Lookalike Domain Monitoring

Infoblox Threat Defense supports lookalike domain monitoring for viewing and searching lookalike domains. Lookalike Domain Monitoring provides the power of the global lookalike domain feature to be targeted for specific critical domains for the user. Using a customer-defined list of domains, an organization can now add the company's own domain, or domains frequently visited by or controlled by the organization in order to provide advanced warning of common attack vectors. Using Custom Lookalike Domain Monitoring, users can potentially avert unknown attacks, and prevent potentially 'brand-affecting" incidents. A maximum of 25 lookalike domains can be added to a custom list for monitoring. 

Lookalike domains are domains that are found to be visually similar (homographs) when compared to the domains they are attempting to imitate. Lookalike domains are composed using methods such as replacing letters with visually confusing ones (e.g. o to 0, l to 1, w to vv), switching to different top-level domains (e.g. .com to .cc), or by using the IDN character set or Punycode characters to mimic the legitimate domains they are attempting to exploit. Lookalike domains are often found in cyber attacks seeking brandjacking, traffic redirection, typosquatting, and phishing.

Image: The Lookalike Domains Activity page (default view). 

For more information on custom lookalike domain monitoring, see the following:

• Adding Lookalike Domains to a Custom List
• Viewing Lookalike Domain Activity
• Viewing Common Watched Domains
• Viewing Custom Watched Domains
  • Adding Suggested Lookalike Domains
• Viewing Muted Lookalike Domains