Lurk

Overview

Lurk operates as a privacy-centric OSINT aggregator positioned at the intersection of open-source intelligence and cryptocurrency anonymity. Unlike conventional threat-intelligence platforms that demand corporate contracts, verified identities, and persistent user profiles, Lurk strips the onboarding process down to a single crypto transaction and a disposable access token. The service indexes over 15 billion credentials from public breach dumps, enriches IP addresses through GreyNoise and Shodan feeds, monitors more than 50 darknet forums and Telegram channels, and tracks active ransomware gangs across leak sites. Users query this data through a web interface or REST API without ever creating an account, supplying an email address, or passing identity verification. The business model is deliberately minimal: pay, receive a token, search until the token expires. No recurring billing profiles, no password databases to breach, no support staff to social-engineer.

The platform organizes its capabilities into four core modules. Breach Intelligence surfaces plaintext and hashed credentials from public corpora and combo lists. IP Reputation delivers real-time enrichment including Tor exit-node detection, ASN attribution, port mapping, and scanner classification. Threat Monitoring aggregates dark-web forum posts, leak-site announcements, and channel chatter. Username OSINT performs cross-platform handle enumeration across more than 600 services. A Ransomware Tracker supplements this with victim claims, decryptor availability, and gang-status monitoring. API access returns structured JSON for pipeline integration, making Lurk viable for automated workflows as well as manual investigation.

Privacy & KYC

Lurk occupies the highest tier of anonymity in the NoKYC Directory framework: L0 — Trustless. No account is required at any stage. The service does not collect email addresses, names, or phone numbers. IP addresses are not logged. Queries execute in memory and evaporate when the session closes; the only persistent record is the payment transaction itself, and even that can be severed from usage through Monero.

• KYC tier: L0 — Trustless (no account, no identity verification)
• Email required: No
• IP logging: None
• Logging policy: Zero logs for queries; payment records only
• Warrant canary: PGP-signed, published monthly

The architecture reflects a deliberate adversarial stance. By eliminating recovery flows, Lurk removes the support infrastructure that law enforcement or attackers typically target with subpoenas or social engineering. The monthly warrant canary provides a detectable signal if the operator is compelled to modify the service or logging practices. Users seeking maximum unlinkability are explicitly steered toward Monero, whose stealth addresses and ring signatures break the payment-graph analysis that Bitcoin's transparent ledger permits.

Supported assets & payments

Lurk accepts four cryptocurrencies for token purchases: Monero (XMR), Bitcoin (BTC), Ethereum (ETH), and Tether (USDT) on the TRC20 network. The interface labels Monero as "recommended for full unlinkability," a guidance that serious privacy practitioners should heed. Bitcoin leaves a permanent public ledger trail; Ethereum offers equivalent transparency. USDT provides convenience but introduces the surveillance surface of Tron address clustering. Payment addresses expire after 30 minutes, requiring exact amounts to prevent accounting complexity.

Pricing follows a three-tier structure with no upsells. The Free tier permits five searches daily for email and IP queries with basic threat data and hidden passwords. Pro access costs €15 monthly, raising the daily limit to 2,500 searches, exposing full credentials, unlocking all sources, enabling API access, and permitting JSON or CSV export. Elite access at €25 monthly increases the daily ceiling to 10,000 searches, adds bulk CSV upload for batch queries, priority API queue placement, and bulk export functionality. Token lifetime equals the subscription duration; renewal requires a fresh payment. There is no auto-renewal mechanism, eliminating the chargeback and cancellation friction common to traditional SaaS platforms.

Security & custody

Lurk is fundamentally non-custodial with respect to user data. Because no accounts exist, there are no user databases to exfiltrate, no password hashes to crack, no API keys to rotate after a breach. The token itself is generated once, displayed once, and never stored by the operator in recoverable form. Loss of the token means permanent loss of access; this is not a bug but a security feature that removes the recovery vector entirely.

The service's custody model extends to the intelligence pipeline. Sources are either open-source or commercially licensed; Lurk does not perform active system breaches, which reduces legal exposure for subscribers. Infrastructure documentation is published openly, allowing technically proficient users to verify architectural claims against observed behavior. However, as the FAQ candidly acknowledges, complete verification of a zero-log claim is impossible. Users must rely on the convergence of economic incentives, the warrant canary, Monero's cryptographic privacy, and transparent infrastructure disclosure. The trust score of 61/100 reflects this residual uncertainty inherent to any closed-source platform making unverifiable claims, not a detected failure.

Who it's for — verdict

Lurk serves a narrow but critical audience: security researchers, journalists, incident responders, and privacy advocates who need breach and threat intelligence without the identity exposure that accompanies corporate OSINT subscriptions. The platform rewards users comfortable with cryptocurrency, self-custody of access tokens, and absolute responsibility for their own data retention. It is poorly suited for teams requiring audit trails, shared credential recovery, or compliance documentation that ties queries to identifiable analysts.

The 8/10 overall score reflects strong execution against a deliberately constrained scope. The 96/100 privacy score acknowledges near-ideal anonymity architecture; the 61/100 trust score reflects the unavoidable opacity of verifying zero-log claims and the relative youth of the operation. For the no-KYC OSINT niche, Lurk currently offers one of the cleanest alignments between stated privacy principles and technical implementation available in 2026. Users who prioritize unlinkability over convenience, and who can tolerate the friction of token self-custody, will find few competitors operating at this tier of anonymity.