Skip to content
← UserSearch.comLog in ↗

The pivot: one entity into a linked graph

A search rarely stays on the entity you started with. You begin with one identifier — a username, an email, a phone number, a face — and each search hands you new values that point somewhere else. A pivot is the move from the entity you hold to a related one, and stringing pivots together is how a single input becomes a linked graph of accounts, people, domains, and infrastructure.

This page explains what a pivot is, the ways to pivot inside the UI, and the routing table that tells you what you can reach from every kind of entity.

Username Intelligence, empty state, showing a search input that begins a pivot chain
Username Intelligence, empty state, showing a search input that begins a pivot chain

A pivot is moving from one entity to a related one by following a Connection surfaced by a search. The investigative core loop is:

search → enrich → pivot — run a Module against an input entity, let Enrichment expand the Found records with extra metadata, then take one of those newly-surfaced values and search it in another Module or Search type.

Two facts anchor how pivots appear in results (per Lee, 2026-07-08):

  • Found means the identifier was located on a site — an account exists there.
  • Enriched means UserSearch holds further metadata on that account — for example possible names or linked emails.

Enriched fields are the raw material for a pivot. A name or a linked email surfaced by enrichment is the next entity you feed back into the map. Found tells you where an entity lives; Enriched gives you the new entities to chase.

Re-search across Search types (the manual pivot)

Section titled “Re-search across Search types (the manual pivot)”

Take a value you obtained from one search — say, an email surfaced while enriching a username — and enter it as the input to a different Search type or Module. This is the workhorse pivot, and it is the reason the map below is organised by input entity. No special control is required: it is the ordinary act of running a second search.

A “G” icon shown next to a searched artifact is a Google dork for that artifact. Clicking it opens Google with a preset dork for the value (per Lee, 2026-07-08). This is a pivot out of the platform into an external Google search, not an internal re-search.

a searched artifact row showing the Google "G" dork icon
a searched artifact row showing the Google "G" dork icon

A separate magnifier / enrich icon appears next to a searched term, beside the Google “G”. Like the “G”, it opens a Google page with a preset dork for that value (per Lee, 2026-07-10) — a second one-click pivot out of the platform into an external Google search. The exact dork template it builds is not documented here.

The AI Agent (S.A.R.G.E.) exposes a row of entity-type pills — Username, Name, Email, Phone, Image, Domain, IP, VIN, Address, Company — plus Search type pills for Corporate, Court, Cyber, Leaks, Messaging, and Wireless. It lets you multi-select Modules, so it can chain several of the pivots below conversationally rather than card-by-card.

S.A.R.G.E. is a documented feature despite its v0.3 experimental label (per Lee, 2026-07-08).

AI Agent (S.A.R.G.E.) entity-type and Search type pills
AI Agent (S.A.R.G.E.) entity-type and Search type pills

The tables below read as a routing table: for each entity you might hold, they list what you can reach and which Search type → Module takes you there.

The How it’s grounded column means:

  • Observed — a Module with this input and output is captured in the screenshots.
  • Enrich (per Lee) — the onward entity comes from Enrichment; grounded in Lee’s Found / Enriched definitions, but the specific enriched fields in any given run are not yet captured.

Entry search types: Username Intelligence, Public Forums, Chat Messaging; a username is also a field in the People Intelligence person form.

From a username you can reachVia Search type → ModuleHow it’s grounded
Accounts on 3000+ websites (social media, forums, other linked accounts)Username Intelligence → Username Search (Search 3000+ sites)Observed
A merged multi-source account footprintUsername Intelligence → Username Search (OneScan) [RECOMMENDED]Observed
data source-specific footprintsUsername Intelligence → OSINT Industries / Predicta / Pipl-Social / Pipl-Business ModulesObserved
GitHub repositories and activityUsername Intelligence → GitHub SearchObserved
Historical / archived Twitter data and postsUsername Intelligence → Twitter History, Twitter PostsObserved
Possible names and linked emails for a found accountEnrichment of the aboveEnrich (per Lee)
Reddit profile, post/comment history, activity timeline, behavioural insightsPublic Forums → Reddit User plus Reddit profile/history ModulesObserved
Telegram user/channel details, membership, historic profile picturesChat Messaging → Telegram User Lookup / Channel Lookup / Historic PicturesObserved
A full person record (combined with other fields)People Intelligence → Person Modules (Username is one form field)Observed

Entry search type: Email Intelligence; also a field in People Intelligence, an accepted term in Court Records free-text, and a Public Leaks entity tab.

From an email you can reachVia Search type → ModuleHow it’s grounded
Social networks and dating sites the email is registered onEmail Intelligence → Reverse-Email (Fast)Observed
A merged multi-source email footprintEmail Intelligence → Email (OneScan) [RECOMMENDED]Observed
A real name and location (Email → Name)Email Intelligence → Email-To-Name (Gravatar)Observed (Gravatar pivot per Lee, 2026-07-08)
Domains owned by the email (Email → Domain, reverse-WHOIS)Email Intelligence → Domain Ownership; Website Forensics → Website Domain Ownership (by Email)Observed
Breach / leak appearances and exposed credentialsEmail Intelligence → Scam Database; Public Leaks → HaveIBeenPwned, Dehashed, IntelX, OneScanObserved
ProtonMail confirmation, account creation date, sometimes a forwarding emailEmail Intelligence → ProtonMail AnalyseObserved
Compromised computers/devices tied to the emailThreat Intelligence → Email Threat (HudsonRock)Observed
A person / social and professional profileEmail Intelligence → Email (Pipl-Social / Pipl-Business / Predicta / Epieos / OSINT Industries); People Intelligence (Email field)Observed
Phone, address, username for the same personEnrichment / People form cross-fieldsEnrich (per Lee)

Entry search type: Phone Intelligence; also a field in People Intelligence, an accepted term in Court Records, and a Public Leaks entity tab.

From a phone number you can reachVia Search type → ModuleHow it’s grounded
Identity, address history, and public records (US)Phone Intelligence → Background Check (US)Observed
A merged multi-source phone footprintPhone Intelligence → Phone (OneScan) [RECOMMENDED]Observed
Phone-linked identity / enrichment dataPhone Intelligence → OSINT Industries / Pipl-Social / Pipl-Business / Predicta / EpieosObserved
A person record (name, email, address)People Intelligence → Person Modules (Phone is the lead field)Observed

Entry search type: People Intelligence; a name is also an accepted term in Court Records and appears as Person Sanctions input in Corporate Intelligence.

The People form is multi-field: Country Code + Phone, Email, VIN, First/Middle/Last Name, Country/State/City, Username, and Age Range. Providing more fields reduces false positives; only one field is required. Because it accepts so many entity types as input, People Intelligence is the hub of the pivot map — nearly every other entity can pivot into a person here.

People Intelligence multi-field person form
People Intelligence multi-field person form
From a person/name you can reachVia Search type → ModuleHow it’s grounded
Comprehensive social profiles and personal infoPeople Intelligence → Person (Pipl-Social)Observed
A merged multi-source person recordPeople Intelligence → People (OneScan) [RECOMMENDED]Observed
data source-specific person dataPeople Intelligence → Person (Predicta / Pipl-Business / OSINT Industries)Observed
Associated email / phone / username / addressReturned fields / enrichment of the aboveEnrich (per Lee)
Sanctions / watchlist hitsCorporate Intelligence → Person Sanctions (OpenSanctions)Observed
Court records mentioning the personCourt Records → any Module (free-text name query)Observed

Entry search types: Website Forensics, Cyber Intelligence, Threat Intelligence; a Domain entity pill exists in the AI Agent and a Domain entity tab in Public Leaks.

From a domain you can reachVia Search type → ModuleHow it’s grounded
Current and historical WHOIS ownership and contacts (Domain → Person/email)Website Forensics → Website Domain Ownership (by Domain)Observed
Historical page snapshotsWebsite Forensics → Website Change HistoryObserved
Third-party website-intelligence integrationsWebsite Forensics → 3rd Party Website LookupObserved
Other sites sharing the same favicon hash (Domain → Domain)Website Forensics → Search by FaviconObserved
Hosts / IPs for the domain, with ports and services (Domain → IP)Cyber Intelligence → Find Hosts by Hostname / Domain (Shodan)Observed
Domain reputation / blocklist statusThreat Intelligence → Domain Reputation (SpamHaus)Observed
Infostealer / compromise threat dataThreat Intelligence → Domain Threat (HudsonRock)Observed

Entry search types: Cyber Intelligence, Threat Intelligence; an IP entity pill exists in the AI Agent and IP/CIDR entity tabs in Public Leaks.

From an IP you can reachVia Search type → ModuleHow it’s grounded
Full host profile: open ports, service banners, web tech, TLS/SSL certs, hostnames, owning organisation, known CVEs (IP → Domain/org)Cyber Intelligence → IP Host Lookup (Shodan)Observed
Threat indicators — malware, botnets, malicious activity (filterable by Compromised Since year)Threat Intelligence → Computer/IP Threat (HudsonRock)Observed
IP reputation / blocklist statusThreat Intelligence → IP Reputation (SpamHaus)Observed
Related exposed assets (certs, databases, cameras, ICS, IoT, mail servers) sharing infraCyber Intelligence → the other Shodan Modules (via a custom query)Observed

Entry search type: Picture; an Image entity pill exists in the AI Agent, with an Image attachment control in the S.A.R.G.E. composer.

From an image you can reachVia Search type → ModuleHow it’s grounded
Manipulation / AI-generation forensic verdictPicture → Fake Image CheckObserved
A merged multi-source image scanPicture → Image (OneScan) [RECOMMENDED]Observed
Face matches across the web (profiles / URLs) (Face → accounts)Picture → Face Search (FaceCheck.id)Observed
Adult-site face matchesPicture → Face Search (18+) (CamGirlFinder)Observed
Geolocation of where the image was taken (Image → location)Picture → Image Geo-location (Picarta), Image Geo-location (FindPicLocation)Observed
Reverse-image matches / where else the image appearsPicture → Image (TinEye), Image (Google Lens)Observed

Entry search type: Cryptocurrency; a Bitcoin entity tab exists in Public Leaks, and Cryptocurrency Infrastructure is a Cyber Module.

From a wallet address you can reachVia Search type → ModuleHow it’s grounded
Transaction history, balance, associated metadataCryptocurrency → Address Lookup (accepts EVM / 0x-style addresses)Observed
Websites associated with the wallet (Wallet → Domain)Cryptocurrency → Websites by AddressObserved
Leak/breach records referencing the walletPublic Leaks → any Module, Bitcoin entity tabObserved
Exposed crypto infrastructure hostsCyber Intelligence → Cryptocurrency Infrastructure (Shodan)Observed

Entry search type: Vehicle Lookup; VIN is also a field in the People form.

From a registration / VIN you can reachVia Search type → ModuleHow it’s grounded
Make, model, MOT history, tax status (UK)Vehicle Lookup → Vehicle Lookup (UK Only, Enriched)Observed
US vehicle detailsVehicle Lookup → Vehicle Lookup (US Only, Enriched)Observed
The vehicle owner as a person (Vehicle → Person)Vehicle Lookup → Vehicle Owner (Pipl-Social), Vehicle Owner (Pipl-Business)Observed
A person record seeded by the VINPeople Intelligence → Person Modules (VIN field)Observed

Entry search type: Corporate Intelligence; a Company entity pill and a Corporate Search type pill exist in the AI Agent.

From a company you can reachVia Search type → ModuleHow it’s grounded
Registration details, directors, filings, corporate structure (Company → Person)Corporate Intelligence → Company Search (OpenCorporates), Company Search (CompaniesHouse-UK)Observed
Named directors / officersCorporate Intelligence → Director Search (OpenCorporates), Officer Search (CompaniesHouse-UK)Observed
Companies at an address (Address → Company)Corporate Intelligence → Address Enquiry (OpenCorporates)Observed
Legal Entity Identifier recordsCorporate Intelligence → LEI Search (GLEIF)Observed
Trademark recordsCorporate Intelligence → Trademark Search (OpenCorporates)Observed
US SEC filings (full-text)Corporate Intelligence → SEC Full-Text Search (SEC-USA)Observed
Sanctions / watchlist hits (company or person)Corporate Intelligence → Company Sanctions, Person Sanctions (OpenSanctions)Observed

Entry search type: Wireless Device, all backed by WiGLE (the wardriving database).

From a wireless identifier you can reachVia Search type → ModuleHow it’s grounded
Bluetooth device details and geolocation (from a BSSID/MAC)Wireless Device → Bluetooth by BSSIDObserved
Bluetooth devices by areaWireless Device → Bluetooth by ZIP, Bluetooth by SSIDObserved
WiFi network details and geolocation (from a BSSID/MAC)Wireless Device → WiFi by BSSIDObserved
WiFi networks by area / nameWireless Device → WiFi by ZIP, WiFi by SSIDObserved

Some Search types accept a broad free-text query rather than one entity type, so they act as catch-all pivot targets.

Entry pointAcceptsReaches
Court Records free-textphrase, email, username, phone number, name, address, or other termcourt records across UK / US / Russia / Canada / France data sources (or OneScan across all)
Public Leaks query + entity tabsvalue scoped by tab: All, Email, Phone, IP, CIDR, MAC, Domain, URL, Bitcoin, IBAN, Card Number, and moreexposed credentials / personal data from breaches (IntelX / Dehashed / HaveIBeenPwned / OneScan)
Product Intelligence queryproduct / topic termGoogle Trends, Trending Now, Scholar, Patents, Ad Creatives, Apple Apps, Events

A handful of pivots do most of the work in real searches. Learn these first:

  • Email → Name via Email-To-Name (Gravatar) — resolves an email to a real name and location (Gravatar pivot per Lee, 2026-07-08).
  • Email → owned domains via Domain Ownership / Website Domain Ownership (by Email) — reverse-WHOIS from an email to the domains it registered.
  • Email → breaches via Public Leaks HaveIBeenPwned / Dehashed / IntelX (or OneScan) — exposed credentials and breach appearances.
  • Username → 3000+ sites via Username Search (Search 3000+ sites) — the broadest single fan-out, discovering social, forum, and other accounts linked to a username.
  • Google “G” dork on any searched artifact — one click opens Google with a preset dork for that value (per Lee, 2026-07-08).
  • People Intelligence multi-field form — the convergence hub: phone, email, VIN, name, location, username, and age range all funnel into one person record.

Most Search types offer a OneScan Module marked RECOMMENDED that fans a single input out across several data sources at once and merges results, so the Data Source column shows which data source each row came from. OneScan front-loads the search step of the loop across many sources before you pivot.

Its cost is dynamic: a OneScan search costs the sum of all the data sources left selected in the “Choose Data Source” modal, so the displayed range moves as sources are toggled (per Lee, 2026-07-08). By contrast, non-OneScan search type searches are fixed-priced (per Lee, 2026-07-08); several are free — including Username 3000+ sites, Reverse-Email, Address Lookup, and Product Trends.

Verified against UserSearch v2.0.20