FAQ and Usages
StealSeek is a powerful search engine designed to help you find and analyze data breaches. Our platform provides comprehensive tools for security researchers and professionals to investigate potential data compromises.
StealSeek uses advanced algorithms to search through various databases and sources to find potential data breaches. Users can search using different criteria such as email addresses, usernames, domains, and more.
StealSeek is a privacy-first platform. We only collect the minimal data necessary to deliver and maintain our service. No emails, names, or unnecessary identifiers are stored or required.
If you need to request removal of specific data from our platform, please visit our Data Removal Request page. We handle requests for:
- Intellectual property claims
- Personally identifiable information
- Malware, phishing, or unlawful content
- Hate speech or illegal materials
Please note that StealSeek reserves the right to deny removal if there is a legitimate public interest in retaining the content.
Our privacy policy outlines how we handle your data. Please visit our Privacy Policy page for information about:
- Data collection and usage
- Your privacy rights
- Cookie policies
- Data retention periods
Our terms of service govern your use of StealSeek. Please visit our Terms of Service page for information about:
- Service usage terms
- User responsibilities
- Subscription terms
- Intellectual property rights
To create an account, click on the "Get Started" button and follow the registration process. You do not need to provide an email or username to register. For privacy reasons, we do not store any of your personal data.
Each UserID is a randomly generated 18-digit number, offering 1018 possible combinations — that's a quintillion unique IDs. Combined with CAPTCHA protection and no use of guessable credentials like email or passwords, the login process is highly resistant to brute-force and automated attacks.
Unfortunately, no. Since we do not store user data or tie UserIDs to any email or personal information, recovery is not possible. Please store your UserID securely.
We offer three main subscription plans: Standard, Professional, and Business. Each plan comes with different features and capabilities. Visit our Pricing page for detailed information.
You can upgrade your subscription at any time from your account dashboard. Go to pricing page and choose your desired plan.
Credits are used for additional features such as downloading logs, advanced inspections, and accessing premium features beyond your subscription limits.
Credits can be purchased from the Pricing page. We offer various credit packages to suit different needs and budgets.
To perform a basic search:
- Select a search table from the dropdown menu in the top-left of the search box (ULP is the default)
- Enter your search term in the main input field (you can search for domains, email addresses, usernames, passwords, etc.)
- Click the SEARCH button (or simply press Enter on your keyboard)
- Select a specific column in the Search Options modal that appears
- You must specify exactly what type of data you're searching for (Password, Domain, Email, TLD, etc.)
- If you're unsure which column to choose, look for the "i" icons next to each column name
- Hover your mouse over any "i" icon to see an example of that data type
- After selecting the appropriate column, click "Apply" to proceed with your search
This column selection step is crucial as it makes your search more precise and helps you find exactly what you're looking for.
Example: If you want to find "gmail.com", you should choose to search in the "Domain" column rather than the "Domain Name" column for better results. You can confirm this is the right choice by hovering over the "i" icon next to "Domain" to see similar examples.
Selecting the right search column is crucial for finding exactly what you need in StealSeek. After entering your search term and clicking SEARCH, you'll be prompted to select which specific column you want to search in.
How to Choose the Right Column
- Consider the specific type of data you're searching for (email address, domain name, password, etc.)
- Use the "i" icons next to column names to see examples of what data belongs in each column
- Select the most specific column possible for better results (e.g., use "Domain" instead of "Full_Domain" if you don't need subdomains)
For example, if you're searching for "gmail.com", you should choose:
- Domain - If you're looking for all accounts with this domain
- Email_Domain - If you specifically want results from email addresses with this domain
Here's a guide to all available searchable columns organized by tables:
ULP Table (User Login Pairs)
-
Domain: The main domain name and TLD combined (without subdomains)
example.com
-
Full_Domain: Complete domain including subdomains
mail.example.com
-
Domain_Name: Just the domain name without the TLD
github
-
Subdomain: Prefix part of a domain before the main domain
mail
-
TLD: Top-level domain extension
com
- Email: Complete email address
-
Email_User: Username part of an email (before the @ symbol)
user
-
Email_Domain: Domain part of an email (after the @ symbol)
gmail.com
-
Login_User: Usernames for account logins
johndoe123
-
Password: User account passwords
P@ssw0rd!
-
Protocol: Web protocol used (http, https, ftp, etc.)
https
-
IP: IP address information
192.168.1.1
-
Port: Port number used in a connection
443
-
Path: URL path after the domain
/login/auth
-
Android_App: Android application package names
com.example.app
-
Ref_File_ID: Reference to the source file identifier
12345
-
Leak_Type: The type of data leak (stealer or ulp)
stealer
-
CountryCode: Two-letter country code related to the entry
US
-
Date: Timestamp when the record was created/found
2025-03-22T00:00:00
Note: The URL field is a virtual field composed of multiple components (Protocol, IP, Port, Domain_Name, Subdomain, TLD, Path) and doesn't support "LIKE" queries. Search specific parts instead.
Autofills Table
-
Key: The field name or identifier in browser autofill data
mail
-
Value: The value stored for the corresponding key
John Doe
-
Ref_File_ID: Reference to the source file identifier
12345
-
CountryCode: Two-letter country code related to the entry
US
-
Date: Timestamp when the record was created/found
2025-03-22T00:00:00
Computer_Info Table
-
Computer_HWID: Hardware identification string for the computer
ABCDEF123456
-
Computer_Name: The hostname or machine name
DESKTOP-ABC123
-
Ref_File_ID: Reference to the source file identifier
12345
-
CountryCode: Two-letter country code related to the entry
US
-
Date: Timestamp when the record was created/found
2025-03-22T00:00:00
Cookies Table
-
Cookie_Domain: The domain that set the browser cookie
facebook.com
-
Ref_File_ID: Reference to the source file identifier
12345
-
CountryCode: Two-letter country code related to the entry
US
-
Date: Timestamp when the record was created/found
2025-03-22T00:00:00
Downloads Table
-
Download_URL: The URL from which a file was downloaded
https://example.com/file.zip
-
File_Name: Name of the downloaded file
document.pdf
-
File_Path: Local file system path where the file was saved
C:\Downloads\
-
Ref_File_ID: Reference to the source file identifier
12345
-
CountryCode: Two-letter country code related to the entry
US
-
Date: Timestamp when the record was created/found
2025-03-22T00:00:00
Files Table
-
File_Name: Name of the file including extension
backup.zip
-
File_Type: The extension or type of the file
pdf
-
File_Size: Size of the file in bytes
1048576
-
File_Sha1: SHA1 hash of the file content
a1b2c3d4e5f67890abcdef1234567890abcdef12
-
Ref_File_ID: Reference to the source file identifier
12345
-
CountryCode: Two-letter country code related to the entry
US
-
Date: Timestamp when the record was created/found
2025-03-22T00:00:00
History Table
-
URL: Browser history URL entry
https://example.com/login
-
Ref_File_ID: Reference to the source file identifier
12345
-
CountryCode: Two-letter country code related to the entry
US
-
Date: Timestamp when the record was created/found
2025-03-22T00:00:00
RefFile Table
-
ID: Unique identifier for the reference file
12345
-
Ref_File_Name: Name of the reference file
example_source_log_name
-
Leak_Type: Type of data leak (stealer)
stealer
-
CountryCode: Two-letter country code related to the entry
US
-
Date: Timestamp when the record was created/found
2025-03-22T00:00:00
Softwares Table
-
Software_Name: Name of the installed software
Microsoft Office
-
Ref_File_ID: Reference to the source file identifier
12345
-
CountryCode: Two-letter country code related to the entry
US
-
Date: Timestamp when the record was created/found
2025-03-22T00:00:00
User_Info Table
-
Computer_User: Username of the operating system account
john.doe
-
Client_IP: IP address of the client
203.0.113.1
-
Ref_File_ID: Reference to the source file identifier
12345
-
CountryCode: Two-letter country code related to the entry
US
-
Date: Timestamp of when the record was added to the database
2025-03-22T00:00:00
Note: If you only provide the date portion (e.g., "2025-03-22") without the time part after "T", the system will automatically set the time in the background.
Common Fields in All Tables
-
CountryCode: Two-letter country code indication of data origin
US
-
Date: Timestamp of when the record was added to the database
2025-03-22T00:00:00
Note: If you only provide the date portion (e.g., "2025-03-22") without the time part after "T", the system will automatically set the time in the background.
-
Ref_File_ID: Identifier linking to the source reference file
12345
To search effectively, first select the appropriate table from the dropdown menu, then use Search Options to specify which column you want to search in.
Pro Tip: For the most precise results, always use the most specific table and column for your search. For example, if you're looking for information about installed software, use the Softwares table rather than searching across all tables.
Click the settings (gear) icon next to the search box to access Advanced Search features. Note that all Advanced Search settings are reset after each search to prevent unintended usage of potentially resource-intensive options.
- Display Columns: Control which columns appear in your results
- Partial Match: Find results containing your search term (not just exact matches). May increase search time.
- Just Stealer: Limit results to only stealer logs. Can provide faster results by narrowing the search scope.
- Enable Total Count: Shows the exact total number of matching records. May significantly increase search time for large result sets.
- Enable Small Count: Shows exact counts up to 5000 results, and displays "5000+" for larger result sets. Provides a good balance between performance and information.
- Date Range: Filter results to a specific time period
- Results Control: Adjust the limit (10-1000) and offset for pagination
After making your selections, click "APPLY" to use these settings in your search. You must reapply these settings before each new search if you want to continue using them.
Pro Tip: For the fastest search performance, avoid using "Partial Match" and "Enable Total Count" options unless necessary. The "Enable Small Count" option provides a good compromise between performance and knowing the approximate size of your result set.
Every column in your search results is interactive. Right-click on any cell in the results table to access the context menu with these options:
- Inspect Log: View detailed information about the entire log file (Only available for entries with "stealer" leak type)
- Download Log: Save the log file to your computer (Only available for entries with "stealer" leak type)
- Copy: Copy just the cell content to your clipboard
- Copy All Row: Copy all data from the entire row to your clipboard
- Search: Start a new search using the selected value in other tables and columns
- This option expands to show available tables (like ULP, Autofills, etc.)
- After selecting a table, you'll see column options relevant to that table
- Selecting a column initiates a new search with the cell value in your chosen column
Example of Using Context Menu Search:
- You find a password in your search results that interests you
- Right-click on the password cell
- Select Search > ULP > Password from the context menu
- The system immediately performs a new search for all records with that specific password
Pro Tip: The context menu search feature is one of the fastest ways to pivot your investigation from one piece of data to related information. For example, if you find an interesting domain, you can right-click and search for all passwords associated with that domain in just two clicks.
Several factors can affect search performance:
- Enabling "Total Count" requires counting all matching records
- Using "Partial Match" performs more complex pattern matching
- Searching across very large datasets takes more time
- Complex date filters may increase processing time
For faster searches, be specific in your search terms, use column-specific searches, and avoid enabling "Total Count" unless needed.
To search within a specific date range:
- Click the settings (gear) icon to open Advanced Search
- Click the "Date Range" section to expand it
- Set a Start Date and End Date using the calendar controls
- Click "APPLY" to use these date filters in your search
This is particularly useful when you want to find data from a specific time period or want to exclude older records.
StealSeek provides powerful filtering capabilities to help you refine large result sets and find exactly what you're looking for:
Accessing Filters
- Perform a search to get your initial results
- Click the Filters button in the results toolbar
- A filter panel will open with multiple filtering options
Visible Columns
The "Visible Columns" section at the top of the filter panel lets you control which columns appear in your search results table:
- SELECT ALL: Show all available columns in the results table
- DESELECT ALL: Hide all columns (you'll need to select at least one to see results)
- Individual Checkboxes: Toggle specific columns on/off (CountryCode, Date, File Name, File Size, etc.)
This feature is particularly useful when working with large datasets where you want to focus on specific information without scrolling horizontally through many columns. For example, you might hide all columns except for Email, Password, and Date when analyzing login credentials.
Advanced Filters
The "Advanced Filters" section allows you to create precise filter rules to narrow down your search results:
Match Setting
- ALL rules: Results must satisfy every filter rule you create (equivalent to using AND between rules)
- ANY rule: Results can match any one of your filter rules (equivalent to using OR between rules)
Creating Filter Rules
- Click the "+ Add Filter Rule" button to create a new filter condition
- For each filter rule, you can define:
- NOT Query toggle: Invert the filter rule to find records that do NOT match the condition
- Column: Select which data column to filter (File Name, Domain, Password, etc.)
- Operator: Choose the comparison method (contains, equals, starts with, etc.)
- Value: Enter the specific data value to match against
- Add multiple filter rules by clicking the "+ Add Filter Rule" button again
Example Filter Rules
-
Simple text filter:
File Name contains "backup"
-
Negative filter:
NOT: CountryCode equals "US"
-
Multiple combined filters (ALL rules):
Domain contains "gmail" AND Date after 2023-01-01
-
Multiple combined filters (ANY rule):
File Type equals "pdf" OR File Type equals "doc"
Help Section
The Help section under Advanced Filters provides quick guidance:
- Use Visible Columns to show/hide table columns
- Create Filter Rules to narrow down results
- Choose ALL rules to match rows that satisfy all conditions
Filter Operators
Different column types support different operators:
- Text columns: equals, contains, starts with, ends with, not equals
- Numeric columns: equals, greater than, less than, between, not equals
- Date columns: equals, after, before, between, not equals
Saving and Managing Filters
- Filters are applied instantly, allowing you to see results as you refine your criteria
- You can add multiple filter conditions to create complex queries
- Reset individual filters or clear all filters using the provided buttons
- Filters are automatically saved for your current session
Filter Performance Tips
- Applying multiple filters may increase processing time
- Date filters are particularly efficient for narrowing large datasets
- Exact match filters (equals) perform faster than partial match filters (contains)
Pro Tip: For complex investigations, start with broader filters and gradually add more specific conditions to narrow down your results. This approach allows you to see patterns in the data before focusing on specific details.
While we always strive to preserve the original timestamp of data, sometimes it's not possible to determine when the data was actually created. Here's how our timestamp system works:
- Our processing systems employ multiple verification methods to identify the original creation date of each record
- These methods include analyzing file metadata, embedded timestamps, and contextual information from the source
- In most cases, we successfully recover and record the original timestamp
- However, when all methods fail to determine the original date, the system defaults to using the processing date (when we added the data to our database)
This means that occasionally you might find older data with a relatively recent timestamp. This doesn't indicate the data is new, only that we couldn't reliably determine its original creation date.
Pro Tip: When analyzing search results, don't rely solely on the date field to determine the age of data. Consider other contextual factors like related records, source information, and the nature of the data itself.
Ref_File_ID is one of the most important fields in StealSeek because it connects related data across different tables. Think of it as the glue that holds all pieces of a puzzle together.
What Ref_File_ID Actually Is
Each Ref_File_ID represents a specific source file (or "log") that was processed and added to our database. When we process a log file, all data from that file is given the same Ref_File_ID across all tables.
Why This Matters for Your Investigations
Understanding Ref_File_ID gives you powerful investigation capabilities:
- Connecting the dots: When you find interesting data in one table, you can see all other related data from the same source by searching for its Ref_File_ID in other tables
- Complete context: Instead of seeing isolated pieces of information, you can build a complete picture of what was in the original log
- Finding relationships: You can discover connections that wouldn't be obvious when looking at a single table
Simple Example
Imagine this scenario:
- You search the ULP table and find a login/password pair for "example.com"
- You notice its Ref_File_ID is "12345"
- You search for Ref_File_ID "12345" in the Autofills table
- You discover the autofill data from the same source contains the user's full name, address, and phone number
- You search for Ref_File_ID "12345" in the Cookies table
- You find the user also had active sessions on several banking websites
Without Ref_File_ID, these pieces of information would remain disconnected. With it, you can build a complete picture of the data from a single source.
Pro Tip: When you find a particularly interesting record, one of the most powerful searches you can do is to look for its Ref_File_ID across all tables. This will show you everything that came from the same source file, giving you a complete context for your investigation.
Yes, we provide a RESTful API for programmatic access to our services. Contact us to purchase API access.
Our data sources are updated in real-time or at frequent intervals depending on the source type. This ensures fresh and relevant breach data.
Still have questions?
Can't find the answer you're looking for? Please contact our support team.
Contact Support