Caspint is a specialized threat intelligence platform for the organizations that defend Azerbaijan. We watch the adversaries, leaks and underground operations targeting the region — scoped to your .az footprint, assessed by analysts, refreshed daily, and free for companies operating here.
Adversaries treat Azerbaijan as a single battlespace — moving between its banks, ministries, energy operators and telecoms. The organizations defending it should have an intelligence picture that does the same.
Caspint is built to be that picture: a shared, specialized intelligence capability that watches the threats facing organizations across Azerbaijan, then delivers each one exactly the slice that concerns it. Not another global tool with Azerbaijan as a rounding error — an intelligence service built around the .az namespace and the actors who operate against the region.
Because resilience can't depend on who can afford a license, full access is free for every organization operating in Azerbaijan.
Raw signal is correlated and assessed, so what reaches you is relevant and actionable.
The goal is to surface a threat while it is still being prepared — before it reaches its target.
No license fee, no procurement — so every defender in Azerbaijan can see the same picture.
Eleven modules make up the platform — each a stream of intelligence collected, correlated and filtered to what is actually relevant to Azerbaijan and to your organization. A detailed look at each follows below.
Your whole threat picture on one screen — exposure score, what changed overnight, and the critical items that need attention today.
Every leaked login tied to your .az domains — from stealer logs, combolists and breaches — flagged for reuse and freshness.
Dossiers on the groups operating against the region, filtered to who actually targets Azerbaijan and your sector.
Continuous discovery of everything you expose to the internet, prioritized by real-world exploitation, not theory.
Hundreds of closed channels and markets collected and indexed, with an alert the moment you're named.
A living repository of malicious indicators — addresses, domains, hashes — enriched and tied back to the actors behind them.
Stolen payment-card data for Azerbaijani banks, tracked by issuing bank so fraud teams can act on what's theirs.
Look-alike domains, exposed executives and leaked documents caught before they're weaponized.
Curated regional threat reporting, correlated to the actors and indicators it concerns.
The national picture over time — sector pressure, actor escalation and where your exposure is trending.
One investigative surface to triage any indicator, run bulk lookups and pull every dataset into a single case.
For any organization defending an .az domain — no license, no procurement.
Request access →The dashboard is the first screen every morning — a single command view that pulls together your current exposure score, everything that changed in the last 24 hours, the adversaries active against your sector, and the handful of critical items that genuinely need attention today. Nothing important waits buried in a report nobody opened.
Define your organization once. From then on, every information-stealer log and breach dump we ingest is automatically scoped to your domain and all of its subdomains. No manual filtering, no irrelevant noise — just the exposures that put your people and systems at risk, ranked so the urgent ones rise to the top.
Filter a database of thousands of tracked groups down to the ones operating against Azerbaijan and your sector. Each dossier brings together motivation, known tooling, targeting history and live victim counts — turning an abstract threat into a named adversary you can reason about and prepare for.
Continuous scanning discovers your internet-facing hosts, fingerprints their services and certificates, and weighs each weakness by how likely it is to be exploited in the wild. Instead of a flat list of vulnerabilities, your team gets a prioritized picture of where an adversary would actually begin.
We index every message across hundreds of threat-actor and leak channels, making the closed underground searchable. Look for your brand across all of it on demand — or let an alert reach you the instant your name surfaces in a market, a forum or a target list, with the original context preserved.
Every malicious address, domain and file hash we hold lives in one searchable repository — automatically enriched with context and reputation, and kept current as its activity changes. Drop in a single indicator from an alert or a log and pivot straight to the actors, campaigns and related indicators behind it. The investigation starts where it used to end.
Stolen payment-card data for Azerbaijani banks surfaces constantly in carding channels and dumps. We collect it and organize exposure by issuing bank and BIN range, so a fraud team sees exactly the cards that belong to them — with volume and freshness signals to judge how urgent a batch is and move to reissue before losses mount.
Most fraud and intrusion is staged in advance — a look-alike domain registered, an executive's details collected, a document leaked, a fake account stood up. We watch for those preparations across the open and closed web, so your team can take down or get ahead of an operation while it's still being assembled, not after the first victim.
A continuously curated feed of threat news and regional reporting — but every item is correlated back to the platform. An article about a campaign links straight to the actor dossier, the indicators and the victims it concerns, so context isn't something an analyst has to reassemble by hand.
Point-in-time alerts tell you what's happening now; the statistics layer tells you where it's heading. See which sectors are under the most pressure, which actors are escalating, and how your own exposure is trending week over week — the view you put in front of leadership and use to justify where defense effort goes next.
The workbench is where it all comes together. Triage any indicator, run lookups at scale across the full dataset, and pull credentials, actors, surface and underground intelligence into a single case view — built for the tempo of a real operations team, so analysts spend their time deciding, not switching tabs.
The threats facing Azerbaijan don't fall evenly. Caspint is tuned to the institutions adversaries prioritize — and gives each of them the same national-grade visibility.
Credential exposure, financial-data leaks and ransomware pressure against the institutions that move the national economy.
The sector nation-state actors prize most — monitored for exposure, targeting and the early signs of intrusion.
.gov.az exposure, hacktivist target lists and leaked official documents surfaced early, before they spread.
Carrier-scale infrastructure exposure and subscriber-data leaks that ripple across the whole country.
Transport, water and industrial operators watched for the exposures attackers chain into real-world disruption.
The same national-grade intelligence for every company defending an .az domain — regardless of size or budget.
Caspint runs a continuous intelligence cycle focused on Azerbaijan — collecting broadly, analyzing centrally, and delivering each organization only what concerns it.
Around the clock we collect breach dumps, criminal-market activity, ransomware leak sites and hundreds of closed channels — all centered on the .az namespace and the actors targeting the region.
Raw data is enriched, de-duplicated and correlated against known adversaries, infrastructure and your own footprint — turning noise into a clear, prioritized national threat picture.
What's relevant to you arrives as an alert. Your analysts triage it in the workbench, export for response, and move — often before an operation reaches its target.
If your organization operates an .az domain, you qualify for full, free access to Caspint. Request access and we'll scope the intelligence picture to your footprint.