How do I use Beacon's search results tabs?

Tabs: Intro

When you run a search, Beacon organizes results into 5 tabs: Dark Web, Deep Web, Social, Documents, and Breaches. Each tab contains results from different data sources based on your search parameters to help you navigate relevant results more efficiently.

There's also a "Flagged" tab to house any search results you've flagged for further viewing or export. View our Flagging and Exporting article for more information.

Screen Shot 2020-03-17 at 4.15.30 PM

Tab Descriptions

View our FAQ article for more detailed data source descriptions by tab category.

Dark Web

Dark Web results are crawled from hidden, anonymized networks including Tor, ZeroNet, I2P, and OpenBazaar. These results require an additional tool, such as a Tor browser, to access the site URL.

Deep Web

Deep Web results are crawled from public, unindexed webpages, as well as chat applications including Telegram, Discord, and IRC. Webpage links can be accessed through your regular browser.


Social results are crawled from a variety of niche and less-regulated social networks including 4chan, Gab, Mastodon, Telegram, Raddle, and Reddit. 

It also includes three dark web social networks:, 8kun, and Endchan. These require a Tor browser to access the original post.


Documents results are crawled from three widely used paste sites: Pastebin, DeepPaste, and PasteFS. Paste sites are generally used to publicly share blocks of plain text and are common sources of publicly-shared, leaked data. 

Pastebin and PasteFS links can be accessed in a regular browser, while DeepPaste is hosted on the dark web and requires Tor to view the original post.


Breaches results are crawled from over 10 billion records (and growing) of publicly-available leaked data repositories. These repositories are continuously refreshed as new breaches are discovered.

Results under the Breaches tab look a little different from the other tabs, which typically show the post title, URL or author, and a text preview. Breaches results show the breach title (blurred in the screenshot below), number of relevant results within that breach (based on your search parameters), and data types in that breach (e.g. emails, passwords):

breaches results

The “breach title” is typically the name of the breached site or organization. However, some results have more ambiguous titles, such as “Collections” or “BreachCompilation.” These are arbitrary names of credential stuffing lists and other breached data collections that aren’t necessarily targeted at a specific site or organization.


More context about specific breaches will be added in future releases.


The Breaches post detail view allows users to navigate through the list of breached data relevant to their search parameters. Users can also search those results within the post detail: