The Activity menu shows the list of Unclassified lookalike domains that have been registered by date and time as well as the various security parameters that contribute to a domain's risk rating.
OnDOMAIN continuously monitors for activities that could be perceived as malicious by an organisation.
OnDOMAIN measures lookalikes against a variety of parameters. It gives each of these parameters a weight value and produces a risk rating based on these.
1. Risk Rating
This indicates how similar a lookalike domain is compared to an owned domain.
There are three risk rating levels:
Low: risk value between 0 - 1
Medium: risk value between 1 - 2
High: risk value between 2 - 3
To calculate a risk value, we have attributed a weight value to each of the security parameters in the activity bar, namely:
Email readiness: 0.125
Web presence: 0.125
IP reputation issues: 0.125
Domain reputation issues: 0.125
Logos detected: 0.5
OnDOMAIN then multiplies the weight by 3 to produce the final value. For example, if a lookalike domain:
Is email ready
Has web presence
Has IP reputation issues
Has domain reputation issues
Has logos present
Its risk rating value would be 0.125 (email ready) + 0.125 (IP reputation issues) + 0.5 (logo presence) = 0.75 or 75%. 0.75% x 3 = 2.25, making this a high-risk lookalike.
Logo presence accounts for more because it would indicate that:
The lookalike domain has a website set up
This website is using your organization's logo which is a sure-fire sign of a threat
2. Email Security
Checks if the lookalike is ready to send emails.
3. Web Ready
Checks if a website has been set up or if the domain is ready to host a website. A screenshot is taken to show a website - if no website exists, the window is empty.
4. Domain Reputation
Checks domain feeds to make sure there are no reputation issues.
5. IP Reputation
Checks all IPs associated with the lookalike against threat feeds to make sure there are no issues.
6. Logo annotation present:
This feature will check if predefined logo(s) are present on your domain's website.
Note: This is pre-configured in Settings under the "Logo detection tags" section.
7. NS Records
It lists the hostnames of the nameservers that store all DNS records for that particular lookalike domain and subdomains configured with the same nameserver.