Udated detections

That's it, that's the news. Most are related to cloud and remote login services.

RDAP checks, and whois index renamed to domains

There has been a major update in the way domain registrations are tracked. RDAP is useful and has become more common, but not all Top Level Domains support it yet. So, we now use both at ShadowTrackr.

An index to store RDAP data should of course not be called whois, and a common index named domains is the obvious choice. Due to the new RDAP monitoring and migration you might see a lot of domains related events for today.

All data, including custom reports, are automatically migrated. So, no action required. If you do see errors or problems, please let me know and I'll hunt them down.

More phishy url checks

We got a question from a user on why we don't do phishy checks on other Top Level Domains (TLDs) for the domains in the assets. That's a good one. We already did phishy checks on all permutations of your domains. That includes some other tlds, but not all, so this makes quite a good addition.

This week's update includes just that: ShadowTrackr now checks if your domain is up and phishy on the 10 most common TLDs used for phishing. So, if your asset is shadowtrackr.com, we'll monitor shadowtrackr.info, shadotrackr.net, and a bunch of others. You can view the results for any of your domains from the link on the domain page:

shadowtrackr.com/usr/phishy_urls?url=shadowtrackr.com

That page now also includes an overview of potential phishy domains that are not yet registered. This is to give you a better chance to register the bad ones yourself before the scammers and phishers do.

We already introduced the option to add your own custom phishy urls to our monitoring. If you have dozens of domains and want to add a specific TLD for all of them, that might be a lot of work. Just contact us and we'll add your TLD to the standard monitoring.