Our platform processes 2,684,826 SAM.gov registrations and 167,681 exclusion records to surface patterns that manual research cannot detect.
When three or more federal contractors register at the same physical address, it creates what we call an address cluster. Some clusters are routine — shared office buildings, co-working spaces, business incubators. Others reveal coordinated registration patterns that warrant closer review.
Our platform identified 70,115 address clusters across all 50 states and the District of Columbia. Of those, 129 contain at least one entity matching the federal exclusion/debarment list. The distribution is not random — Virginia and California each produced 19 exclusion-matched clusters, followed by Texas (12), Maryland (10), and Florida (10). These five states account for over half of all confirmed matches, correlating directly with federal contracting volume and proximity to military installations.
The highest-density single address in our database contained 325 co-located entities in Sheridan, Wyoming — a known registered agent address that we identified and filtered from our findings. The next highest are concentrated in the DC beltway corridor: Herndon, VA (107 entities at one address), Leesburg, VA (88), and Bowie, MD (78). These high-density addresses are not inherently problematic, but they represent locations where due diligence is particularly important for firms evaluating potential teaming partners or subcontractors.
For compliance teams working in the federal contracting space, the practical takeaway is clear: single-entity SAM.gov searches miss the co-location context entirely. A subcontractor may have a clean SAM record, but if they operate from an address shared with 46 other entities — including two on the exclusion list — that context matters for your contractor responsibility determination and organizational conflict of interest (OCI) review.
The foundation of our platform is a simple but powerful concept: normalize every physical address in SAM.gov by stripping suite numbers, unit designators, and apartment numbers, then group entities that share the same base address in the same city.
Before normalization, "525 Corporate Dr STE 201" and "525 Corporate Dr STE 203" appear as different addresses in the SAM database. After normalization, they resolve to the same location: "525 CORPORATE DR." This single processing step increased our cluster count from 17,647 to 70,115 — revealing tens of thousands of co-location relationships that raw System for Award Management data obscures behind suite numbers.
Our normalization handles edge cases carefully. Words like "STEAMBOAT" (contains "STE"), "ESTERO" (contains "STE"), and "CHESTER" (contains "STE") are not affected because the regex targets only trailing designators after whitespace, not substrings within street names. Every edge case was tested during development and verified in independent code audits.
Once clusters are formed, each receives an automated risk score (0-100) based on entity count, coordinated SAM expiration dates, mixed active/inactive registration status, total federal contract value from USAspending.gov, and set-aside certification patterns (8(a), HUBZone, SDVOSB, WOSB). Clusters with higher risk scores are not inherently problematic — they simply exhibit more of the patterns that compliance professionals, contracting officer representatives (CORs), and DCAA auditors should review.
You receive a proposal from a potential subcontractor. They are registered in SAM.gov, they have the right NAICS codes, and their pricing is competitive. Before you sign the teaming agreement, you want to know: who else operates from their registered address? Are any of those co-located entities on the federal exclusion list? Is this address a known virtual office or registered agent location?
This is the core use case for our state intelligence reports. Open the companion CSV in Excel, press Ctrl+F, and search for the subcontractor's registered address. Instantly see every entity registered at that location — their legal names, Unique Entity Identifiers (UEIs), active/expired SAM status, and whether any are excluded from federal contracting under FAR 9.4.
If the address shows 3 entities with clean records, that is a normal small office. If it shows 47 entities with 2 exclusion matches, that is an address that warrants deeper review before you commit to a subcontracting relationship. The state report gives you this context in under 60 seconds — a check that would take hours of manual SAM.gov and FPDS searches to replicate.
For compliance teams managing multiple subcontractors across a state, the full CSV becomes a standing reference. Import it into your compliance tracking system and cross-reference every new subcontractor address automatically. This supports your FAR 52.209-6 compliance obligations and strengthens your contractor responsibility determination process.
The SAM Exclusion List (formerly the Excluded Parties List System, or EPLS) contains 167,681 records spanning decades of federal enforcement actions by agencies including DLA, SBA, USAF, Army, Navy, DOS, DOJ, DOL, EPA, HHS, HUD, and others. When we cross-reference these records against our 70,115 address clusters, patterns emerge that individual SAM exclusion searches cannot reveal.
The most active excluding agencies in our dataset are DLA (Defense Logistics Agency), SBA (Small Business Administration), and the military branches. DLA actions tend to cluster around metals, aviation parts, and supply chain integrity violations. SBA actions frequently involve small business certification misrepresentation — entities claiming 8(a), HUBZone, SDVOSB, or WOSB status they do not qualify for, or violating SBA size standards through undisclosed affiliations.
Critically, enforcement actions rarely target single entities in isolation. When DLA debars one metals supplier, there are frequently 5-12 related entities excluded within days or weeks — often registered at the same address or sharing name-stem patterns. These coordinated enforcement waves are invisible in single-entity SAM exclusion searches but clearly visible in our cluster-level analysis. Understanding these wave patterns is essential for contracting officers conducting contractor responsibility determinations under FAR Part 9.
Not every address with dozens of co-located entities represents a risk. Some of the highest-density addresses in our database are legitimate virtual office providers and registered agent services used for LLC formation, particularly in Wyoming, Delaware, and Nevada. Distinguishing these from actual entity co-location is critical for accurate risk assessment in government contractor due diligence.
Our platform identifies and filters 13 known virtual office and registered agent addresses that consistently produce false-positive clusters. These include addresses in Sheridan, Wyoming (a popular registered agent location with 325+ entities), Dover and Wilmington, Delaware (corporate registration hubs with addresses like 1209 Orange St, 8 The Green, and 1013 Centre Rd), and 1629 K Street NW in Washington, DC (a well-known virtual office building near the White House).
How do we distinguish a virtual office from a real co-location? Virtual offices tend to have very high entity counts (50-300+) with no exclusion matches, no coordinated registration patterns, and entities spanning dozens of unrelated NAICS codes. Real co-location clusters are typically smaller (3-30 entities), show coordinated SAM expiration dates, share NAICS code concentrations, and frequently contain at least one entity with a federal contract or exclusion match.
Of the 2,684,826 entities in our database, 752,746 (28%) hold active SAM registrations from the March 2026 monthly extract and 1,932,080 (72%) have expired. This active/expired ratio varies significantly by state and by address — and the variation itself is an intelligence signal useful for compliance teams and contracting officers.
An address where all 10 entities have expired registrations tells a different story than an address where 8 of 10 are still active. The first may indicate a business that closed, relocated, or was dissolved after an enforcement action. The second suggests an active operation with multiple concurrent entities — which could be a legitimate holding company or joint venture structure, or could warrant further review under FAR 9.1 contractor responsibility standards.
The most interesting addresses are those where active entities co-locate with expired AND excluded entities. This intersection — a currently registered contractor sharing an address with a debarred entity — is the specific due diligence signal that our state reports are designed to surface. Our companion CSV export includes active/expired status for every entity, allowing compliance teams to filter specifically for these high-priority intersections.
Every finding in these articles comes from our 50-state entity intelligence platform. Browse reports for any state.
Browse State Reports