HaveIBeenRansom — search the ransomware leaks
A purpose-built search engine over real ransomware leak files. Type a domain, email or company name and instantly see whether it surfaces in indexed extortion-group dumps — before attackers reuse it against you.
Live at haveibeenransom.com
What you can search
Every result is tied back to the leak source, the ransomware group and the date it was indexed.
Domains & subdomains
Find exposed files, credentials and documents tied to your corporate domains and their subdomains.
Emails & identities
Check whether employee or executive emails appear inside leak archives and combolists.
Company & brand names
Pivot from a company or brand name to every leak post and file that mentions it.
Ransomware groups
Browse by extortion group (LockBit, BlackCat/ALPHV, Cl0p and more) and their victim lists.
Inside leaked files
Full-text indexing reaches inside leaked documents, not just file names.
Fresh indexing
New leak sites are crawled continuously, so results reflect the latest disclosures.
How it works
From a single query to actionable exposure intelligence in seconds.
- Search. Enter a domain, email or company name.
- Match. We correlate it against our continuously-indexed ransomware leak corpus.
- Verify. Each hit shows the source leak, the group and the indexing date.
- Act. Escalate confirmed exposure to Dark Monitor or our incident team.
Find out what the leaks already know
Run a free check now, or let our team build continuous monitoring around your domains and people.