Updates: April 28th, 2023
Francesca Runger-Field avatar
Written by Francesca Runger-Field
Updated over a week ago

Redesigned Domain Details Page

We are pleased to announce that the Domain Details page has been redesigned. The domain details cards are now displayed in a more compact way so data can be seen at a glance.

If a screenshot is captured or a subdomain has been discovered, the cards are expandable and clickable, allowing you to access more detailed information.

Improved Logo Management page

The Logo Management page has been completely redesigned to better review the currently uploaded logos with their corresponding previews at a glance.

When accessing the Logo Management page, you will be able to see this view:

A list of class names will be displayed by default, showing the number of logos that were uploaded for each class, as well as a logo preview per class to visually distinguish each class.

Clicking on a given class will redirect you to another page, this time listing bigger previews of all logos that have been uploaded for the selected class, as seen below:

Hovering the cursor over a logo will display some actions for you to trigger, such as viewing a larger version of the selected logo or visualizing a logo’s metadata, such as its size.

Takedown notes support

In order to increase the likelihood of a domain being successfully taken down, we recommend uploading as much evidence as possible, such as a screenshot of the malicious domain or an email header from a malicious email you may have received. This can help speed up the takedown process as it acts as compelling proof for our takedown provider.

However, sometimes the evidence files are not enough and a piece of text can provide extra context. This is especially useful when reviewing the website of a given domain in more detail, and identifying some extra evidence that OnDOMAIN cannot locate, such as the website mentioning your company’s HQ address or company number, or a specific path in that website containing your company’s logos, not being used on the main website.

For such scenarios, we’ve added a notes section to the takedown details page within OnDOMAIN. When setting up the evidence to actually issue a takedown request, you may write extra details into the notes section. These notes will be sent to our takedown provider along with the evidence files as soon as you apply for the takedown.

The notes section is displayed right above the section to upload evidence files, as shown in the screenshot below:

Redesigned Activity Details page

The lookalike details page from Activity, also known as the Activity details page, has also undergone a redesign phase to match the redesign from the domain details page.

Cards are displayed differently, showing their information in a much more compact way, and are expandable when clicking on the corresponding arrow buttons. A fully expanded set of cards in a given Activity details page looks like the screenshot below:

As with the Domain details page redesign, please bear in mind that the information you see on this newly redesigned page is still the same as in the previous version - no data has been removed or added as a consequence of the redesign. Changes only apply to the formatting and visual presentation of the existing data.

Permission-based action limitations across OnDOMAIN

OnDOMAIN accounts can be shared with multiple users, and there must always be at least one with an Owner role.

Users in the Red Sift platform can have different roles, and permissions can be applied based on those, from the Profile page button accessible from the top of the right-side menu.

In the case of OnDOMAIN, starting from now, actions that may produce changes to the account’s data will be checked in terms of permissions. What this means in practice is that users with Owner or Superadmin roles will be able to apply actions within OnDOMAIN, whereas users with other roles, such as Superreader or Finance will not be able to do so.

All users with access to the OnDOMAIN account will be able to see all the data without limitations. Only actions are limited per role.

A user that has insufficient permissions to apply a given action will see an error notification within OnDOMAIN, indicating that the user has insufficient permissions.

It is up to the OnDOMAIN account owner to upgrade a given user’s permissions by changing the corresponding role to an admin one.

Selectable reason for false positive reporting

When we added the action to report false positive lookalike domains from the Activity page and the lookalike domain details page, the implicit reason was that the name of the reported domain had (almost) nothing to do with the related domain asset it was similar to (supposedly).

From now on, the reporting of false-positive lookalike domains supports a second reason - an incorrectly recognized logo detection.

Special-encoding support for manually-added lookalike domains

We noticed that when manually adding lookalike domains with special characters, such as accents or more exotic Unicode characters, the submitted lookalike domains were completely ignored by OnDOMAIN due to a fault in our logic.

The issue has been resolved already, you may start adding lookalike domains with Unicode characters without further issues.

New screenshot details page

Screenshot details of a domain asset or lookalike domain are now presented on a separate page within OnDOMAIN.

This page can be accessed from the corresponding details page card labelled Screenshot, redirecting to a piece of content similar to the one displayed below:

Some important points to highlight:

  • The left sidebar shows a list of HTTP redirects that happened (if any) whenever OnDOMAIN attempted to take a screenshot of the domain. This helps to identify unexpected redirects and redirect patterns that some attackers may use to boost temporary confidence in a lookalike website before switching to a counterfeit site.

  • The list of detected logo classes is also displayed, with samples extracted from the actual screenshot locations. Hovering the cursor over any of these logos will highlight them in the screenshot displayed at the right.

  • The raw screenshot metadata that was previously displayed in the detailed view of the screenshot is still available through the download button located at the top of the left sidebar.

Clicking on a given logo will show a detailed view with extra information on the detected logo, such as the number of detections within the screenshot.

Other improvements

Revamped dashboard actions

We have reviewed the actions presented in the Actions card from the Dashboard page, and now are displaying an enhanced set of actions with more descriptive titles and reasonings behind them.

A visual example can be seen below:

Each action has its own button that will redirect you to the corresponding page within OnDOMAIN to review the data mentioned that applies to the selected action.

More efficient domain variant computation logic

OnDOMAIN produces hundreds of variants of your domain assets continuously based on different algorithms in order to find active domains that could pose a threat to your company.

We have optimized this computation by tuning some of the input parameters, resulting in a faster and more efficient process, producing a more consistent and accurate list of matches that will be worth your time.

Enhanced lookalike detection engine

The OnDOMAIN lookalike detection has undergone a massive set of changes in recent releases, but there are still some blind spots that have been identified thanks to your help.

As a result, the lookalike detection engine has been improved to cover some obvious yet important cases that can help identify critical lookalike domain names that may be worth reviewing due to their riskier nature regarding their name.

Friendlier CSV upload

OnDOMAIN offers a CSV upload as a bulk-upload mechanism when adding new domain assets as well as lookalike domains.

The format of the expected CSV files was confusing so we’ve made some efforts to remove some obvious roadblocks.

As a result, you can now upload CSV files using the delimiter of your choice, as long as the same delimiter character is used within the file. OnDOMAIN will take care of inferring the delimiter character, removing some burden from the upload process.

Faster transition of lookalike domains to domain assets in the UI

We noticed that the Activity action labelled Add to my domains could take several seconds to finish, leading to confusion and some temporary inconsistencies in the data presented in the UI when switching to the Domains page.

This action has been reviewed on a technical level to make it faster, in order to resolve the issues outlined before.

Improved takedown-related email alerts

The email alerts sent by OnDOMAIN include information about changes related to lookalike detection, risk rating changes in high-risk lookalikes, and also about takedown changes.

The takedown alerts were only accounting for the takedown status changes (i.e. moving from an In Review status to an Evidence Required status, for instance). From now on, the takedown alerts will also account for any relevant instructions added by the Red Sift Customer Success team.

As a reminder, make sure you have enabled the takedown change alerts in your Integrations -> Alerting section within OnDOMAIN.

Redesigned icons in Domains page and Activity page tables

We recently reviewed the icons displayed on the Domains page and Activity page tables and replaced them with more intuitive versions so that you’re able to quickly grasp what a specific column refers to.

The redesigned icons from the Activity page table

The redesigned icons from the Domains page table

Did this answer your question?