Skip to content

Investigative Search

The Search page is the fastest way to pivot across eCrime.ch data without first deciding which table or intelligence view contains the answer.

Investigative search page

Investigative search blends and ranks results from:

  • ransomware and leak-site events
  • actor intelligence profiles
  • leak site records
  • news articles
  • comments and analyst notes
  • chat records
  • vulnerability and KEV entries

Use it when you have a company name, actor name, domain, email address, CVE, onion URL, malware family, country, sector, or a fragment from a leak post.

Enter a free-text query in Query, or combine it with structured filters:

  • Actor narrows results to a ransomware or leak-site actor.
  • Country narrows event results to a victim country.
  • Sector narrows event results to a business sector.
  • Data leaked only returns events where leaked data has been observed.
  • Include duplicates keeps duplicate/related posts in the result set.

The result page shows a blended Top results list and a Facets panel. Click a facet value to narrow the current search further without starting over.

  • Search a company name first, then use country or sector facets if the name is common.
  • Search an actor name to find its profile, recent claims, related news, and comments.
  • Search a CVE to connect vulnerability references with actor profiles, news, and events.
  • Search a domain or email address when investigating whether a brand, supplier, or contact appears in leak context.

Each result is labeled by source type, such as events, actors, news, or comments. Higher ranked and newer matches appear first. Use the score only as a relative ranking signal inside the current query; it is not a risk score.