DASHBOARD
- Awaiting AI report…
| CVE | Product | Deadline | Reason |
|---|---|---|---|
| Awaiting AI report… | |||
| CVE | Severity | Product | Exploited | Action |
|---|---|---|---|---|
| Awaiting AI report… | ||||
THREAT ACTOR PROFILES
Select a threat actor from the list to view their profile.
Profiles are built automatically from scraped articles. Use Generate Profile to create a Claude-powered analysis.
MESSAGES
ARTICLE FEED
INTELLIGENCE REPORTS
Ask any question about recent threat activity. Claude will analyze the last 30 days of collected intelligence.
TRENDS & INTELLIGENCE
| Actor | Origin | Seen | Last Report | Targets | TTPs |
|---|---|---|---|---|---|
| Generating AI reports will populate this table… | |||||
URL INSPECTOR
Sandboxed capture — isolated browser, no cookies, internal addresses blocked| # | LINK TEXT | URL | TYPE |
|---|---|---|---|
| No links extracted yet | |||
DOMAIN WATCH
Lookalike-domain monitoring — typosquats, combosquats & homoglyphs via dnstwist + certificate transparencyℹ️ How Domain Watch works — click to hide
Domain Watch hunts for domains that could impersonate your organization. It generates likely look-alikes of your brands and domains, then checks which ones actually exist, enriches them, and scores how dangerous each one is — so you can spot phishing infrastructure early.
- Seed strings / brands — plain brand or product words (e.g.
canadiantire,cantire). Drive the combosquat / keyword search. Spaces and punctuation are stripped, socanadian tirebecomescanadiantire. - Base domains — your real registered domains (e.g.
canadiantire.ca). Fed to dnstwist to generate typo permutations. - TLDs to test — the endings to try. Use real public TLDs like
com, ca, net, co, shop. Made-up endings (e.g.corp) can never resolve, so with “resolving only” on they return nothing.
- dnstwist permutations — typo variants of your base domains (omission, homoglyph, transposition, …). Great for classic typosquats.
- Certificate Transparency (crt.sh) — searches public TLS-certificate logs for already-registered domains containing your seed words. Finds combosquats like
canadiantire-login.comregardless of your TLD list. crt.sh can be slow (up to ~90s) — the scan runs in the background and fills in results as it goes. - Keep resolving domains only — hides generated variants that aren’t actually live in DNS. Turn off to also see unregistered permutations worth defensively registering.
- Risk score (0–100) — higher = more dangerous. Hover the badge to see which factors fired: resolves in DNS, has MX (can receive phishing mail), recently registered, high similarity, suspicious tokens (login/secure/verify…).
- Similarity — how close the domain is to your seed (1.00 = near-identical).
- NEW flag — appears on scheduled re-runs when a domain shows up that wasn’t in an earlier run of the same saved query.
- Use Save query to store a monitor and optionally re-run it daily/weekly; export any scan to CSV/JSON.
All lookups are read-only public queries (DNS, RDAP, certificate transparency). Active probing must comply with applicable law, provider terms of service, and your organization’s policy.
| DOMAIN | SOURCE | MUTATION | DNS | MX | REGISTRAR | CREATED | IP / ASN / GEO | SIM | RISK | LOOKUPS |
|---|
INDICATORS
Structured IOCs extracted from collected intelligence — TLP-marked, taggable, VirusTotal-enrichable| Loading… |
BREACH INFORMATION
Ransomware breach tracking — ransomware.live + RansomLook, with vendor-confirmation status| COMPANY | THREAT | COUNTRY | DATE | CONFIRMED | SOURCE | LINK |
|---|---|---|---|---|---|---|
| Loading… | ||||||
ADMIN PANEL
| Name | Type | URL | Last Fetched | Articles | Errors | Active |
|---|
| Term | Category | Tags | Conditional | Active |
|---|
| Name | Threat Actor | URL | Last Fetched | Status | Errors | Active |
|---|
TELEGRAM_SESSION_STRING in .env.
| Name | Channel | Last Fetched | Status | Errors | Last Msg ID | Active |
|---|
clop, lockbit3, akira).
| Group | ransomware.live |
|---|
| When | User | Result | IP | Location | User Agent |
|---|
| User | Requests | Last Active |
|---|
| IP | Country | Requests | Last Seen |
|---|
AI reports and actor profiles are cached and only regenerate when their source data changes or every 24 hours. Use this to force a full refresh and to monitor token spend.
| Requested | Username | Reason |
|---|
| Username | Requested | Expires | Reset URL |
|---|
Password:
| Username | Role | Status | Last Login | Created |
|---|