ICT-GROUP
CS · Start audit ↓
FREE AUDIT · 13 CHECKS · 5 MINUTES

Your IT guy should have already done this.
But didn't.

9 in 10 companies have IT-security holes they don't know about — leaked passwords on the dark web, weak MFA, broken DMARC, expired certificates. Send an email + domain — get a report in 5 minutes.

Genuinely free
No sales call
Your data stays yours
Lenka and Roman Krutina, owners of ICT-GROUP
Lenka & Roman Krutina
Our personal guarantee
  • Audit is free. Period.
    No paywall. No upsell. You get the report even if we never speak.
  • No sales follow-up.
    If we reach out, only with concrete recommendations on your findings — and only if you ask.
  • Your data stays yours.
    The scanner uses only publicly available info. No credentials. No OAuth.

Contractually. Procedurally. No surprises.
200+ companies. On the market since 2004.

Roman & Lenka Krutina
Owners of ICT-GROUP
Trusted by 200+ companies in CZ & SK
20+
years of experience
(since 2004)
200+
active clients
CZ & SK
7 yrs
average
partnership length
4.96/5
Google reviews
(24 ratings)
WHAT YOUR IT GUY MIGHT BE MISSING

6 typical holes we find in almost every company

These aren't hypotheticals. These are things we find at client after client — even at companies with their own IT department, even at companies with a „reliable external IT guy".

1

Employee passwords on the dark web

One employee's account leaked in the LinkedIn / Adobe / Heroku breach. They still use that password, they have no MFA. Tomorrow morning someone launches a phishing campaign under your name. We find it via HIBP + Leakradar.

2

DMARC „none" — anyone can spoof your domain

Classic attack: email „from your CEO" with instructions to wire money. Without DMARC=reject, mail servers will deliver it. We find it via DNS scan.

3

Legacy auth in M365 — MFA bypass

IMAP / POP3 / SMTP basic auth enabled = attacker bypasses Multi-Factor Authentication. We detect it via Microsoft 365 tenant probe.

4

Expired TLS certificates on shadow IT

Old test subdomain at demo-2019.firma.cz has an expired certificate. Google marks it „not secure", your domain's reputation drops. We find it via Certificate Transparency log scan.

5

Services exposed via Shodan

RDP on 3389 directly facing the internet, SQL Server with no VPN, Synology NAS with default password. Shodan indexes it, we find it via Shodan API.

6

Missing CAA DNS records

Without CAA records, any certificate authority can issue a TLS cert for your domain — an attacker requests a valid SSL from any CA, the phishing attack looks legitimate. Fix: add CAA records restricting which CAs can issue. We find it via DNS health audit.

And that's 6 of 13 checks. Run the free audit →

WHAT YOU GET IN THE REPORT

13 layers of security. One report. 3,967 CZK value, free.

Each check is a separate commercial tool. We stack them into one report that would otherwise cost thousands and require a consulting call.

13 CHECKS
  • DNS & Mail security — SPF, DKIM, DMARC, MTA-STS, DNSSEC598 Kč
  • DNS health audit — CAA, DNS tunneling, wildcard, IPv6298 Kč
  • Microsoft 365 tenant discovery + Legacy auth probe990 Kč
  • TLS / SSL certificate scan + cipher review (Qualys)298 Kč
  • Web headers & stack — HSTS, CSP, X-Frame, …190 Kč
  • Mozilla Observatory grade90 Kč
  • Shodan — exposed services + CVE detection390 Kč
  • Certificate Transparency — shadow IT subdomains190 Kč
  • Leakradar — current password leaks on dark web790 Kč
  • URLhaus / Spamhaus DBL — malware / phishing reputation90 Kč
  • VirusTotal — AV reputation across 90+ engines67 Kč
  • Microsoft Defender for Identity detectionin M365
  • Azure attack surface — exposed services + ASN intel990 Kč
Total value
3,967 Kč
For you today
0 Kč
Run audit for free →
HOW IT WORKS

3 steps. 5 minutes. No phone call.

1

Enter email + domain

Business email (not Gmail, not Seznam — we want to make sure the audit reaches the right person). The domain you want to check.

2

Confirm with a 6-digit code

We send an OTP email. You paste it back. This makes sure nobody else triggered an audit against your domain.

3

Report in your inbox in 5 min

Email with HTML report + PDF download. 13 checks, score 0–100, top 5 findings „what to fix tomorrow morning", specific recommendations.

Roman Krutina
Roman Krutina
CEO, ICT-GROUP s.r.o.
in IT since 2004
WHO STANDS BEHIND THE AUDIT

This audit isn't a sales gimmick.

I started after university at the Czech Ministry of Foreign Affairs service organization as helpdesk. For the Czech presidency of the Council of the EU, I designed a mobile solution built on BlackBerry — secure, remotely manageable, revolutionary at the time.

Since 2004 I've been doing fully managed Microsoft 365 IT for SMBs in Czech & Slovak republics. Currently 200+ active clients, 7-year average partnership. The audit you just ran is what we use internally as the first technical view of a new client — that's why it's thorough, and that's why it's free.

If we don't fit — you get the report + recommendations and you go. No sales call, no paywall. If we do fit — we talk specifics about your situation, not brochures.

LinkedIn → About ICT-GROUP →
WHY IT MAKES SENSE TO RUN IT

You lose nothing. We earn a chance to show we know our stuff.

💸

Genuinely free

No paywall at the end, no „upsell" button. We send the report even if we never talk.

📵

No sales call

A sales rep won't call you tomorrow. If we reach out, it'll be with a specific recommendation about your findings — and only if you ask for it.

🔒

Your data stays yours

The scanner uses only publicly available information (DNS, TLS, HTTP). No credentials, no M365 access needed.

📄

GDPR retention 365 days

Self-service audits get auto-deleted after a year. You can request earlier deletion any time.

FAQ

Common questions

What if I don't have a domain? I'm solo / freelancer.

For solo freelancers with Gmail, there's nothing for the audit to scan. We recommend getting a business domain (even just firstname-lastname.cz) — it gives credibility with clients and lets you use M365 / Google Workspace later.

Does it work with Google Workspace?

Yes. DNS / SSL / certificates / dark-web checks / Shodan all work for any domain. Microsoft-specific checks (M365 tenant, Defender for Identity) will detect a different mail provider and return an informational note.

Do you need access to my M365 / Active Directory?

No. The audit works only with publicly available information (DNS records, TLS certificates, HTTP headers, public M365 endpoints). No credentials, no admin consent, no OAuth.

What if you find critical vulnerabilities?

The report includes specific recommendations for what to fix tomorrow morning. If you want help implementing, get in touch — either one-off consulting (from 1,990 Kč/h), or joining our ZERO TOUCH IT programme (from 2,990 Kč/month, all-in-one). We don't push.

Can I re-run the audit? Like monthly?

Free audit has a rate limit of 3× per 24 hours per domain (anti-abuse). If you want continuous monitoring (weekly scans + alert on new findings), it's part of ZERO TOUCH IT — or you can enable it yourself in the report (green panel below the score).

Is the scan safe? Isn't it a penetration test?

The audit is passive — no exploit attempts, no rate-flood, no brute force. It scans what Google scans during indexing, or what security researchers see on shodan.io. Nothing exceeds publicly available API limits.

What's the catch?

No catch. The free audit is our entry card for new clients. If we find problems and you decide to fix them with us, we'll send an offer. If not — you get the report and use it with your existing IT. We'd worry more about our reputation than about the real cost of the audit.

LAST CHANCE

What your IT guy checks, what we look at, and what we find.

5 minutes. 13 checks. Report in your inbox. No sales call, no paywall.

Run the audit free

Scanning since 2024. 1,000+ domain audits.