Strategic Risk Intelligence

Strategic Overview

High-level posture indicators with period-over-period trends

22283

Total Threats

-43.3% vs prior 30d

20349

Active Threats

-47.5% vs prior 30d

8.7%

Neutralized

+2.5pp vs prior 30d

288

Critical Risk

+120.0% vs prior 30d

2258

Emerging (7d)

+3080.3% vs prior 30d

Executive Summary

Threat activity has decreased, with total detected threats declining 43.3% compared to the prior 30-day period. Of 22283 total threats, 288 classified as critical risk and 53.3% are email-capable (impersonation ready). Response posture is a gap requiring attention at 8.7% neutralization, up 2.5pp from the prior period — most identified threats remain unaddressed.

Last updated Mar 22, 2026 03:05

Detection Trends (30 Days)

Threat Composition & Exposure

How mature are detected threats and what systemic exposure do they represent?

Risk Score Distribution

Active High-Risk Domain Age

49.6% of active high-risk threats are less than 30 days old — a leading indicator of active campaigns.

Threat Lifecycle Funnel

Progression from dormant registration to active threat. Domains can appear in multiple stages.

Dormant

31%

6848

Infrastructure Ready

18%

4121

Active (Live)

40%

8878

Weaponized

22%

4999

Confirmed Phishing

524

Neutralized

1934

Infrastructure Intelligence

Which registrars, nameservers, and TLDs are concentrated in your threat landscape?

Top Registrars

Registrar	Count	Avg Risk	Response Rate
GoDaddy.com, LLC	2817	23	0%
NAMECHEAP INC	797	56	2%
NameSilo, LLC	673	42	18%
Dynadot LLC	590	8	31%
Dynadot Inc	559	20	1%
HOSTINGER operations, UAB	507	51	5%
Spaceship, Inc.	469	20	7%
Cloudflare, Inc.	407	38	1%
TurnCommerce, Inc. DBA NameBright.com	367	7	0%
TUCOWS.COM, CO.	359	47	1%

Top Nameservers

Nameserver	Count	Avg Risk
ns1.afternic.com., ns2.afternic.com.	724	29
ns1.dns-parking.com., ns2.dns-parking.com.	531	47
dns1.registrar-servers.com., dns2.registrar-servers.com.	531	58
nsg1.namebrightdns.com., nsg2.namebrightdns.com.	425	7
ns1.abovedomains.com., ns2.abovedomains.com.	424	36
ns1.dyna-ns.net., ns2.dyna-ns.net.	343	11
launch1.spaceship.net., launch2.spaceship.net.	272	15
ns1.dnsowl.com., ns2.dnsowl.com., ns3.dnsowl.com.	259	38
ns1.sedoparking.com., ns2.sedoparking.com.	258	22
ns1.parkingcrew.net., ns2.parkingcrew.net.	249	13

Active Threats & Response

Response effectiveness, emerging threats, and recent risk changes

Response Effectiveness

780

Taken Down

1239

Blacklisted

1934

Total Neutralized

Takedown Rate 3.5%

Blacklist Rate 5.6%

Neutralization Rate 8.7%

Discovery Method Breakdown

Emerging Threats (Last 7 Days, Risk 50+)

Lookalike Domain	Target Domain	Risk Score	Registrar	Website	Detected
topicloudapp.com	icloud.com	80	Squarespace Domains II LLC	Parked	5 days, 23 hours ago
contactsecurecoinbase.com	coinbase.com	80	Squarespace Domains II LLC	Parked	6 days, 23 hours ago
contacthelp-coinbase.com	coinbase.com	80	Squarespace Domains II LLC	Parked	6 days, 23 hours ago
coinbasela.com	coinbase.com	80	Squarespace Domains II LLC	Parked	6 days, 23 hours ago
edwatterstransmissionicloud.com	icloud.com	80	Squarespace Domains II LLC	Parked	6 days, 23 hours ago
tdintuitive.com	intuit.com	80	Squarespace Domains II LLC	Parked	6 days, 23 hours ago
xypaycheckout.com	checkout.com	75	NAMECHEAP INC	Live	5 days, 23 hours ago
drivrabooking.com	booking.com	75	NAMECHEAP INC	Live	1 day, 23 hours ago
playstation99.net	playstation.com	75	NameSilo, LLC	Live	1 day, 23 hours ago
roblox11.site	roblox.com	75	NAMECHEAP INC	Live	1 day, 23 hours ago
unicreditdavagliocapital.site	unicredit.eu	75	HOSTINGER operations, UAB	Live	1 day, 23 hours ago
crownvarietycheckout.com	checkout.com	75	TUCOWS.COM, CO.	Live	2 days, 23 hours ago
easyairbookings.com	booking.com	75	NAMECHEAP INC	Live	23 hours, 51 minutes ago
pbookings.online	booking.com	75	HOSTINGER operations, UAB	Live	23 hours, 51 minutes ago
famedreambooking.com	booking.com	75	NameSilo, LLC	Live	23 hours, 50 minutes ago

Recent Risk Increases

Not all domains are rescanned. Only domains that pass all skip conditions are rescanned for risk scoring. If any of the following conditions is met, the domain is skipped:

Domain created more than X days ago: 10 days
Domain discovered more than X days ago: 10 days
Risk score unchanged for X days: 10 days

Lookalike Domain	Target Domain	Previous	Current	Change	What Changed	Date
robloxpacks.com	roblox.com	20	50	+30	+MX Records (15pts) +SPF Records (15pts)	Mar 20, 2026
vvww-find-lcloud.help BLOCKED	icloud.com	70	100	+30	+MX Records (15pts) +SPF Records (15pts) +Website Live (10pts) -Website Parked (5pts)	Mar 21, 2026
icloud-id6.top BLOCKED TAKEN DOWN	icloud.com	15	45	+30	+Blacklisted (30pts)	Mar 19, 2026
quickbooks-payment.com BLOCKED	quickbooks.intuit.com	50	80	+30	+Blacklisted (30pts)	Mar 20, 2026
automatticcheckout.com BLOCKED	checkout.com	10	40	+30	+Blacklisted (30pts) +Very Recent Domain (10pts)	Mar 21, 2026
security-slack.com BLOCKED	slack.com	55	85	+30	+Blacklisted (30pts)	Mar 17, 2026
payoneer-account.com BLOCKED	payoneer.com	30	60	+30	+Blacklisted (30pts) +Very Recent Domain (10pts) +Website Phishing (20pts)	Mar 14, 2026
chatbotiawhatsapp.com	whatsapp.com	20	50	+30	+MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Live (10pts)	Mar 12, 2026
netflixteam.com BLOCKED	netflix.com	70	100	+30	+Blacklisted (30pts)	Mar 19, 2026
indogithubers.net	github.com	20	50	+30	+MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Live (10pts)	Mar 17, 2026
nobookingfees.online	booking.com	10	40	+30	+MX Records (15pts) +SPF Records (15pts)	Mar 19, 2026
bookingdyno.com	booking.com	45	75	+30	+Dangerous Registrar (25pts) +MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Live (10pts)	Mar 12, 2026
0185-binance.com BLOCKED	binance.com	20	50	+30	+Blacklisted (30pts) +Very Recent Domain (10pts) +Website Live (10pts)	Mar 14, 2026
binance-inv.com	binance.com	20	50	+30	+MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Live (10pts)	Mar 13, 2026
p4ypal.net	paypal.com	45	75	+30	+Dangerous Registrar (25pts) +MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Live (10pts)	Mar 12, 2026

Domain-Level Analysis

Which of your brands are most targeted and carry the highest aggregate risk?

Most Targeted Domains

#	Legitimate Domain	Lookalikes	Avg Risk	High Risk	Threat Level	Response Rate
1	booking.com	1438	30	156	Medium	6%
2	icloud.com	1293	31	143	Medium	15%
3	checkout.com	748	25	26	Low	8%
4	binance.com	718	23	20	Low	16%
5	schwab.com	688	13	3	Low	32%
6	shopify.com	555	21	18	Low	2%
7	whatsapp.com	548	21	16	Low	16%
8	wise.com	483	27	6	Medium	1%
9	intuit.com	468	31	42	Medium	4%
10	t-mobile.com	443	21	11	Low	4%

Domain Protection Status

10/10

DMARC Protected (quarantine/reject)

7/10

BIMI Configured (brand logo in inbox)

#	Domain	Lookalikes	DMARC Policy
1	booking.com	1438	reject
2	icloud.com	1293	quarantine
3	checkout.com	748	reject
4	binance.com	718	quarantine
5	schwab.com	688	reject
6	shopify.com	555	reject
7	whatsapp.com	548	reject
8	wise.com	483	reject
9	intuit.com	468	reject
10	t-mobile.com	443	reject

Highest Average Risk Domains

#	Legitimate Domain	Avg Risk	Max Risk	Lookalikes	Severity	Response Rate
31	steampowered.com	28	95	93	Medium	27%
32	coinbase.com	28	100	407	Medium	42%
33	santander.com	28	100	182	Medium	26%
34	spotify.com	28	95	323	Medium	11%
35	six-group.com	28	75	188	Medium	0%
36	okta.com	28	85	163	Medium	6%
37	aol.com	28	65	105	Medium	0%
38	capitalone.com	28	100	140	Medium	17%
39	nordea.no	28	75	25	Medium	0%
40	barclays.com	27	100	162	Medium	22%