The Activity menu shows the list of Unclassified lookalike domains that have been registered by date and time as well as the various security parameters that contribute to a domain's risk rating.

OnDOMAIN continuously monitors for activities that could be perceived as malicious by an organisation.

OnDOMAIN measures lookalikes against a variety of parameters. It gives each of these parameters a weight value and produces a risk rating based on these.

1. Risk Rating

This indicates how similar a lookalike domain is compared to an owned domain.

There are three risk rating levels:

To calculate a risk value, we have attributed a weight value to each of the security parameters in the activity bar, namely:

OnDOMAIN then multiplies the weight by 3 to produce the final value. For example, if a lookalike domain:

Its risk rating value would be 0.125 (email ready) + 0.125 (IP reputation issues) + 0.5 (logo presence) = 0.75 or 75%. 0.75% x 3 = 2.25, making this a high-risk lookalike.

Logo presence accounts for more because it would indicate that:

2. Email Security

Checks if the lookalike is ready to send emails.

3. Web Ready

Checks if a website has been set up or if the domain is ready to host a website. A screenshot is taken to show a website - if no website exists, the window is empty.

4. Domain Reputation

Checks domain feeds to make sure there are no reputation issues.

5. IP Reputation

Checks all IPs associated with the lookalike against threat feeds to make sure there are no issues.

Domain Registration:

6. Logo annotation present:

This feature will check if predefined logo(s) are present on your domain's website.

Note: This is pre-configured in Settings under the "Logo detection tags" section.

7. NS Records

It lists the hostnames of the nameservers that store all DNS records for that particular lookalike domain and subdomains configured with the same nameserver.