Intelligence teams are tasked to uncover insights across the surface web, deep web, and dark web illicit communities, to create a comprehensive view of the threat landscape. Without access to relevant data sources, monitoring areas of interest, tracking the movement of assets, and developing entity profiles, this creates gaps in critical intelligence to support security operations.

Illicit online communities remain the key source for critical data and intelligence pertaining to a wide range of physical threats, fraudulent activities, and malicious actors. Intelligence teams recognize the need to gain visibility into the trends and activities of threat actors engaging in illicit activity by utilizing open source intelligence (OSINT). Intelligence teams need a solution with unique access to high value sources that provide signal-rich and relevant information with the context required to evaluate and understand it.

The Flashpoint & Creative Radicals Advantage

Creative Radicals’ OpenIO platform enables security teams to monitor and detect physical security threats across surface web, mobile, social media networks, and online illicit communities. By identifying critical assets, establishing and monitoring areas of interest, security teams make intelligence discoverable to respond to threats from publicly available information (PAI) on illicit communities in a timely manner.


  • Multi-source OSINT Ontology

  • Automatic Search & Extraction

  • Searching Areas of Interest

  • Searching Topics of Interest

  • Searching People of Interest

  • Rapid Pattern of Life (POL) Development

  • Enabling Faster, More Efficient Analysts

  • Designed for Extension, Adaptation, and Integration

Integrated Flashpoint Datasets


Access to signal-rich discussions from illicit threat actor communities. Supplement internal data with targeted data from highly curated sources.

Chat Services: Access to around-the-clock conversations within threat-actor channels to monitor and gain insights across threat-actor communities. Chat platforms such as

Telegram, Discord, and QQ include searchable media such as images, and videos.

Paste Sites: Enables access to openly shared research, data leaks, and other plaintext files frequently used by. both anonymous sources and threat actors to share malicious activity, providing a broader view into open web data.

Blogs: Provides a broader view into open web data by providing online sources of news and information related to threat actors and collectives, allowing users to monitor activity in malicious communities more comprehensively, as well as risks impacting the organization or brand.

Message Boards: Provides access to the anonymous boards such as 4chan and 8chan, enabling users to monitor malicious content and discussions ranging from

hacktivism to physical threats.

Social News Aggregation & Discussion Sites: Collections from social news aggregation and discussion websites leveraged by both open and deep & dark web

communities where illicit actors discuss malicious activity, including malware developments, cyber threats, and physical threats.


Risk Intelligence Observables (RIOs): Flashpoint leverages its unique access to underground communities to collect and deliver a near real-time stream of cyber observables that can identify illicit activity from inside forums and file-sharing communities focused on cybercrime, hacking, fraud, and extremism/terrorism. These high-fidelity observables include IP address, location (city / country), hosting provider, timestamp, and user-agent string.


Finished Intelligence: Access to analytical reports produced by our intelligence analysts. Reports cover a wide spectrum of illicit underground activity, including crimeware, fraud, emerging malware, violent extremism, and physical threats.


Marketplaces: Access to top-tier marketplaces, where threat actors buy and sell items such as stolen credentials and personally identifiable information (PII).

Use Cases


Force protection, situational awareness, and physical security missions involve the discovery and management of human threats. Primary functions in OpenIO, combined with access to illicit online community datasets, are designed to collect and organize intelligence related to people, indicating who is communicating, where they've been, and who they know.


Mapping tools within OpenIO identify and visualize threats related to geographical locations, rapidly allowing security teams to monitor an Area of Interest. Combined with access to signal-rich discussions from the illicit online communities, security teams can uncover and assess threats while still in the planning stages.


By utilizing Flashpoint data in the OpenIO platform analysts are able monitor threat-actor discussions to gauge sentiment toward particular organizations, countries, individuals, or other entities. This will help inform physical security measures, understand targeting intent, and make proactive intelligence fed decisions.


Proper handling of a security incident starts with identifying and collecting relevant intelligence and data to enable teams to isolate and contain the threat. With integrations across a wide range of datasets, including illicit online communities, OpenIO automates the process of extracting relevant data across standardized datasets for rapid analysis.

Did this answer your question?