ShadowTrackr
Log in >
Phishing is one of the major attack vectors. When your clients or employees get phished, they receive a link to a website looking like yours. Attacker collect accounts and passwords on th fake website and use those to get into your systems. ShadowTrackr scans the internet for website looking like yours and alerts you when things get phishy. This way you can warn your users in time.
The days when you could ask IT where your data was are over. Anyone can setup a website in a cloud somewhere. Larger organizations often have policies specifying which clouds you can use. We match all your assets against cloud providers and send you a weekly overview. So if you said “Azure West Europe only” and your site appears in Japan West too, you’ll know.
Attackers continuously scan the internet for vulnerable websites and servers, and that includes your assets. We look at your at your assets in the same way and warn you when we find a weak spot. Note that ShadowTrackr does only passive reconnaissance. We dot not fire off any actual exploits (which would be illegal in most countries).
TLS certificates protect the dataflow between you and your clients. An expired certificate or a certificate server with bad security settings will result in your clients seeing a security warning instead of your website. We warn you when badness is found, and you can set up custom alerts to find odd issuers or CAA settings too.
The good guys on the internet publish many blacklists: hacked servers, spamming servers, C2 servers. If your assets appear on a blacklist, you’re in trouble. Visitors might no longer see your website, and clients no longer receive your emails. We check your assets against these blacklist and alert you when we find something.
Most websites list email addresses. You need to for your business. Attackers know this and gather them. Next, they search dataleaks for matching passwords and try to log in to your systems. ShadowTrackr does the first two steps too, but instead of trying to log in we warn you that you need to change the password.
The internet is full of datasharing sites. Think of copy-paste sites like pastebin and code sharing sites like GitHub. Sometimes, sensitive data ends up there. Personal employee information, company secrets, API credentials. We checks these sites for your domains and you can add custom keywords that we should look for.
Mistakes happen. Due to a simple configuration error a database with client data can be exposed to the internet. Or a remote login that should have been behind an VPN is somehow accessible for the entire internet. We continuously scans your assets, track all changes and alert you when things go bad.