Total Tests:

Dark Web Exposure and Phishing Detection Test

Free online security tool to test your security
  • Dark Web Exposure Monitoring
  • Phishing Detection and Monitoring
  • Domain Squatting Monitoring
  • Trademark Infringement Monitoring

Free online tool to test domain security

40,033,412 domain names analyzed

0 tests running
  tests today

Latest Tested Domains

Command Line Toolkit

Simple CLI interface to leverage ImmuniWeb® Community Edition free tools in CI/CD pipelines and DevOps.


Download utilities from GitHub or use git:

git clone "" && cd iwtools/iwtools

Install third-party python libraries:

  • termcolor
  • colorama
  • requests


Monitor and detect your Dark Web exposure, phishing and domain squatting:

Start a new test or get the results from cache:
./ darkweb ""
Get raw API response in JSON format:
./ darkweb --format raw_json ""
Force to refresh the test using an API key
./ darkweb --api-key ABCDE-12345-FGHIJ-67890 --refresh ""

Check other command line options here.

Free API

ImmuniWeb Community Edition provides a free API for the Dark Web Exposure Test. It shares the number of tests performed via web interface:

Account type Tests per day Monthly subscription
No Account 2 Free
Free Account 4 Free

Premium API

ImmuniWeb Community Edition provide a premium API for higher number of requests via API or web interface:

Select package Tests per day Monthly subscription
10 $299
50 $1495
100 $2990
250 $7995

The number of API requests will be available via web interface under your account


The number of API requests will be shared among all users with the same domain name as your account

Total: $4395
Get in touch for details.

Public schools, local governments and non-for-profit organizations may request a free access to the premium API.

API Documentation

API Specifications

Field Name Value
Request Type POST
URL[ustamp].html - where "ustamp" is an arbitrary UNIX time-stamp (must be an integer). Such construction is done to prevent caching on client side.

POST Data Specification

Field Name Value
api_key secret token which you submit alongside with the request
domain the domain name to be tested.
limit limit the amount of results shown.
offset offset if results are limited
no_limit 0 or 1
dnsr "on" means that test results will be hidden, "off" means that test results will be displayed in statistics.
recheck "false" will use results from cache if the server has been tested within the past 24 hours, "true" will perform a new test without looking at the cache.

Example of Transaction Using CURL

# New test (not cached)
curl -d "" ""
"job_id": "2a9e1f1bc92dc0c7a4bde930dff488771eea6d36988208d34163c5496227b8dc",
"status": "test_started",
"status_id": 1,
"message": "Test has started"
curl -d "job_id=2a9e1f1bc92dc0c7a4bde930dff488771eea6d36988208d34163c5496227b8dc" ""
"job_id": "2a9e1f1bc92dc0c7a4bde930dff488771eea6d36988208d34163c5496227b8dc",
"status": "in_progress",
"status_id": 2,
"eta": 2,
"message": "Your test is in progress"
New test (cached)
curl -d "" ""
"test_id": "c84936eef26eeb8aaef5ffc43f38ddb91adfd90ac27fb416bd0b21fe2edb1004",
"status": "test_cached",
"status_id": 3,
"message": "Test is cached"
curl -d "id=c84936eef26eeb8aaef5ffc43f38ddb91adfd90ac27fb416bd0b21fe2edb1004" ""
{ ... }
Example with error
curl -d "domain=" ""
"error": "Domain name was resolved in an invalid IP address",
"error_name": "invalid_ip_resolved",
"error_id": 16
Download PDF
curl -d "api_key=your_api_key" "" > report.pdf

Example of Server Response


ImmuniWeb Community Edition - Dark Web Exposure Test

The Dark Web Exposure Test is a free online tool to monitor security incidents and data leaks in Dark Web and other Internet resources, to detect ongoing phishing campaigns, domain and social media squatting:

​Dark Web Exposure Monitoring

  • Hacking forums
  • Underground market places
  • Pastebin and other paste websites
  • Social media
  • Telegram chats
  • IRC channels

​Potential Cybersquatting

  • Domains registered in different TLDs and owned by a third party
  • Domains imitating domain names or business identity and owned by a third party

​Potential Typosquatting

  • Domains with typos in body and owned by a third party
  • Domains with typos in body and TLD and owned by a third party

​Potential Phishing

  • Domains that try to visually impersonate your domain or brand and owned by a third party
  • Domains that contain phishing content targeting your domain or brand users
  • Domains that contain malicious content targeting your domain or brand users

​Social Media

  • Testing Twitter
  • Testing Facebook
  • Testing BitBucket
  • Testing Github
  • Testing YouTube

​Phishing Data Sources

For phishing websites detection we use the following data sources:

  • Our proprietary network of web honeypots
  • Our proprietary network of email honeypots
  • Google Safe Browsing
  • PhishTank
  • OpenPhish


The following security experts helped us improve this free product:

  • Alexandru Fulop, Megaflip srl

Dark Web Exposure and Phishing Monitoring

ImmuniWeb® Community Edition provides a free Dark Web Exposure and Phishing monitoring with this Dark Web Exposure and Phishing Detection Test. You can add up to 3 domains for free that will be automatically tested with the Dark Web Exposure and Phishing Detection Test every 7 days. You will be notified by email about new threats. You can change or remove the domains at any time.

Interactive Live World Map
Date/Time ()
Server location
Dark Web
Social Media
Click to view full test results
View in fullscreen
Current time:
Latest update:

Newly Registered Domains:

Latest Phishing Alerts:

Trademark Infringement and Misuse: Most Targeted Brands

# Brand Dark Web Phishing Typosquatted Cybersquatted Social Media Total

Dark Web Exposure Research

State of Cybersecurity Industry Exposure at Dark Web

State of Cybersecurity Industry Exposure at Dark Web
  • 97%
    of the companies have data leaks exposed on the Dark Web
  • 25%
    of the leaks, being 160,529 leaks, are of high or critical risk levels
  • 29%
    of the stolen passwords are weak, 161 companies reuse passwords
  • 63%
    of the companies have security or compliance issues on their websites

State of Cybersecurity at Top 100 Global Airports

State of Stolen Credentials in the Dark Web from Fortune 500
  • 100%
    of the mobile apps contain at least 2 vulnerabilities
  • 97%
    of the websites contain outdated web software
  • 87%
    of the airports have data leaks on public code repositories
  • 66%
    of the airports have stolen credentials sold on the DarkWeb

State of Stolen Credentials in the Dark Web from Fortune 500

State of Stolen Credentials in the Dark Web from Fortune 500 Companies
  • 21M
    credentials are available in the Dark Web
  • 16M
    credentials compromised during the last year
  • 95%
    of stolen credentials are accessible in plaintext
  • 36%
    of passwords are bruteforceable in a minute

State of Application Security at S&P Global World's 100 Banks

97% of the World's Largest Banks are Vulnerable to Web and Mobile Attacks
  • 85%
    of e-banking web applications failed GDPR compliance test
  • 49%
    of e-banking web applications failed PCI DSS compliance test
  • 92%
    of mobile banking applications contain at least 1 medium-risk security vulnerability
  • 100%
    of the banks have security vulnerabilities or issues related to forgotten subdomains

State of Application Security at FT 500 Largest Companies

FT500 Global Companies
  • 70%
    of FT 500 can find access to some of their websites being sold on Dark Web
  • 92%
    of external web applications have exploitable security flaws or weaknesses
  • 19%
    of the companies have external unprotected cloud storage
  • 2%
    of external web applications are properly protected with a WAF

Frequently Asked Questions

  • Q
    What is the Dark Web?

    Dark Web was originally referred to the TOR network and resources located there being accessible only with special client-side software. Modern notion of Dark Web is, however, much broader and includes various underground marketplaces and hacking forums accessible with a standard web browser. Dark Web definition may also encompass IRC and Telegram channels known for offering or trading stolen credentials and data.

    Some companies may also refer to various paste websites, like Pastebin, social media or even code repositories, like GitHub, when talking about monitoring of stolen credentials within the context of Dark Web surveillance. Borders of the modern Dark Web constantly fluctuate, some illicit resources emerge, while others disappear.

  • Q
    What is Dark Web monitoring?

    Dark Web monitoring is a service, usually provided by cybersecurity companies or law enforcement agencies, for organizations and individuals to notify them about any sensitive, confidential or offending information available on the Dark Web. Timely notification enables swift reaction to the incident, accelerates investigation, and usually reduces the negative economic and reputational consequences of a data breach, leak or intrusion. Organizations may check the scale and risks of their Dark Web exposure for free via ImmuniWeb Community Edition.

  • Q
    Is it possible to monitor the Dark Web?

    It depends on the specific segments of the Dark Web ecosystem and ultimate goals of such monitoring. Many resources in the Dark Web, such as underground marketplaces or hacking forums, are purposely made publicly accessible to ensure unhindered and free trade of stolen or illicit goods. Such resources can be monitored by different services offered by cybersecurity companies.

    Contrariwise, some of the resources falling under the definition of Dark Web, are invitation-only and are maintained in the highest secrecy. Usually, experienced cybercriminals and nation-state hackers create dedicated servers, oftentimes hosted in legitimate AWS or Google Cloud, to ensure privacy of their negotiations and illicit transactions. All such communications are strongly encrypted, and even a breach or takeover of the server will unlikely provide any actionable information to the investigators.

    Four such cases, unless you have requisite resources and capacity to infiltrate into the cyber gang, you will unlikely be able to monitor this shadow segment of the Dark Web. Most of the findings, however, are accessible in those areas of the Dark Web that can be successfully monitored to timely react on data leaks and security breaches.

  • Q
    What is phishing?

    Phishing is a well-known computer attack targeting individual and corporate users with key purpose to steal their data or compromise their systems. Phishing is often dependent on social engineering that exploits human inattentiveness, emotions or fatigue. Usually, attackers use email pretending to come from an authority, colleague or an acquaintance, and asking to open a web link or run an attachment to the email.

    Frequently, the web page or attach will contain malware, such as spyware or ransomware, aimed to backdoor victim’s device or computer. Alternatively, a website may usurp one’s identity, for instance, pretending to be a bank website, and asking to login with victim’s credentials. Upon login, the victim is redirected to the legitimate website, while login and password are stolen by the attackers.

    Phishing attacks targeting mobile users is also prevalent, where variants will attempt to use channels such as SMS or messenger apps, or voicemail in order to perform similar attacks as above or vocally deceiving a victim.

  • Q
    How phishing works?

    To run phishing campaigns, attackers usually deliver a specially created content to their victims by email, or other channels of communications including SMS or WhatsApp. Once a victim clicks on the malicious link or download attachment from the malicious email, its computer or mobile device will likely be infected with a Trojan horse or ransomware. Occasionally, a website or email may just lure victim into providing sensitive information such as logins or passwords from e-banking to later disembowel victims’ accounts.

  • Q
    How phishing links work?

    Usually, phishing link opens a fraudulent website imitating and pretending to be a governmental authority, banking institution or a well-known enterprise. Once victim opens the phishing website, his or her computer (or mobile device) will likely be hacked and backdoored to steal valuable data or use the compromised device in DDoS attacks or large-scale spam campaigns. In other cases, phishing website may be harmless and merely requests victims’ credentials (e.g. login and password from e-banking) to be entered under a pretext of security verification by the bank. Once victim provides the credentials, attackers will gain access to victim’s account.

  • Q
    Are phishing sites illegal?

    Most of the phishing websites aim to steal someone’s credentials, spread malware or commit other criminally punishable actions, and are thus illegal by the very purpose of their existence and nature of operation. The phishing website per se, however, is not necessarily illegal, for instance, it may be used by security teams or cybersecurity service providers to train employees on the dangers of phishing and raise security awareness. However, any usage of phishing website against innocent victims and/or with the purpose to defraud, will likely constitute a serious computer crime offense in all civilized countries.

  • Q
    How phishing can be prevented?

    Phishing almost always implicates human carelessness, inattentiveness or lack of security training. Therefore, continuous security awareness and training are essential to educate your employees about the dangers of phishing and interrelated cyber threats. Security training shall be rewarding and involve gamification to ensure highest participation and best outcomes.

    Secondly, a set of internal security mechanisms is to be installed, including spam filtering systems with AI and heuristic capacities to reliably detect and remove phishing emails. Importantly, fighting phishing shall be an ongoing and continuously improved process, not a one-shot exercise conducted annually.

  • Q
    What is cybersquatting?

    Cybersquatting is unethical, and often illegal, practice to register domain names that included registered trademarks or brand names belonging to third parties without their permission. Cybersquatting may be comparatively innocent, for example, when a car dealer creates a domain name, containing a well-known car brand that it lawfully sells, to attract more customers.

    More reprehensible variation of cybersquatting may include multiple domain names registration for all known car brands even those that it does not sell or repair. Finally, cybercriminals may leverage cybersquatting tactics to impersonate banks, healthcare providers or governmental authorities and lure inattentive website visitors into sharing their confidential information.

    Differently from typosquatting, that exploits mistakes and typos our fingers accidentally make while typing a URL, cybersquatting primarily exploits visual deception to attract visitors to their websites.

  • Q
    How cybersquatting works?

    Typically, users received a web link pointing to a cybersquatted domain by email, SMS or WhatsApp. They may also find the website in Google search results when looking for a specific company or branded service. The cybersquatted website has a URL with express mention of a known brand or trademark, aiming to falsely create an association with the brand or even impersonate it. Inattentive victims usually don’t see the difference, especially if the website design is aptly copy-pasted from the original one. In many countries, cybersquatting is unlawful and may even be punishable by the enacted criminal law.

  • Q
    When cybersquatting is illegal?

    It largely depends on the integrity of circumstances, but most of the cybersquatting cases likely violate some of the intellectual property laws or even fall within the purview of criminal law. Cybersecurity is, however, not always illegal. For instance, if a car dealer promotes a couple of domain names containing variations of the car brand within the country of its authorized territory of sales, such a case will unlikely trigger serious legal ramifications. Contrariwise, if a competitor purposefully and with intent to harm creates domain names, exploiting your brand, to deceive and steal your leads or clients, such acts may be even criminally punishable under certain circumstances.

  • Q
    How to prevent cybersquatting?

    Continuous monitoring of the existing and newly created domain names is essential to keep an eye on unlawful cybersquatting activity. Once a cybersquatting domain is spotted, and you believe that it violates your intellectual property rights or is prohibited by the applicable unfair competition laws, you or your attorney should contact the domain name registrar and request to unregister the domain name. Separately, and after receiving a competent legal advice from a licensed law firm, you may also file a legal action against the wrongdoer asking for damages.

Try Other ImmuniWeb® Free Products

How We Help Ask a Question