About
Aura Skypool is a Dubai hospitality venue and the world’s highest three hundred sixty degree infinity pool, located on the fiftieth floor of Nakheel’s Palm Tower in Palm Jumeirah. Guests book swim, lounge, and event sessions directly on auraskypool.com, paying by credit card at checkout, which makes the booking site a high value target for fraud.
Challenge
Attackers registered lookalike domains mimicking auraskypool.com and used them to redirect prospective guests away from the real booking flow. Victims who landed on the cloned sites were exposed to credit card theft, and the lookalikes went undetected by existing tools, so Aura Skypool had no early warning before guests were already at risk.
Why Skysnag
Skysnag deployed Protect and BrandGuard together, replacing manual, after the fact domain hunting with continuous, real time lookalike detection and automatic takedown
Value split
Security value
Real time detection and automatic blocking of lookalike domains stops credit card theft sites before they can reach guests.
Operational value
Minute by minute monitoring removes the need for Aura Skypool’s team to manually search for and report clones.
Rollout model
Skysnag implemented BrandGuard’s three layer protection model across Aura Skypool’s domain and DNS infrastructure, moving the venue from periodic manual checks to continuous, automated defense. The rollout was sequenced so detection went live first, blocking went live second, and the takedown and escalation workflow followed immediately after, closing the gap between when a lookalike domain appeared and when it was neutralized.
Rollout steps
- Activate DNS Shield monitoring. Skysnag layered brand protection rules on top of Aura Skypool’s DNS, establishing continuous, around the clock scanning for newly registered domains that resemble auraskypool.com. Every new registration is checked the moment it appears in global domain data, so Aura Skypool no longer has to wait for a customer complaint or a chargeback to learn a clone exists.
- Deploy the Anti Cloning Agent. The agent sits at the DNS and registrar level and intercepts traffic intended for lookalike domains before it reaches a live page. Even when an attacker successfully registers a clone, the Anti Cloning Agent prevents it from resolving into a working website, so most threats are neutralized before a single guest can be misdirected.
- Enable Registrar Lock with human escalation. For the share of lookalikes that need direct intervention, a dedicated verification team backed by legal counsel escalates the case with Skysnag’s network of registrar and hosting partners, spanning more than 250 TLDs and 400 hosting providers worldwide. This combination of automated blocking and human follow up is what compresses takedown time from the industry’s typical 27 to 40 days down to 2 to 7 days.
Once live, this model runs continuously in the background, requiring no day to day management from Aura Skypool’s team.
Results and proof signals
The combined model let Aura Skypool move from reactive cleanup to automatic, real time enforcement.
Results stats
100s
lookalike domains taken down
2 to 7 days
average takedown time (vs. 27 to 40 days industry average)
250+ TLDs
global registrar and hosting coverage
What this means for brands
For any brand selling tickets or services online, especially one handling guest payment details at scale, the time between a lookalike domain going live and getting taken down is the window where customers get defrauded and trust gets damaged. Cutting that window from weeks to days, automatically, is what turns brand protection from a compliance checkbox into a real fraud prevention control.
