Updates: June 5th, 2023

Highlights include the launch of the first GPT-4 powered discovery and classification feature, as well as a brand new Honeypot Email feature

Francesca Runger-Field avatar
Written by Francesca Runger-Field
Updated over a week ago

New releases

AI-based recommendations of identities for asset detection

We recently launched a brand new AI-powered feature that classifies identities found across DNS, WHOIS, SSL certificates, and other sources. By automatically pinpointing and enabling the most relevant identities, it empowers your organization to discover and categorize potential assets that haven't yet been found or have been parked or forgotten and left unsecured.

Relevance Detection, OnDOMAIN's new AI-powered identity classification feature

To find out how to get started, click the link below.

Honeypot email detection

We’ve also released a brand new feature that helps OnDOMAIN uncover emails associated with the domains in your account (both domain assets and lookalikes), detected through a honeypot.

The email honeypot provides an additional filter for users who are classifying activity in their Lookalike Domains view. It allows them to sort lookalikes by the number of emails the honeypot has detected. A high volume of emails could suggest an increased risk of fraudulent activity on the domain in question and would alert the Security team to prioritize it for analysis.

How does it work?

The number of detected emails can be checked through the Email Count column on the Domains page and the Activity page.

Within the domain / lookalike details page, you will see a card named Detected Emails, listing a summary of the detected emails based on the sender reputation computed by OnDOMAIN for each detected email.

After accepting the Terms and Conditions, assuming you are an admin user, you will be able to access a full list of the detected emails by clicking on the More details button.

The full list of emails is filterable just like any other table within OnDOMAIN. Clicking on a given row will lead you to an email details page, where you will be able to see:

  • A list of the email metadata fields in detail.

  • A list of email attachment files (non-downloadable), with a flag on whether any of these attachments is well-known malware.

  • A screenshot of the actual email contents, if available.

Please note that the information disclosed on the email details page and the emails list could expose some sensitive information. By accepting the terms and conditions mentioned before you commit to handling the email information disclosed in the OnDOMAIN UI with care.


New traffic rating information in Activity page and Domains page tables

We just added a brand new column to the Activity page table, as well as to the Domains page table, to provide information on how popular a given lookalike domain is in terms of web and/or email traffic.

This information is very valuable in identifying domains that may pose a bigger threat to any of your domain assets (and for that matter, to your company), if not a related asset of yours in the first place.

The new Traffic rating column can be used to prioritize the review of lookalike domains that are more popular. The more bars are enabled in the icon below, the more popular a given domain is in terms of web/email traffic.

Please note that in the case of the Activity page table, the Traffic Rating column is only available in the Unclassified tab.

Migration of detected subdomains belonging to domain assets

We identified a scenario in which detected lookalike subdomains would still appear on the Activity page (in both Unclassified and Low Risk tabs), being rescanned as any other lookalike domain.

A fix has been applied so that those lookalike subdomains are moved to the subdomains list of their corresponding top-level domain, as soon as they are detected in the Activity page.

Improved response times for false positive reporting

When reporting a lookalike domain from the Activity page as a false positive, the request could take a while to be processed. We identified the bottleneck in our system and this functionality should work much more smoothly from now on.

Did this answer your question?