Automatic parked domain discovery
We are excited to share that from now on, OnDOMAIN’s lookalike scanning process will include the automatic detection of parked domains. By analysing the screenshot of a given lookalike’s web page, OnDOMAIN will be able to conclude whether the lookalike is a parked domain.
The parked domain indicator will appear in the recently added Classification column as the Parked tag.
Please note that this tag may appear alongside the Asset tag, which would mean that the lookalike in question is a parked domain that also happens to be a potential asset of yours.
The three classification definitions are:
Asset: the lookalike domain is potentially an asset owned by your company.
Abandoned: the lookalike domain is potentially an asset owned by your company but has lacked DNS activity for a long time - it has likely been forgotten. It could still be purchased by a third party.
Parked: this is a domain that has been registered by you but isn’t being actively used or is a domain that has been registered by an external agent.
Keyword-based lookalike detection
OnDOMAIN relies on the domains that you add to the Domains page in order to start the lookalike domains discovery process. We’ve now added an optional discovery step that will analyse keywords provided by you in order to reduce the discovery of false positives in the lookalikes Activity table.
The keywords are used to increase the matching criteria of newly detected lookalike domains and reduce the number of false positives, in which lookalike names have (almost) nothing to do with any of your original domains.
By adding these keywords, all English language words which contain the keyword as a substring are added to an exclusion list. These will be used to filter out any matching lookalike domains.
To read more about this feature, read the knowledge base article.
Note: this feature will only work if you added a valid OnDOMAIN API Key to the Settings page.
Enable ignore auto-classification option
When classifying a top-level domain as safe, it makes sense to also mark any of its detected subdomains as safe.
With this release, we added a new classification option to enable safe auto-classification for TLDs (Top-Level Domains). If this option is enabled, the following happens:
The TLD is moved to the Ignored tab.
All existing subdomains associated with the TLD are moved to the Ignored tab as well.
Most importantly, any newly detected subdomain of the TLD will be moved automatically to the Ignored tab.
The new classification option appears as shown in the screenshot below:
With this new option, your Unclassified (previously known as New) tab will be tidier.
Lookalike declassification option
Previously, if you classified newly detected lookalikes as Ignored or a Threat, there was no way to declassify them.
From now on, you’ll be able to move any already-classified lookalike back to the Unclassified tab. In order to do so, you may use the new classification option from both the individual actions menu and the bulk actions menu.
Takedown cancellation and deletion options
The Takedowns tab on the Activity page did not offer a way to cancel an ongoing takedown or delete it completely from the list.
With this new release, we’ve added two new options to manage your takedowns.
Ongoing takedowns can now be canceled which will stop the takedown request. Please note that if you are already committed to the takedown (i.e. you already confirmed to pay by invoice), it will not be possible to cancel the request.
Non-started and canceled takedowns can be deleted from the list. Canceled takedowns can even be restarted.
If at some point you need to restart a takedown process that you deleted previously, just mark the same domain for takedown and restart the takedown process.
New Is subdomain filter
When organisations fail to monitor and secure their subdomains, they become targets for fraudsters to hijack and use to carry out impersonation attacks. Therefore, uncovering and securing them is critical.
As a result, we’ve added a new filter called is subdomain. With this new filter, you'll be able to show or hide lookalike entries that are categorised as subdomains.
Sorting of the Classification column in Activity table
Upon releasing the automatic parked domains feature, the Classification column in the Activity table stopped working.
This has now been fixed so you can rely on the sorting capabilities for this particular column to create any filters matching your classification and analysis processes.
Selection counter on top of Activity
When selecting rows in the Activity table, a counter with the total number of selected rows is displayed at the bottom of the table.
We have added the very same counter at the top of the table to save you from scrolling to the bottom.