Identity Risk Analyzer

Map anyone's digital footprint across 15+ platforms in seconds.

Give it a name, username, email, or phone number — and this Actor will hunt down public profiles across social media, forums, and developer platforms, cluster them into a unified identity, score the risk level, check for data breaches, and generate an interactive graph of connections.

Built for security researchers, HR teams, fraud analysts, and investigative journalists who need fast, structured OSINT without the manual work.

What it does in one run:

• Searches 15 platforms simultaneously (Twitter/X, Reddit, GitHub, Instagram, LinkedIn, TikTok, and more)
• Clusters accounts that likely belong to the same person using username similarity, bio matching, and shared links
• Scores digital risk 0–100 based on breach exposure, anonymity patterns, and cross-platform reuse
• Checks HaveIBeenPwned for data breach history
• Scans Pastebin and GitHub Gists for credential leaks
• Infers geolocation from timezone signals and post timestamps
• Generates a D3.js force-directed identity graph
• Returns structured JSON — ready for downstream automation

---

⚠️ Legal Disclaimer

This Actor is intended for lawful OSINT purposes only. Authorized use cases include security research, HR due diligence, and fraud prevention. Users are solely responsible for compliance with all applicable laws, including GDPR, CCPA, and local privacy regulations.

This Actor must NOT be used for stalking, harassment, unauthorized surveillance, or any activity that violates applicable laws or platform Terms of Service.

The Actor only collects data from publicly accessible pages and does not bypass authentication, CAPTCHAs, or paywalls.

---

Use Cases

• Security Research — Map the digital footprint of a threat actor or investigate suspicious identities across platforms.
• HR Due Diligence — Verify candidate identity consistency and detect undisclosed online presence.
• Fraud Prevention — Cross-reference identities across platforms to detect fake or synthetic accounts.
• Journalism / Investigations — Aggregate public information about a person of public interest.

---

Input Parameters

Parameter	Type	Required	Default	Description
name	string	one of name/username/email	—	Target's full name
username	string	one of name/username/email	—	Target's username (10+ permutations auto-generated)
email	string	one of name/username/email	—	Target's email address
phone	string	no	—	Target's phone number (normalized to E.164)
targets	array	no	—	Batch mode: array of target objects (max 20)
runMode	string	no	"quick"	quick / deep / custom
platforms	array	no	all	Platforms to scan (custom mode only)
features	array	no	mode default	Features to enable (custom mode only)
outputFormat	string	no	"full"	full or summary
forceRefresh	boolean	no	false	Bypass 24-hour result cache
clusteringThreshold	number	no	0.75	Identity clustering sensitivity (0.50–0.95)
hibpApiKey	string	no	—	HaveIBeenPwned API key for breach check
enableImageSearch	boolean	no	false	Enable reverse image search API
platformDelays	object	no	see defaults	Per-platform request delay overrides (ms)
platformTimeouts	object	no	120000ms	Per-platform sub-Actor timeout overrides (ms)
delayBetweenTargets	integer	no	5000	Delay between batch targets (ms)
proxyConfig	object	no	auto	Apify Proxy configuration override

API Key Requirements

Key	Field	Required	Purpose	Get it at
HaveIBeenPwned	hibpApiKey	For breach check	Data breach lookup	haveibeenpwned.com/API/Key
WhoisFreaks	whoisApiKey	Optional	WHOIS lookup (higher rate limit)	whoisfreaks.com
GitHub Token	githubToken	Optional	GitHub profile lookup (60→5000 req/hr)	github.com/settings/tokens

All keys are marked isSecret in the input schema — they will not appear in logs or UI.

---

Run Modes

Mode	Platforms	Features	Est. Time	Est. Cost
quick	8 free platforms (no paid actors)	None	~60s	Free
deep	All 15 platforms (includes paid actors)	breach, paste, domain, geolocation	~300s	$1.50–$3.00
custom	User-selected	User-selected	Varies	Varies

Cost tip: quick mode uses only internal/free collectors (Reddit JSON API, Nitter for Twitter, GitHub API, HackerNews Algolia, StackExchange API, Medium RSS, Telegram public, Kaskus scraper) — no Actor.call() to paid third-party actors.

Supported Platforms (15 total)

Platform	Collector type	Cost
twitter	Internal (Nitter)	Free
reddit	Internal (Reddit JSON API)	Free
github	Internal (GitHub API)	Free
stackoverflow	Internal (StackExchange API)	Free
hackernews	Internal (Algolia HN API)	Free
medium	Internal (RSS feed)	Free
telegram	Internal (public scraper)	Free
kaskus	Internal (custom scraper)	Free
instagram	Paid actor	~$0.40/run
tiktok	Paid actor	~$0.40/run
linkedin	Paid actor	~$0.50/run
facebook	Paid actor	~$0.40/run
youtube	Paid actor	~$0.30/run
pinterest	Paid actor	~$0.30/run
quora	Paid actor	~$0.30/run

Optional Features

Feature	Description	Est. Additional Cost
breachCheck	HIBP data breach lookup (requires hibpApiKey)	+$0.10
pasteCheck	Pastebin + GitHub Gists search	Free
domainAnalysis	WHOIS + DNS + reverse IP lookup	Free
geolocation	Timezone/location inference from public metadata	Free
imageSearch	Reverse image search API (opt-in only)	+$1.00

Note: imageSearch is excluded from all modes by default. Enable it explicitly by setting enableImageSearch: true in input.

---

Output Format

The Actor writes records to the Apify Dataset. Each record conforms to ./OUTPUT_SCHEMA.json.

Record Status Types

Status	Description	Triggers Billing
FINAL	Complete analysis result	Yes
CACHED	Result served from 24-hour cache	Yes
PARTIAL	Intermediate result per sub-Actor completion	No
ABORTED	Partial result when Actor was aborted by user	No
FAILED	Unrecoverable error record	No

Key-Value Store Artifacts

Key	Contents
IDENTITY_GRAPH	D3.js force-directed graph JSON
RAW_SOURCES	Full unprocessed scraped data
CACHE_{sha256}	Cached result (24-hour TTL)
PROXY_STATS	Proxy usage statistics
PIPELINE_TIMING	Per-stage start/end timestamps
OUTPUT_ERROR	Error details if Actor fails at startup
METAMORPH_STATE	Intermediate state for large runs

Output Schema

The complete output schema is defined in ./OUTPUT_SCHEMA.json. The outputSchemaVersion field in every record allows downstream consumers to detect schema version and handle migrations.

Key output fields:

Field	Type	Description
sourcesCollected	string[]	Platforms that returned data
skippedPlatforms	string[]	Paid actors not invoked (cost control or no permission)
notFoundPlatforms	string[]	Platforms searched but target not found
sourcesFailedCount	number	Platforms that errored or timed out
rateLimitedSources	string[]	Platforms that returned rate-limit responses

---

Example Output

{
  "queryId": "run_abc123",
  "status": "FINAL",
  "outputSchemaVersion": "1.0.0",
  "inputSummary": {
    "username": "johndoe",
    "email": "john.doe@example.com"
  },
  "identityClusters": [
    {
      "clusterId": "cluster_001",
      "members": [
        { "platform": "twitter", "profileUrl": "https://twitter.com/johndoe" },
        { "platform": "github", "profileUrl": "https://github.com/johndoe" }
      ],
      "confidenceLevel": 87,
      "sharedAttributes": ["username", "bio_link"],
      "possibleMatches": []
    }
  ],
  "riskScore": 42,
  "riskLabel": "MEDIUM",
  "riskExplanation": [
    { "factor": "Email/username reuse across 4 platforms", "contribution": 18 },
    { "factor": "1 data breach found (LinkedIn 2021)", "contribution": 14 },
    { "factor": "2 paste site mentions", "contribution": 6 }
  ],
  "breachData": [
    {
      "breachName": "LinkedIn",
      "breachDate": "2021-06-22",
      "dataClasses": ["Email addresses", "Passwords"],
      "exposureLevel": 65
    }
  ],
  "geolocation": {
    "consensusCountry": "Indonesia",
    "consensusRegion": "West Java",
    "confidencePercent": 78,
    "inferredUtcOffset": "UTC+7 ±1h",
    "locationInconsistent": false
  },
  "graphUrl": "https://api.apify.com/v2/key-value-stores/store_id/records/IDENTITY_GRAPH",
  "sourcesCollected": ["twitter", "github", "reddit"],
  "sourcesFailedCount": 0,
  "skippedPlatforms": ["instagram", "tiktok", "linkedin", "facebook", "youtube", "pinterest", "quora"],
  "notFoundPlatforms": ["telegram", "kaskus", "medium", "hackernews", "stackoverflow"],
  "rateLimitedSources": [],
  "runDurationSeconds": 74,
  "runMode": "quick",
  "clusteringThreshold": 0.75,
  "timestamp": "2024-01-15T10:30:00.000Z",
  "cacheHit": false,
  "cachedAt": null,
  "cacheExpiresAt": null,
  "dataSourceAttribution": [
    { "platform": "twitter", "collectedAt": "2024-01-15T10:29:10.000Z", "recordCount": 1 },
    { "platform": "github", "collectedAt": "2024-01-15T10:29:22.000Z", "recordCount": 1 }
  ],
  "pipelineErrors": [],
  "outputSchemaVersion": "1.0.0"
}

---

Pricing Model

This Actor uses Apify's Pay per result model — billing is triggered per completed Dataset record with status: "FINAL" or "CACHED". Partial and aborted records do not trigger billing.

Mode	Est. Cost per Run
Quick (8 free platforms)	Free
Deep (15 platforms, paid actors included)	$1.50–$3.00
Deep + Image Search	$2.50–$4.00
Batch (per target, deep)	$1.00–$2.00 / target

Volume discounts for batch mode: 10 targets = -10%, 20 targets = -20%.

Paid actors (Instagram, TikTok, LinkedIn, Facebook, YouTube, Pinterest, Quora) are only invoked in deep or custom mode. In quick mode, all data is collected via free public APIs — no third-party actor calls are made.

---

v1.2.0 (2026-04-21)

• Added whoisApiKey and githubToken input fields — optional keys for higher rate limits
• Internal collectors now try all username permutations (10+) per platform
• pasteCheck now falls back to email local-part as username when no explicit username provided
• buildAccountNodes injects normalizedEmail and normalizedPhone into every account node for better clustering
• Added notFoundPlatforms field to output
• GitHub collector now passes location, bio, email for geolocation inference
• Fixed timeout bug in orchestrator polling loop for internal collectors
• Fixed StackOverflow false positive — now requires exact username match
• Fixed fetchRunOutput using run ID instead of dataset ID
• Fixed Pastebin URL constant corrupted by IDE autofix
• Added AbortSignal.timeout to Reddit and domain collectors
• Added more Nitter instances and better error page detection
• WHOIS collector now tries multiple free APIs with fallback
• Reverse image search now handles Google consent page redirect gracefully

v1.1.0 (2026-04-20)

• Cost optimization: Twitter/X and Reddit migrated to free internal collectors (Nitter + Reddit JSON API) — no paid actor calls
• quick mode now covers 8 platforms (was 3) at zero Actor.call cost
• Added isPaid flag per platform in actor registry for transparent cost tracking
• Paid actors (Instagram, TikTok, LinkedIn, Facebook, YouTube, Pinterest, Quora) now only invoked in deep/custom mode
• Memory allocation reduced from 256MB → 128MB for all internal actors
• imageSearch feature removed from deep mode defaults (opt-in only via enableImageSearch: true)
• Added SKIPPED status for paid actors bypassed in non-deep modes
• pasteCheck and domainAnalysis reclassified as free (direct HTTP, no actor cost)

v1.0.0 (2024-01-15)

• Initial release
• 15 platform collectors: Instagram, Twitter/X, TikTok, LinkedIn, Facebook, YouTube, Pinterest, Telegram, Reddit, Kaskus, GitHub, Stack Overflow, Quora, Medium, HackerNews
• Identity clustering engine with Jaro-Winkler + TF-IDF bio similarity
• Risk scoring engine (0–100) with top-3 explanation
• D3.js digital footprint graph output
• Data breach check via HaveIBeenPwned v3 API
• Paste site cross-reference (Pastebin + GitHub Gists)
• WHOIS + DNS domain analysis
• Perceptual hash (pHash) image fingerprinting
• Geolocation inference from public metadata
• 24-hour result caching
• Batch mode (up to 20 targets)
• Quick / Deep / Custom run modes
• Apify Proxy auto-configuration with residential fallback
• Anti-detection: stealth plugin, UA rotation, human-like delays