ShadowTrackr
Log in >
Changes related to your ip addresses and urls are visible on your timeline, and you can scroll down endlessly to go back in time and see what happened. It works, but can become quite boring after a while. It's better to just search for what you want.
The default is a full text keyword search on all messages in your timeline. Since all messages about the host with ip address 139.162.249.50 contain the actual ip address, you can search your timeline for it by just searching for 139.162.249.50. The same goes for urls: shadowtrackr.com will give you all messages that contain a reference to this pay level domain.
You can strategically search for partial matches. Searching for 139.162. will yield all messages for all ips in the subnet 139.162.0.0/16 (and the subnet itself). Searching for .shadowtrackr.com will give you all messages for all subdomains, excluding the pay level domain itself (since that one does not contain a dot).
If you're a little creative, you can come up with many interesting searches. Search for all banners found with banner, for all changes in cryptoprotocols on your SSL servers try ciphersuite, and for all IP address location changes try ip%moved ('%' can be used as a wildcard).
Note that you only search in your data in ShadowTrackr, not the entire internet. ShadowTrackr actively checks, gathers and saves data related to your assets and traps. This means you'll have more details and history than a service like Shodan or Censys provides, but you can't search beyond your data. If you have added a server one year ago, ShadowTrackr can tell you exactly when what ports where open, when the server stopped supporting bad crypto, or which websites where running on the server during that year. You can't go back to before you've added it (beyond the year in this example) and you can't search for data on servers you haven't added yet.
As you might have expected, there are special keywords available to further narrow down your search. If you want to search for something that happened on a specific date on the website shadowtrackr.com, you can search for shadowtrackr.com date:2019-01-10. Of course you can also just search for a date and retrieve all messages for that day.
If you search for shadowtrackr.com, you get all messages that literally contain that sequence of letters, including thisisacloneofshadowtrackr.com and messages about ips that have a subdomain of shadowtrackr.com as their reverse DNS name. If you are only looking for a list of urls that contain shadowtrackr.com, search for url:shadowtrackr.com. For a specific ip you use host.ip:139.162.249.50, and for a list of ip addresses that start with 139.162. you use host.ip:139.162..
The examples above are just some basic tips to get you started. You can use modifiers to search for servers with specific SSL certificate grades, websites using jquery, websites located in London, servers that have port 21 open and more. For more examples, look at advanced search.
<- back to FAQ