Page tree


BloxOne Threat Defense supports custom lookalike domain monitoring for viewing and searching lookalike domains. Custom Lookalike Domain Monitoring provides the power of the global lookalike domain feature to be targeted for specific critical domains for the user. Using a customer-defined list of domains, an organization can now add the company's own domain, or domains frequently visited by or controlled by the organization in order to provide advanced warning of common attack vectors. Using Custom Lookalike Domain Monitoring, users can potentially avert unknown attacks, and prevent potentially 'brand-affecting" incidents.

Lookalike domains are domains that are found to be visually similar (homographs) when compared to the domains they are attempting to imitate. Lookalike domains are composed using methods such as replacing letters with visually confusing ones (e.g. o to 0, l to 1, w to vv), switching to different top-level domains (e.g. .com to .cc), or by using the IDN character set or Punycode characters to mimic the legitimate domains they are attempting to exploit. Lookalike domains are often found in cyber attacks seeking brandjacking, traffic redirection, typosquatting, and phishing.

When using Custom Lookalike Domain monitoring, a user-supplied list or lists of critical domains are compared against Infoblox's database of known, registered domains to identify potential lookalike domains. If a detection does occur, the user will be notified via the Cloud Services Portal and via email.

Custom Lookalike Domain Monitoring is available ONLY for subscribers of BloxOne Threat Defense Advanced.

For me information on custom lookalike domain monitoring, see the following:

  • No labels

This page has no comments.