IntegrationsBlogContact

Malfors v1.7 Released

Account security improvements, better Domain Search, and additional enrichments.

Account Security

Malfors now supports TOTP two-factor authentication.

Users can enable 2FA from a new dedicated security page and protect their accounts with an authenticator app.

Active sessions are now also listed on that page, so users can review where they are signed in and revoke sessions they do not recognize or need.

Malfors Security and Access settings showing password controls, enabled two-factor authentication, and active session management
Security and Access settings with two-factor authentication and active session controls.

Domain Search

Domain Search now supports extremely fast suffix search. You can use it to discover subdomains or find every indexed domain ending with a specific string.

For example, searching for domains ending with -icloud[.]com can surface large sets of likely phishing infrastructure and brand impersonation domains.

Malfors Domain Search showing an ends-with query for -icloud.com with 2,933 matching domains returned in 32 milliseconds
Suffix search can return thousands of matching domains in milliseconds.

Domain Search is also now available via API, making it easier to build automation on top of Malfors.

This can be used for workflows such as monitoring for brand impersonation, sending matches to internal review queues, or automatically reporting suspicious domains.

We also migrated the Domain Search cluster to better hardware. In practice, complex wildcard and fuzzy-match queries should now complete much faster.

Enrichments

We reworked our urlscan.io integration. You can now fetch individual scan results and pivot across identifiers, page text, and other extracted data directly in Malfors. The integration also supports urlscan.io Pro queries.

Malfors graph with urlscan.io page scan entities connected to malfors.com and a result details panel showing scan metadata
urlscan.io results can now be explored directly in the Malfors graph and details panel.

We also integrated crt.sh to enrich domains with certificate transparency records. This helps discover related subdomains and adds more infrastructure context during an investigation.