Trace the signal.
Connect the dots.

TraceTrellis is a passive OSINT signal correlator. Paste in an email address, username, or domain and we automatically query multiple public data sources in parallel. You get back an interactive relationship graph and a chronological timeline showing how that identity connects across the internet.

Investigations pull from 7 free OSINT sources including GitHub, Sherlock, Crt.sh, DNS Dumpster, WHOIS, and HIBP. Premium sources like full HIBP breach detail checks and extended WHOIS lookups are available with credits. All data comes from publicly available sources — there's no hacking, scraping of private databases, or access to anything behind authentication.

Yes — the free tier gives you 10 investigations per day plus one time free 3 premium credits with all 7 free sources. No credit card required, ever. If you want access to premium sources (like detailed HIBP breach checks or WHOIS lookups), you can purchase a one-time credit pack starting from just $5.

Credits are a one-time purchase that never expire. They unlock premium data sources: HIBP breach checks cost 2 credits, HIBP domain checks cost 3 credits, and WHOIS domain lookups cost 3 credits per investigation. There are no subscriptions — buy a pack once and use them whenever you need. Packs start at 70 credits for $5.

TraceTrellis is built for security researchers, penetration testers, journalists investigating public-interest stories, individuals checking their own digital footprint, and HR or fraud investigation teams. Anyone who needs to quickly understand what public information is linked to an identity.

Most investigations complete in under 30 seconds. All data sources are queried in parallel using background job queues, so you get results from every source as fast as each one responds — no waiting for one to finish before the next starts.

Investigation results are saved to your account for later review. Your data is never sold, shared, or monetised. Your investigations stay yours.

Every completed investigation gives you a full suite of outputs:

• Artifacts list — a structured listing of every signal found across all queried sources, categorised by type (usernames, emails, domains, breach records, certificates, etc.).
• Inline JSON viewer — a formatted, syntax-highlighted preview of the complete investigation data, readable right in your browser before you download anything.
• JSON export — a pretty-printed download of the full investigation payload, including all raw artifacts, confidence scores, relationship metadata, and source responses — ready for external tooling or archiving.
• PDF report — a comprehensive, print-ready report capturing all findings, the relationship graph snapshot, timeline events, and source details in a clean document format.
• WHOIS data — domain registration details (registrar, dates, nameservers, registrant where not privacy-protected) are surfaced automatically when a domain is part of your investigation target.
• Relationship graph — an interactive force-directed graph showing every discovered node and how they connect. Click any node to open a detail modal with its full data — source, type, confidence, and linked artifacts.
• Timeline — a chronological view of all events found during the investigation. To navigate:
  • Mouse wheel — zoom in or out across the time axis (years to days).
  • Click and hold, then drag left/right — scroll horizontally through time. This is the primary pan gesture; a standard horizontal scroll will not work.
  • Click any event marker to expand its full detail panel.