New: Phishy domain tracking
04 November 2018
Yes, I still see things I can improve on current functionality, and yes, I'll keep working on that. But sometimes you just have to indulge yourself. So, I've just added phishy domain tracking to ShadowTrackr.
A phishy domain is a domain that looks similar enough to one of your domains for it to be used in phishing attempts. That is, someone is pretending to be you and phishing your clients. I've been testing several algorithms to generate phishy domains and settled on a combination that seemed to work well.
The number of phishy domain candidates generated per url can vary between 1 and more than 1000 (it's shown on the url page). This number depends on the domain length, top level domain and characters used. All candidates are tracked and for those domains responding the information is shown in the new phishy domain report (rather obviously found under "reports"). You can quickly see if it's harmless (because it's redirected to the original) or click through to more detailed information like mailservers, nameserver and website similarity percentages that will help you determine if it's malicious. Of course, you'll get notifications when likely phishy domains are found.
Although I've been testing for a few weeks with this, I expect there's still a lot to be learned about tracking phishy domains and I'll be revisiting this subject.