Sign in Get a demo

When your organization shows up on the dark web, find out the same day.

Brand mentions in criminal channels typically precede public news by weeks. Dark Web Mentions Monitoring watches Deepinfo's dark web index continuously for any term you care about: your organization name, your products, executives, internal project names, custom identifiers. Alerts fire the same day a new mention appears.

Request a demo Get a free threat exposure report
WHAT THIS DOES

Continuous coverage on any term you care about.

Define the keyword set you want monitored: corporate name, brand variations, product names, executive names, internal codenames, anything specific to your organization. Deepinfo monitors continuously across the dark web sources we index, alerting on first appearance and on each subsequent mention.

Alerts route to where your team works: email, Slack, your SIEM, your ticketing system. Frequency is configurable per channel: instant for high-priority terms, daily digests for lower-priority. False-positive feedback feeds back into the relevance scoring so the alert stream gets cleaner over time.

HOW IT WORKS

Three layers of continuous coverage.

Custom keyword sets define what to watch. Continuous source coverage finds new mentions as they appear. Routed alerts deliver findings into the systems your team already uses.

Custom keyword sets, per organization.

Define what you want monitored: corporate names, brand variations, executive names, product codenames, internal project identifiers, customer-data type indicators. Sets are versioned and editable; new keywords start monitoring from the moment they're added.

Continuous source coverage.

Forums, marketplaces, paste sites, leak sites, chat channels, all monitored continuously. New content gets indexed within hours of being posted; alerts fire as new mentions appear in the index.

Routed alerts with relevance scoring.

Email, Slack, SIEM, ticketing system. Frequency configurable per channel. Each alert carries source attribution, mention context, and a relevance score so high-confidence alerts surface above noise.

WHAT IT SURFACES

Examples of mentions worth alerting on.

Brand mentions

Forum discussions about targeting, exploits, or attack planning involving your organization.

Product mentions

Posts about vulnerabilities, attack techniques, or exploit kits affecting your products.

Executive mentions

Posts indicating doxing, threats, or harassment campaigns against named individuals.

Internal codename mentions

Mentions of internal project names suggesting insider leaks or stolen documents.

Domain mentions

Posts about your infrastructure, planned campaigns, or exploited assets.

Combination mentions

Higher-priority alerts when multiple identifiers co-occur (your brand + a CVE, your domain + a leak announcement).

PART OF CTI

Mentions monitoring feeds the broader intelligence picture.

Dark Web Mentions Monitoring is the always-on counterpart to Dark Web Search (which is on-demand). When mentions surface, they feed into the broader intelligence picture: matched against Threat Actor Intelligence to identify which actor groups are active, cross-referenced with the Data Breach Index for context, and routed to your IR or fraud teams via your existing alerting infrastructure.

CTI · DARK WEB SEARCH

Dark Web Search

Learn more CTI · THREAT ACTOR INTELLIGENCE

Threat Actor Intelligence

Learn more CTI · EXECUTIVE THREAT MONITORING

Executive Threat Monitoring

Learn more
← Back to CTI

“We've found organization mentions on dark-web channels weeks before the breach was public. The lead time matters: it gives us a chance to prepare communications, customer notifications, and law-enforcement coordination before the news cycle starts.”

— Director of Threat Intelligence, Aviation Operator
CONTINUE EXPLORING

Explore the full platform.

EASM · EXTERNAL ATTACK SURFACE MANAGEMENT

See your entire attack surface. Act on what matters.

Continuous discovery and monitoring of every internet-facing asset, including subsidiaries and acquired companies.

See module CTI · CYBER THREAT INTELLIGENCE

See what’s exposed. Act before it’s exploited.

Dark-web monitoring, breach corpora, infostealer logs, and threat-actor activity tied to your organization.

See module BRP · BRAND RISK PROTECTION

Keep an eye on the internet. Protect your brand.

Lookalike domains, fake apps, fraudulent listings, and brand abuse caught in hours, not weeks.

See module TPRM · THIRD-PARTY RISK MANAGEMENT

Every third party carries risk. See all of it.

Continuous external monitoring of every approved vendor with the same depth as your own surface.

See module DSI · DEEP SEARCH AND INSIGHTS

Explore the entire internet. See every layer.

400M domains, 2B subdomains, 200B DNS records, 30B SSL certificates. All queryable directly.

See module
START MONITORING

See where your organization shows up right now.

The free threat exposure report includes a dark-web mention scan against your domain. Continuous monitoring picks up where the report leaves off.

Request a demo