Dark Web Monitoring
Dark Web Monitoring watches for your company's sensitive identifiers appearing in public paste dumps and breach data, and alerts you when they do.
What you can monitor
You register assets to watch. Supported asset types:
- Email domain
- GSTIN
- Company name
- Executive name
- UPI ID
- Phone number
- PAN
- Bank account
Each asset is scoped to your company, and you can activate/deactivate individual assets.
Sources
ScamShield AI is built to query three sources, but only one works out of the box:
| Source | Status | Requires |
|---|---|---|
| psbdmp.ws (Pastebin dumps) | Active by default | No credentials |
| IntelligenceX | Dormant | INTELX_API_KEY in the secrets vault |
| Dehashed | Dormant | DEHASHED_API_KEY + DEHASHED_EMAIL in the secrets vault |
Note: IntelX and Dehashed silently skip (return nothing) unless an operator has loaded their API credentials into the secrets vault. Out of the box, dark-web coverage comes from psbdmp only. If you need breach-database coverage, ask about enabling IntelX/Dehashed.
Matches are DPDP-redacted before storage — full paste content and credential values are never kept; email addresses are masked and password tokens are stripped.
Alerts
When a monitored asset is found, ScamShield AI raises a Dark Web Alert with a source (pastebin / intelx / dehashed), a severity (critical / high / medium / low), a title, a redacted snippet, and the matched value. Alerts are de-duplicated per company. On a new critical or high alert, ScamShield AI emails your company admin and fires a darkweb.alert webhook (if you've configured one — see Integrations).
You can dismiss alerts, and each scan run is recorded (assets scanned, alerts found, status, timing) for audit.
Refresh cadence
- Scheduled: a company-wide dark-web scan runs once daily at 02:00 IST. Only companies on a trialing or active subscription are included.
- On demand: you can trigger a scan for your company at any time from the dark-web scan action.