paloAlto (network devices like firewalls etc) is able to scan the sites that users want to visit behind their devices. these are very popular devices in many companies. users can also have agents installed on their computers that also have access to the sites they visit.
This is what I was thinking it must be, along the lines of Cisco NAC. Could monitor via browser plugin for full URLs or DNS server for domains.
I imagine the certificate transparency log is the avenue, but local monitoring and reporting up as a new URL or domain to scan for malware seems similarly plausible.
reply