In-memory, real-time telemetry
SiteSpy tracks requests and responses within the IIS app pool, correlating behavior instantly without external collectors — analysis happens where the application runs.
SiteSpy is an autonomous defense layer that analyzes HTTP behavior in real time and automatically instructs your firewall
to block hostile traffic before attacks develop.
Stop attackers during the reconnaissance phase. SiteSpy runs alongside your application in the IIS application pool,
using in-memory telemetry, embedded honeypots, and behavioral analysis to detect malicious intent before exploitation.
SiteSpy tracks requests and responses within the IIS app pool, correlating behavior instantly without external collectors — analysis happens where the application runs.
Requests are classified by intent — search engines, social referrals, legitimate bots, automation, and reconnaissance — so you can focus on true threats, not noise.
Decoy endpoints detect enumeration and scripted scanning attempts early, providing high-fidelity signals for automated defenses or human review.
When thresholds are met, SiteSpy can update Windows Firewall rules based on live application observations — blocking malicious sources before escalation.
Run SiteSpy embedded in an existing app, as a stand-alone monitor, or as a distributed telemetry mesh across multiple servers — scale from single sites to enterprise fleets.
Unlike packet-only tools, SiteSpy detects intent by observing how clients interact with the application — giving defenders time to respond during the mapping phase.
The SiteSpy Live Log provides real-time visibility into traffic hitting your site.
If reconnaissance activity is detected, early-warning canaries redirect the client to decoy endpoints such as the 404 page, where activity is logged.
Reverse reconnaissance against adversaries scanning your infrastructure.
Identify C2 servers, exploit probes, and XSS infrastructure early.
The Flying Monkeyz HTTP Port Scanner is a reconnaissance-focused HTTP port scanning tool that pairs well with the SiteSpy monitoring platform for defensive counter-intelligence operations. It can be used to investigate IP addresses and cloud-hosted servers observed performing reconnaissance against your environment, sometimes uncovering exposed services, attacker tooling, or public repositories commonly used by threat actors during scanning and attack preparation.
Rick Cable is a Silicon Valley–raised technologist and former U.S. Navy systems administrator who managed shipboard logistics and financial computing systems and supported classified small-unit operations. He founded SiteSpy to bring operator-level visibility to modern web systems — monitoring not just uptime, but real behavior.
In parallel with his startup work, Rick has built a 21-year career in Healthcare IT at a fast growing healthcare system — from helpdesk and desktop/solution engineering (SCCM, Group Policy, Active Directory) to serving as a senior software developer for the last decade across multiple stacks.