Skip to main content
All CollectionsGetting around OnDOMAIN
How to classify lookalike domains
How to classify lookalike domains
Stéphane Puthod avatar
Written by Stéphane Puthod
Updated over a week ago

As new domains appear, you need to classify those using the following options:

  • Mark as Low Risk: The lookalike is moved to Low Risk

  • Enable Low Risk autoclassification. This auto-classification will add the TLD (Top Level Domain) and all of its current as well as future subdomains to your low risk list.

  • Add to my domains: The lookalike is added to OnDMARC (If applicable).

  • Mark as High Risk. The lookalike is moved to High Risk.

  • Mark for takedown. The lookalike is moved to High Risk and Takedowns.

  • Report as false positive. OnDOMAIN will collect this data for improving the engine.

Tip: You can add and hide icons from the top bar with adjusting the Columns.

For each lookalike domain, you can get insights on the following:

  • Lookalike: Name of the detected domain that is similar to one of the domains that was added to the "Domains" page.

  • Update date: Most recent time in which OnDOMAIN scanned this lookalike domain.

  • Observed date: The time on which OnDOMAIN spotted the lookalike domain for the first time.

  • Risk Rating: Score value from 1 to 3, indicating how likely the lookalike can be considered as a threat. The higher the score, the bigger the likelihood.

  • Email ready: Indicates whether the lookalike is ready to send or receive emails and/or DMARC record check.

  • Web ready: Indicates whether the domain is ready to host a website.

  • Has screenshot: Indicates whether OnDOMAIN got a screenshot of the domain website.

  • IP reputation: Checks all IPs associated with the lookalike against threat feeds to make sure there are no issues.

  • Domain reputation: Indicates whether the lookalike domain has reputation issues associated.

  • Is subdomain: Indicates whether or not the lookalike is a subdomain.

  • DMARC Status: Display the Policy state (none, quarantine, reject) or leave empty if no DMARC record in DNS).

  • Category: Contains a list of tags related to an automatic origin discovery process (Parked, Assets and Abandoned).

  • Logo annotations present: Indicates whether at least one of the uploaded logos exists in the lookalike domain.

  • NS records: Lists the hostnames of the name servers that store all DNS records for that particular lookalike domain and subdomains configured with the same name server.

  • Similar to: Resemblance in appearance to your owned Domains (Listed in "Domains").

  • Flagged by Google: Shows red if the lookalike is listed on Google Safe Browsing list.

  • Manually Added: Shows green If the lookalike was added manually to OnDOMAIN.

Marked as HIGH RISK:

Note: We monitor lookalike threats 3-4 times a day.

Marked as LOW RISK:

Note: We monitor those lookalikes once a day to ensure there is no change in the risk rating.

If OnDOMAIN detects changes - Lookalikes are moved back to unclassified for the Customer to review the risk.

Did this answer your question?