All Collections
Getting around OnDOMAIN
How to interpret the Activity interface
How to interpret the Activity interface
Stéphane Puthod avatar
Written by Stéphane Puthod
Updated over a week ago

The Activity menu shows the list of Unclassified lookalike domains that have been registered by date and time as well as the various security parameters that contribute to a domain's risk rating.

OnDOMAIN continuously monitors for activities that could be perceived as malicious by an organisation.

OnDOMAIN measures lookalikes against a variety of parameters. It gives each of these parameters a weight value and produces a risk rating based on these.

1. Risk Rating

This indicates how similar a lookalike domain is compared to an owned domain.

There are three risk rating levels:

  • Low: risk value between 0 - 1

  • Medium: risk value between 1 - 2

  • High: risk value between 2 - 3

To calculate a risk value, we have attributed a weight value to each of the security parameters in the activity bar, namely:

  • Email readiness: 0.125

  • Web presence: 0.125

  • IP reputation issues: 0.125

  • Domain reputation issues: 0.125

  • Logos detected: 0.5

OnDOMAIN then multiplies the weight by 3 to produce the final value. For example, if a lookalike domain:

  • Is email ready

  • Has web presence

  • Has IP reputation issues

  • Has domain reputation issues

  • Has logos present

Its risk rating value would be 0.125 (email ready) + 0.125 (IP reputation issues) + 0.5 (logo presence) = 0.75 or 75%. 0.75% x 3 = 2.25, making this a high-risk lookalike.

Logo presence accounts for more because it would indicate that:

  • The lookalike domain has a website set up

  • This website is using your organization's logo which is a sure-fire sign of a threat

2. Email Security

Checks if the lookalike is ready to send emails.

3. Web Ready

Checks if a website has been set up or if the domain is ready to host a website. A screenshot is taken to show a website - if no website exists, the window is empty.

4. Domain Reputation

Checks domain feeds to make sure there are no reputation issues.

5. IP Reputation

Checks all IPs associated with the lookalike against threat feeds to make sure there are no issues.

Domain Registration:

6. Logo annotation present:

This feature will check if predefined logo(s) are present on your domain's website.

Note: This is pre-configured in Settings under the "Logo detection tags" section.

7. NS Records

It lists the hostnames of the nameservers that store all DNS records for that particular lookalike domain and subdomains configured with the same nameserver.

Did this answer your question?