# Innumbra

> Free, metadata-only dark web meta-search engine and OSINT intelligence platform. Indexes Tor hidden services (.onion sites) for security researchers, journalists, and threat intelligence analysts. No content stored. Updated February 2026.

## What Is Innumbra?

Innumbra is an free dark web intelligence platform that indexes .onion hidden services on the Tor network. Unlike content-based search engines, Innumbra extracts and indexes only metadata: site titles, HTTP server headers, technology stacks, page language, uptime history, content hashes, OSINT entities, link relationships, warrant canaries, seizure banners, and threat intelligence classifications. No actual page content is ever stored, cached, or proxied. It is designed for OSINT professionals, cybersecurity researchers, journalists, and threat intelligence analysts.

## Core Capabilities

- **Dark web meta-search** — Search indexed .onion sites by keyword, status, technology, language, CTI type, and date range
- **OSINT entity extraction** — Automatically extracts 17+ entity types: Bitcoin, Ethereum, Monero, Dogecoin, and Zcash wallet addresses, email addresses, PGP key fingerprints, Jabber/XMPP IDs, Telegram handles, Tox messenger IDs, clearnet domains, linked .onion addresses, and I2P eepsite addresses
- **Semantic search** — Meaning-based search using vector embeddings, enabling queries like "drug marketplace" to match "pharmaceutical vendor"
- **Image OCR** — Text extraction from images on .onion pages, catching entity data hidden in images that HTML-only crawlers miss
- **Technology fingerprinting** — Identifies web servers (nginx, Apache, lighttpd), CMS platforms (WordPress, custom), frameworks, programming languages, and database technologies from HTTP headers and HTML signatures
- **Uptime monitoring** — Periodic status checks with retry logic (3 attempts per check, fresh Tor circuit per attempt), historical uptime graphs, and response time tracking
- **Mirror detection** — Content hashing and fuzzy hashing identify duplicate sites serving identical or near-identical content across different .onion addresses
- **Operator correlation** — Links sites to the same operator using 28 weighted signals: shared crypto wallets, PGP keys, emails, favicon hashes, content hashes, server fingerprints, and link topology
- **Link graph visualization** — Interactive graph showing how .onion sites connect to each other, with authority scoring and community detection
- **Warrant canary tracking** — Detects and monitors PGP-signed warrant canary statements
- **Seizure detection** — Identifies law enforcement seizure banners in 12 languages from 13+ agencies (FBI, Europol, BKA, NCA, etc.)
- **Change detection** — Tracks title changes, status transitions, and content modifications with timestamped history
- **Threat intelligence classification** — Categorizes sites as ransomware, marketplace, forum, MaaS, etc., using CTI feed integration and rule-based auto-classification across 11 categories
- **OPSEC scoring** — Rates operator security practices on a 0-100 scale based on header leaks, clearnet references, and infrastructure exposure
- **Favicon cross-referencing** — Favicon hashing enables clearnet infrastructure discovery via search engines like Shodan

## How Does Innumbra Discover Dark Web Sites?

Innumbra uses a four-phase discovery pipeline:
1. **Public directory imports** — Bulk ingestion from Ahmia's hidden service index (18,000+ addresses), with CSAM blocklist filtering applied before any address enters the database.
2. **Threat intelligence feeds** — Automated imports from deepdarkCTI, ransomwatch, RansomLook, and curated CISA advisory sources covering ransomware data leak sites, dark web marketplaces, and forums.
3. **automated link crawling** — The crawler follows outbound links from indexed sites to discover new .onion addresses, building a link graph that maps relationships between hidden services.
4. **User submissions** — Community-submitted .onion addresses are queued for verification and indexing after blocklist screening.

## How Does Operator Correlation Work?

Operator correlation identifies .onion sites likely operated by the same person or group. Innumbra's correlator analyzes multiple signals with weighted confidence scores: shared cryptocurrency wallet addresses, shared PGP key fingerprints, shared email addresses, matching favicon image hashes, identical content hashes, matching server fingerprints, near-duplicate content detection, fuzzy content matching, and link topology patterns. Sites exceeding the confidence threshold are grouped into operator clusters.

## Search Syntax

- `status:online` or `status:offline` — filter by current availability
- `cti:ransomware` or `cti:marketplace` — filter by threat intelligence category
- `tech:nginx` or `tech:wordpress` — filter by server technology
- `lang:ru` or `lang:en` — filter by detected page language
- `after:2025-01` or `before:2026-01` — filter by date range
- Direct entity search: paste a Bitcoin address, email, PGP fingerprint, or domain to find all sites referencing it
- Combine any filters with free-text keywords

## Frequently Asked Questions

**Is Innumbra free to use?**
Yes. Innumbra is completely free with no accounts, rate limits, or paywalls.

**Does Innumbra store dark web page content?**
No. Innumbra is strictly a metadata-only index. It stores titles, HTTP headers, technology fingerprints, uptime history, content hashes, and extracted entity identifiers. It does not store, cache, proxy, or reproduce any actual page content.

**What makes Innumbra different from other dark web search engines?**
Most dark web search engines index page content for full-text search. Innumbra indexes metadata only, focusing on structural intelligence: technology fingerprinting, entity extraction, operator correlation, mirror detection, and uptime monitoring with historical tracking.

**Who is Innumbra designed for?**
Cybersecurity researchers, threat intelligence analysts, investigative journalists, law enforcement OSINT analysts, academic researchers, and digital forensics professionals.

## Pages

- [Home / Search](https://innumbra.com/): Main search interface with filters and entity lookup
- [Newest Indexed Sites](https://innumbra.com/?v=newest): Most recently discovered .onion services
- [Change Detection Feed](https://innumbra.com/?v=changes): Real-time feed of site status and title changes
- [Entity Explorer](https://innumbra.com/?v=entities): Browse 17+ types of extracted OSINT entities with cross-site pivot analysis
- [Link Graph Visualization](https://innumbra.com/?v=graph): Interactive graph showing .onion site interconnections with authority scoring
- [Technology Browser](https://innumbra.com/?v=tech): Browse sites grouped by server technology stack
- [Language Browser](https://innumbra.com/?v=lang): Browse sites by detected page language
- [Warrant Canary Tracker](https://innumbra.com/?v=canaries): Monitor PGP-signed canary statements
- [Seized Sites](https://innumbra.com/?v=seized): Law enforcement seizure banner detection
- [Mirror Detection](https://innumbra.com/?v=mirrors): Content hash fingerprinting for duplicate site detection
- [Operator Clusters](https://innumbra.com/?v=clusters): Sites grouped by shared infrastructure, wallets, and behavioral patterns
- [Site Comparison Tool](https://innumbra.com/?v=compare): Side-by-side tech stack and metadata comparison
- [All Tags](https://innumbra.com/?v=tags): Browse categorized dark web hidden services
- [Submit a Site](https://innumbra.com/?v=submit): Submit .onion addresses for indexing
- [RSS Feed — Sites](https://innumbra.com/api/feed.php?type=sites): Atom feed of newest indexed sites
- [RSS Feed — Pages](https://innumbra.com/api/feed.php?type=pages): Atom feed of newest discovered pages
- [XML Sitemap](https://innumbra.com/?v=sitemap): Full XML sitemap for search engine crawlers