Security Audit Services

We Trace Who Leaked Your Data

One unique honeypot email per vendor. When phishing arrives, you know exactly which company exposed your data. We provide irrefutable digital evidence.

10
Phishing Cases Traced
14
Days of Campaign Analysis
4
Infrastructures Mapped
2
Breached Vendors Confirmed

How It Works

Three steps from zero to evidence

1. Deploy Unique Traps

Create one unique honeypot email address per vendor or service. Each address is used exclusively with one provider. When spam or phishing arrives, you instantly know the source of the leak.

2. Detect & Capture

Every incoming email is analyzed in real time: SPF, DKIM, DMARC authentication checks, attachment scanning, phishing heuristics. Suspicious emails are flagged and preserved as forensic evidence with full headers.

3. Trace & Attribute

Trace the phishing infrastructure end-to-end: spoofed domains via DNS records, hosting IPs via Shodan, TLS certificates via crt.sh, geolocation via ipinfo.io, WHOIS data. Identify the breached vendor with high confidence.

Real Case: Financial Institution

How we traced a phishing campaign and identified the breached vendor

1

Honeypot email receives phishing

A unique email address created solely for a major bank receives a phishing message. The email spoofs the bank's domain with a fake 'legal notification' pretext. SPF and DKIM both fail authentication.

2

Infrastructure tracing begins

DNS records reveal the spoofed domain resolves to a server in Ukraine. Shodan shows open ports 22, 25, 80, 443 with self-signed TLS. crt.sh exposes the certificate issuer. IP geolocation maps the infrastructure to France.

3

Campaign correlation

Multiple phishing waves across 14 days with different pretexts (legal notice, tax authority, fake invoice) are correlated. Same IP range, same domain registrant, identical email headers — proving a single coordinated campaign.

4

Vendor breach attribution

The honeypot email was registered exclusively for this bank. Cross-reference with similar cases confirms the data was exposed through a third-party vendor (credit bureau), not the bank's core systems.

5

Evidence package delivered

Secure audit report with all evidence: raw email headers, DNS records, IP geolocation maps, TLS certificate chain, WHOIS data, campaign timeline. Protected with 6-digit access code. Delivered to the bank's security team.

Audit Toolbox

Proven intelligence sources used in every investigation

Email Authentication

SPF/DKIM/DMARC/MX/CAA lookup for spoofed and target domains. Automated scoring 0-100 with letter grade.

Shodan InternetDB

IP intelligence: open ports, services, hostnames, known vulnerabilities, TLS configurations.

Certificate Transparency

crt.sh: full TLS certificate history, subdomain discovery through certificate logs, domain age verification.

IP Geolocation

ipinfo.io: geographic mapping of attacker servers with ISP, organization, and ASN data.

WHOIS Records

Domain registration details: registrant name and country, creation date, nameservers, registrar.

WKD & DANE

Web Key Directory and OPENPGPKEY DNS records to assess encrypted email capabilities of target domains.

Who Needs an Audit

Three scenarios where our methodology delivers critical answers

For Organizations

Your company is being targeted by phishing attacks. We trace the origin, identify which vendor or partner leaked customer data, and provide court-admissible evidence.

For Individuals

You suspect your personal data was breached. We deploy honeypot addresses across services. The first phishing email tells you exactly who leaked it.

For Compliance

GDPR, HIPAA, or LGPD requires breach notification within 72 hours. Our forensic audit trail determines scope, affected parties, and remediation steps.

Every Audit Includes

Unique honeypot deployment per vendor
Phishing campaign timeline analysis
Full DNS & infrastructure tracing
Spoofed domain authentication report
IP geolocation & hosting map
Vendor breach attribution letter
TLS certificate transparency review
Secure evidence portal (access code)
Cross-case campaign correlation
Remediation recommendations

Have a Case to Investigate?

We can trace the origin of any phishing email targeting you or your organization.