OnDOMAIN by Red Sift

Red Sift

OnDOMAIN by Red Sift

Red Sift

OnDOMAIN uncovers lookalike domains and provides an integrated domain takedown service.

OnDOMAIN enables Security personnel to quickly shut down phishing sites, discover and secure legitimate domains that have been forgotten about, and defend their brand against abuse and reputational damage.

Three key steps to domain perimeter protection


Unlike other domain monitoring products that only look at top-level domains (TLDs), OnDOMAIN monitors subdomains too. Any parked, forgotten, and impersonation domains are uncovered, and no stone is left unturned.

  • Domain discovery - We monitor 100-150 million domains and subdomains a day.

  • SpatialMatch - Checked against your assets using SpatialMatch, our innovative ensemble of GPT-3 with bigram-based multidimensional analysis instantly finds similarity in very large data sets.

  • Asset definition and scanning - Upload domain names and company logos to define your perimeter and visualize your brand estate.

2. Investigate

OnDOMAIN constantly absorbs and examines intelligence from a wide array of data sources to paint the full picture of a domain’s health and validity. This includes rasterized web snapshots, certificate registration, DNS signals, live spam data, and web content with a history of changes available for analyst review.

  • Machine vision-based logo detection - Scans the web for both legitimate and illegitimate use of an organization’s brand assets.

  • Domain screenshots - See screenshots of any impersonation domains in question.

  • WHOIS data - Monitor and log DNS changes, certificate validity, and other key domain parameters.

3. Takedown

Remove any doubt about attacks in their preparation phase using evidence gathered by OnDOMAIN in real-time. Sort threats by their imminence, save time with event-driven alerts, and issue one-click takedown notices once an impersonation domain has been identified.

  • Visibility into takedown status - Progress of the takedown can be easily monitored through a single pane of glass.

  • Speedy detection and takedown - OnDOMAIN’s takedown service leverages existing relations with registrars and hosting providers to quickly effect domain takedown.

Integration with SIEMs and SOARs for improved incident response

OnDOMAIN supports the capacity and information overload problem that exists for teams trying to stay on top of protecting their domain perimeter.

It does this by giving users the context they need to take action and minimize time spent investigating suspicious activity. OnDOMAIN has integrations to platforms such as Cortex XSOAR and Splunk in order to push relevant, actionable signals to SecOps teams for fast and efficient response.

Red Sift’s interoperable cybersecurity platform

OnDOMAIN is one of the core products that make up the Red Sift Digital Resilience Platform. It gives organizations both visibility into, and direct control over, known and unknown vulnerabilities affecting their public-facing assets across email, domain names, and the web.