v1/darkweb/monitor

List all monitored assets for a user

Authentication:Bearer Token
ParameterTypeRequiredDescription
user_idstring RequiredThe user ID to retrieve monitored assets for (query parameter)
curl -X GET "https://guard.orbai.world/api/v1/darkweb/monitor?user_id=usr_12345" \
  -H "Authorization: Bearer YOUR_API_KEY"
200List of monitored assets
[
  {
    "id": "mon_a1b2c3d4e5f6",
    "asset_type": "email",
    "value": "user@example.com",
    "user_id": "usr_12345",
    "device_id": "iphone-15-xyz789",
    "status": "active",
    "created_at": "2026-02-08T10:55:00Z",
    "last_checked_at": "2026-02-08T11:00:00Z",
    "alert_count": 0
  },
  {
    "id": "mon_7g8h9i0j1k2l",
    "asset_type": "email",
    "value": "work@company.com",
    "user_id": "usr_12345",
    "device_id": "iphone-15-xyz789",
    "status": "active",
    "created_at": "2026-02-01T08:00:00Z",
    "last_checked_at": "2026-02-08T11:00:00Z",
    "alert_count": 2
  }
]

Remove Monitored Asset

Remove an asset from continuous dark web monitoring.

DELETE/api/v1/darkweb/monitor/{id}

Remove a monitored asset by its ID

Authentication:Bearer Token
ParameterTypeRequiredDescription
idstring RequiredThe monitored asset ID to remove (path parameter)
curl -X DELETE "https://guard.orbai.world/api/v1/darkweb/monitor/mon_a1b2c3d4e5f6" \
  -H "Authorization: Bearer YOUR_API_KEY"
204Monitored asset removed successfully
404Monitored asset not found
{
  "success": false,
  "error": {
    "code": "NOT_FOUND",
    "message": "Monitored asset not found or already removed."
  }
}

Get Breach Alerts

Retrieve breach alerts for a monitored user. Alerts are generated when a monitored asset is found in a new data breach.

GET/api/v1/darkweb/alerts

Get breach alerts for a user's monitored assets

Authentication:Bearer Token
ParameterTypeRequiredDescription
user_idstring RequiredThe user ID to retrieve alerts for (query parameter)
curl -X GET "https://guard.orbai.world/api/v1/darkweb/alerts?user_id=usr_12345" \
  -H "Authorization: Bearer YOUR_API_KEY"
200List of breach alerts
[
  {
    "id": "alert_x1y2z3",
    "user_id": "usr_12345",
    "monitor_id": "mon_7g8h9i0j1k2l",
    "asset_type": "email",
    "asset_value": "work@company.com",
    "breach_name": "CorpService2026",
    "severity": "high",
    "message": "Your email work@company.com was found in the CorpService data breach. Passwords and personal data may be exposed.",
    "data_classes": ["email_addresses", "passwords", "names"],
    "breach_date": "2026-01-28",
    "detected_at": "2026-02-05T14:30:00Z",
    "acknowledged": false,
    "acknowledged_at": null
  },
  {
    "id": "alert_a4b5c6",
    "user_id": "usr_12345",
    "monitor_id": "mon_7g8h9i0j1k2l",
    "asset_type": "email",
    "asset_value": "work@company.com",
    "breach_name": "CloudStorage2025",
    "severity": "medium",
    "message": "Your email work@company.com appeared in the CloudStorage breach. Email addresses and usage data were exposed.",
    "data_classes": ["email_addresses", "usage_data"],
    "breach_date": "2025-11-15",
    "detected_at": "2026-01-10T08:00:00Z",
    "acknowledged": true,
    "acknowledged_at": "2026-01-10T09:15:00Z"
  }
]

Acknowledge Alert

Mark a breach alert as acknowledged. This does not delete the alert but indicates the user has reviewed and addressed it.

POST/api/v1/darkweb/alerts/{id}/ack

Acknowledge a breach alert

Authentication:Bearer Token
ParameterTypeRequiredDescription
idstring RequiredThe alert ID to acknowledge (path parameter)
curl -X POST "https://guard.orbai.world/api/v1/darkweb/alerts/alert_x1y2z3/ack" \
  -H "Authorization: Bearer YOUR_API_KEY"
200Alert acknowledged
{
  "id": "alert_x1y2z3",
  "acknowledged": true,
  "acknowledged_at": "2026-02-08T11:00:00Z"
}
404Alert not found
{
  "success": false,
  "error": {
    "code": "NOT_FOUND",
    "message": "Alert not found."
  }
}

Monitoring Limits

Free tier accounts can monitor up to 2 assets. Premium users can monitor up to 10 assets, and enterprise plans support unlimited monitored assets with custom alerting rules and webhook notifications.

URL Protection

Previous Page

AI-Powered Scam Detection

Next Page

On this page

Check Email for Breaches
Check Password Exposure
Risk Levels
Add Monitored Asset
Get Monitored Assets
Remove Monitored Asset
Get Breach Alerts
Acknowledge Alert