Axur offers client notification services for the purpose of correcting, adjusting or removing unauthorized content, whether it’s improper or illegal. You may choose between the OneShot option and the traditional Takedown service.
OneShot is a totally automated process of large-scale notifications that enables the client to request that Axur carry out thousands of notifications with an excellent cost/benefit ratio. This service is recommended for removing content from platforms that are notorious for customarily dealing with incidents in batches.Some examples of locations where using OneShot can be extremely effective:
Once a month, Axur checks to make sure that any occurrences sent to OneShot over the previous 30 days have been fully resolved. The client’s team can also check at any time.
Please note that the minimum interval between notifications regarding a single URL is 15 days. And Axur will not reactivate accounts/pages/URLs when the client requests OneShot.
If the client contracts the Assisted Takedown service, the entire flow of notifications is monitored and tracked by the Axur team to verify that the request for removal or adjustment was carried out. New notifications are sent through privileged channels, when necessary. In addition, for cases related to fraud (phishing, malware and pharming), notifications are issued to the global security community (“fraudcasting”), reporting the URL so that browsers can post fraud alerts.
This service is recommended in cases such as:
Every URL that is subject to action will be considered an accountable item;
Each domain name subject to registration blocking and/or cancellation will be considered an accountable item;
Domain names with an illegitimate registrant and/or that have been hosting fraudulent content will be subject to having their registration blocked or cancelled. Each domain name will be subject to two distinct actions: (i) content removal action and (ii) blocking/cancellation of the domain name to prevent its future use in new frauds. In such situations, two items will be considered for invoicing:
The client may opt for only one of the two actions, when applicable.
Each single email address subject to blocking and/or cancellation will be considered as one accountable item and will be invoiced regardless of the action’s success.
In cases where the fraud is being perpetrated in one or more subdomains, and the domain itself has been hacked or does not exhibit clear infringement of the monitored brand (in nomenclature or content), the accounting will be according to the number of takedowns of each authorized subdomain. Multiple authorizations will result in multiple charges.
Incident reopening (re-ups). Incidents that resume activity after their takedown has been confirmed will be registered as a new item to be handled, and may be considered as re-ups. To qualify as a re-up, an incident must meet the following criteria:
Incidents that resume activity after their takedown has been confirmed and that do not meet any of the re-up criteria will be invoiced as new incidents, and will be subject to charges.
It must be emphasized that Axur will attempt to reactivate the page for 30 days; after this period, the case will be closed. Regardless of whether or not the page is successfully reactivated, the amount due will be assessed to the client.
Kick-off and Training
Onboarding will include three primary stages, all of which will be conducted via conference call.
(i) Kick-off and Training on the platform: Conference call for aligning the scope, requesting initial information and training in the ONE platform’s features.
(ii) Alignment: Alignment conference call held two weeks after the Kick-off meeting.
(iii) Completing the implementation: Final alignment conference call, held 40 days after Onboarding. Subsequent meetings will be held as defined below.
Follow-up meetings will be available to the client via conference call, in accordance with the previously agreed-upon scope. The objective of the meetings will be to send feedback, address any of the client’s questions, consider suggested improvements, and any other subjects that the client would like to discuss in regard to our products.
*Check availability depending on specific configurations in the reported entities. The SLA will not be counted in case of unavailability of contact with the platform. The takedown must follow the correct classification of threat registration, adherence to programs, and other requirements of the reported entities.
Axur monitors credential leakage on the surface web and in the environments known as the deep and dark web.
Hashcast is a corporate credential protection service. Clients contracting Hashcast are alerted every time Axur detects the leakage of any credential belonging to the contracted domain. Axur offers 3 (three) plans:
In addition to Axur’s general clauses, the client contracting Hashcast must observe the following:
Leakstream is an API that can be used by any company such as e-commerce, marketplaces, platforms and systems, that has an email login area on its Internet service.
Leakstream alerts such companies every time a user tries to log in using a credential that has been leaked on the Internet. Leakstream also makes sanitizing your system’s credential base possible by eliminating the compromised credentials via password reset.
Leakstream’s API meets the guidelines of the General Data Protection Regulation (GDPR) and Brazil’s General Law of Data Protection (LGPD). Therefore, clients contracting the product will receive encrypted passwords and hashes of leaks detected.
Axur monitors credit card leakage on the surface web and in the environments known as the deep and dark web.
Contracting products and services for credit card protection in no way compromises the company’s compliance with the PCI DSS (Payment Card Industry Data Security Standards).
Cardcast is a notification service designed for issuers of credit cards—banks, fintechs and airlines, among others. Whenever Axur detects a data leak regarding a credit card issued by a client, that client is immediately informed via email, SMS or webhook signal.
Clients contracting Cardcast will only have access to the leaked cards whose BINs belong to them. The BIN is the six (in some cases, eight) first numbers on the credit card that identify the issuer of the card.
Cardcast does not in any way access the card’s decrypted data, and retains in its database only cards that have already been leaked on the Internet, deep and dark web.
Clients contracting Cardcast must observe the rules and standards applicable to the issuance of credit cards.
Cardstream is an API that can be used by any company that accepts credit cards as a means of payment. The client who contracts Cardstream will be able to check (through encryption) if the credit cards entered by their users have been leaked on the surface web or in the environments known as the deep and dark web.
Cardcast does not in any way access the card’s decrypted data, and retains in its database only cards that have already been publicly exposed on the Internet.