ShadowTrackr

Log in >
RSS feed

Defacement detection

17 February 2025
This week's update is all about a new feature: defacement detection. The ingredients have been present for a long time already, but the feature has never been developed enough to hit production before.

There are three levels of detection. The first are major page changes on a website. This will trigger an event (query: index=events eid=1679) prompting you to check if these are legitimate changes.

The second is major changes combined with suspicious artefacts. This will result in a problem event (query: index=events eid=1680) appearing on your timeline indicating a likely defacement.

The last one is for the case where no major changes detected, but suspicious artefacts are found (query: index=events eid=1681). It will result in a warning (orange) event

If you have any false positives, please contact me. Specific cases will help us to make better detections.

New: monitor specific webpages

03 February 2025
It's been a request for a while and now it's finally ready: monitoring a specific webpage. Up until now urls in ShadowTrackr could only be domains (shadowtrackr.com) and subdomains (test.shadowtrackr.com). If you would monitor every single page on those subdomains, things would escalate quickly in terms of assets and performance.

But, some webpages are so important that you do want to monitor them. With a webpage I mean a url that includes a path, like shadowtrackr.com/blog or test.shadowtrackr.com/docs. There is a new item called webpages in the GUI under assets. You can add webpages in the same way you add urls or ip addresses.

By default, the url is extracted from the webpage and added to your assets too. This is needed for discovering and tracking things like certificates and dns. If you do not want this, click on "advanced options" when adding assets. There is a checkbox there that you can untick so the url is not added.

preparing for urls with paths

27 January 2025
A new version just went live that fixes a number of bugs, and prepares the backend for handling url's that include a path. There have been multiple requests for this.

You can currently monitor shadowtrackr.com, or www.shadowtrackr.com, or test.shadowtrackr.com. The plan is to support shadowtrackr/blog too. This way you can monitor specific full urls that are important to you.

Once the frontend supports it too, you'll read it here :-)
Older posts >

Overview
Use cases
Plans and pricing
FAQ
Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI
Company
About
Contact us
Legal & Policy