CyberSparrow
Security Intelligence
Dashboard v2.0
Don't have an account?
Request Access
Request submitted — an admin will create your account and share credentials with you.
Reset Password

Enter your username. An admin will receive a reset link to share with you.

Set New Password
CyberSparrow
⊟ Dashboard ≡ Feed ⚠ Breach Information ▦ Reports ↗ Trends ◎ Threat Actors ⌖ URL Inspector ◉ Domain Watch ⬡ Indicators ✉ Messages ⚙ Admin ◈ Dev
CYBERSPARROW Intelligence Platform

DASHBOARD

—
—
Total Articles
—
Last 24h
—
Starred
—
Unread
ARTICLE ACTIVITY (14d)
EXECUTIVE SUMMARY —
No AI report yet — click Generate Report above or wait for the next scrape cycle.
IMMEDIATE ACTIONS
  • Awaiting AI report…
TOP ARTICLES (48h)by relevance score
HOT TERMS (48h)
TOP TOPICS Last 24h
Loading…
TOP CVEs Last 24h
Loading…
PATCH PRIORITIES
CVEProductDeadlineReason
Awaiting AI report…
TOP VULNERABILITIES
CVESeverityProductExploitedAction
Awaiting AI report…
THREAT ACTORS
Awaiting AI report…
CANADA LANDSCAPE
Awaiting AI report…
LATEST US/CA BREACHES & INCIDENTS Loading…
Loading breach feed…

THREAT ACTOR PROFILES

—
Loading…
⬡

Select a threat actor from the list to view their profile.

Profiles are built automatically from scraped articles. Use Generate Profile to create a Claude-powered analysis.

MESSAGES

Loading messages…

ARTICLE FEED

—
Page 1
PAGE PREVIEW
Page preview
No preview captured yet
Capturing…
TERMS MATCHED
SUMMARY
Open Article →

INTELLIGENCE REPORTS

EMAIL REPORT
Sections to Include
DOWNLOAD REPORT
Loading 48h report…
Loading 2-week report…
Loading trend analysis…
CUSTOM INTELLIGENCE QUERY

Ask any question about recent threat activity. Claude will analyze the last 30 days of collected intelligence.

TRENDS & INTELLIGENCE

—
Articles (period)
—
Peak Day
—
Tracked Actors
—
Breach/Incidents
ARTICLE ACTIVITY
THREAT ACTOR TRACKER
ActorOriginSeenLast ReportTargetsTTPs
Generating AI reports will populate this table…
BREACH & INCIDENT LOG

URL INSPECTOR

Sandboxed capture — isolated browser, no cookies, internal addresses blocked
ENTER URL TO INSPECT
PARTIAL RESULT — METADATA ONLY
HTTP STATUS
FINAL URL
TITLE
DESCRIPTION
OG IMAGE
PAGE CAPTURE
Page capture
No capture yet — enter a URL above
Capturing…
EXTRACTED LINKS
#LINK TEXTURLTYPE
No links extracted yet

DOMAIN WATCH

Lookalike-domain monitoring — typosquats, combosquats & homoglyphs via dnstwist + certificate transparency
ℹ️ How Domain Watch works — click to hide

Domain Watch hunts for domains that could impersonate your organization. It generates likely look-alikes of your brands and domains, then checks which ones actually exist, enriches them, and scores how dangerous each one is — so you can spot phishing infrastructure early.

What to enter
  • Seed strings / brands — plain brand or product words (e.g. canadiantire, cantire). Drive the combosquat / keyword search. Spaces and punctuation are stripped, so canadian tire becomes canadiantire.
  • Base domains — your real registered domains (e.g. canadiantire.ca). Fed to dnstwist to generate typo permutations.
  • TLDs to test — the endings to try. Use real public TLDs like com, ca, net, co, shop. Made-up endings (e.g. corp) can never resolve, so with “resolving only” on they return nothing.
Two discovery engines
  • dnstwist permutations — typo variants of your base domains (omission, homoglyph, transposition, …). Great for classic typosquats.
  • Certificate Transparency (crt.sh) — searches public TLS-certificate logs for already-registered domains containing your seed words. Finds combosquats like canadiantire-login.com regardless of your TLD list. crt.sh can be slow (up to ~90s) — the scan runs in the background and fills in results as it goes.
  • Keep resolving domains only — hides generated variants that aren’t actually live in DNS. Turn off to also see unregistered permutations worth defensively registering.
Reading the results
  • Risk score (0–100) — higher = more dangerous. Hover the badge to see which factors fired: resolves in DNS, has MX (can receive phishing mail), recently registered, high similarity, suspicious tokens (login/secure/verify…).
  • Similarity — how close the domain is to your seed (1.00 = near-identical).
  • NEW flag — appears on scheduled re-runs when a domain shows up that wasn’t in an earlier run of the same saved query.
  • Use Save query to store a monitor and optionally re-run it daily/weekly; export any scan to CSV/JSON.

All lookups are read-only public queries (DNS, RDAP, certificate transparency). Active probing must comply with applicable law, provider terms of service, and your organization’s policy.

QUERY BUILDER
Plain brand words for the combosquat / crt.sh search. No dots.
Your real domains, with the TLD. Fed to dnstwist for typo variants.
Real public endings only (com, ca, net…). Invented TLDs like “corp” never resolve.
MUTATION CATEGORIES
Which typo techniques dnstwist applies to your base domains. All on by default.
SOURCES & SCAN OPTIONS
SAVED QUERIES
SCANS
FINDINGS
RISK 80+critical 60+high 30+medium <30low · hover a risk badge for the factors behind the score · click column headers to sort
DOMAIN SOURCE MUTATION DNS MX REGISTRAR CREATED IP / ASN / GEO SIM RISK LOOKUPS

INDICATORS

Structured IOCs extracted from collected intelligence — TLP-marked, taggable, VirusTotal-enrichable
Loading…
INDICATOR

BREACH INFORMATION

Ransomware breach tracking — ransomware.live + RansomLook, with vendor-confirmation status
COMPANYTHREATCOUNTRYDATE CONFIRMEDSOURCELINK
Loading…

ADMIN PANEL

NameTypeURL Last FetchedArticlesErrorsActive
TermCategoryTagsConditionalActive
Tor: checking…
h
NameThreat ActorURL Last FetchedStatusErrorsActive
Monitors public Telegram channels for intelligence. Requires TELEGRAM_SESSION_STRING in .env.
NameChannel Last FetchedStatusErrorsLast Msg IDActive
Monitors ransomware.live for victim posts from these groups — clearnet fallback for CAPTCHA-blocked onion sites. Group names must match the ransomware.live slug (e.g. clop, lockbit3, akira).
Group ransomware.live
Window:
—
API Requests
—
Unique Users
—
Unique IPs
—
Logins
REQUESTS — LAST 24H (UTC)
PAGE VIEWS
LOGIN HISTORY
WhenUserResultIPLocationUser Agent
USER ACTIVITY
UserRequestsLast Active
IP ADDRESSES
IPCountryRequestsLast Seen
SCRAPER STATUS
Loading…
Scraping…
AI CONTENT & TOKEN USAGE

AI reports and actor profiles are cached and only regenerate when their source data changes or every 24 hours. Use this to force a full refresh and to monitor token spend.

Regenerating…
Loading usage…
Loading conversations…
Select a conversation
AI & Scraper
Source Toggles
Article Previews
Email / SMTP
✓ Settings saved
PENDING ACCESS REQUESTS
RequestedUsernameEmailReason
PENDING PASSWORD RESETS
UsernameRequestedExpiresReset URL
Account created. Share these credentials with the user — the password is shown only once:
Username:
Password:
UsernameRoleStatusLast LoginCreated
SQL QUERY
Only SELECT queries are allowed · Ctrl+Enter to run
Query Reference ▾
SCHEMA
Loading schema…
EXAMPLE QUERIES
Run a query to see results.

PIPELINE DIAGRAM

Click any node to inspect  ·  Admin only
←
Click any node to inspect
EXTERNAL LINK

Full page screenshot
TWO-FACTOR AUTHENTICATION
Loading…
Scan this QR with an authenticator app (Google Authenticator, Aegis, 1Password…), then enter the 6-digit code to turn on two-factor authentication.
TOTP QR code
Can't scan? Enter this key manually:
✓ Two-factor is on. Save these one-time recovery codes somewhere safe — each works once if you lose your authenticator. They won't be shown again.

        
        
      
✓ Two-factor authentication is enabled on your account.
To turn it off, confirm your password and a current code.
CHANGE PASSWORD
MY WATCHLIST TERMS

Pick the watch terms you personally care about. With My Watchlist on, Feeds and Breach Information show only entries matching these terms. Your choice never affects other users.

CONFIRM BULK DELETE

Deleted articles are soft-deleted and will never be re-ingested from feeds.