Filters
Strategic Overview
High-level posture indicators with period-over-period trends
29468
Total Threats
+56.5% vs prior 30d
26772
Active Threats
+57.8% vs prior 30d
9.1%
Neutralized
-2.5pp vs prior 30d
432
Critical Risk
+93.7% vs prior 30d
2334
Emerging (7d)
+12.5% vs prior 30d
Executive Summary
Threat activity has intensified, with total detected threats increasing 56.5% compared to the prior 30-day period. Of 29468 total threats, 432 classified as critical risk and 52.9% are email-capable (impersonation ready). Response posture is a gap requiring attention at 9.1% neutralization, down 2.5pp from the prior period — most identified threats remain unaddressed.
Last updated Apr 06, 2026 11:33Detection Trends (30 Days)
Threat Composition & Exposure
How mature are detected threats and what systemic exposure do they represent?
Risk Score Distribution
Active High-Risk Domain Age
37.7% of active high-risk threats are less than 30 days old — a leading indicator of active campaigns.
Threat Lifecycle Funnel
Progression from dormant registration to active threat. Domains can appear in multiple stages.
Infrastructure Intelligence
Which registrars, nameservers, and TLDs are concentrated in your threat landscape?
Top Registrars
| Registrar | Count | Avg Risk | Response Rate |
|---|---|---|---|
| GoDaddy.com, LLC | 3873 | 24 |
|
| NAMECHEAP INC | 1093 | 57 |
|
| NameSilo, LLC | 992 | 42 |
|
| Dominet (HK) Limited | 874 | 34 |
|
| Dynadot Inc | 695 | 21 |
|
| HOSTINGER operations, UAB | 680 | 50 |
|
| Dynadot LLC | 614 | 9 |
|
| Cloudflare, Inc. | 611 | 42 |
|
| Spaceship, Inc. | 594 | 22 |
|
| TUCOWS.COM, CO. | 493 | 46 |
|
Top Nameservers
| Nameserver | Count | Avg Risk | Share |
|---|---|---|---|
| ns1.sedoparking.com., ns2.sedoparking.com. | 286 | 22 |
|
| ns1.parkingcrew.net., ns2.parkingcrew.net. | 261 | 13 |
|
| ns3.afternic.com., ns4.afternic.com. | 234 | 27 |
|
| ns1.renewyourname.net., ns2.renewyourname.net. | 201 | 36 |
|
| a.ns.facebook.com., b.ns.facebook.com., c.ns.facebook.com. | 199 | 4 |
|
| getstore.mars.orderbox-dns.com., getstore.venus.orderbox-dns.com. | 195 | 6 |
|
| ns1.brandshelter.com., ns2.brandshelter.de., ns3.brandshelter.info. | 178 | 14 |
|
| a.share-dns.com., b.share-dns.net. | 173 | 10 |
|
| ns-cloud-c1.googledomains.com., ns-cloud-c2.googledomains.com., ns-cloud-c3.googledomains.com. | 158 | 47 |
|
| ns1.atom.com., ns2.atom.com. | 153 | 6 |
|
Active Threats & Response
Response effectiveness, emerging threats, and recent risk changes
Response Effectiveness
1291
Taken Down
1552
Blacklisted
2696
Total Neutralized
Takedown Rate
4.4%
Blacklist Rate
5.3%
Neutralization Rate
9.1%
Discovery Method Breakdown
Emerging Threats (Last 7 Days, Risk 50+)
| Lookalike Domain | Target Domain | Risk Score | Registrar | Website | Detected |
|---|---|---|---|---|---|
| krakenia.fr | kraken.com | 50 | OVH | Live | 2 days, 7 hours ago |
| napolihotelbooking.com | booking.com | 50 | TUCOWS.COM, CO. | Live | 2 days, 17 hours ago |
| melanesorciereintuitive.fr | intuit.com | 50 | Hosting Concepts B.V. d/b/a Openprovider | Live | 5 days, 7 hours ago |
| dropbox-security.com BLOCKED | dropbox.com | 50 | Name SRS AB | Live | 4 days, 7 hours ago |
Recent Risk Increases
Not all domains are rescanned. Only domains that pass all skip conditions are rescanned for risk scoring.
If any of the following conditions is met, the domain is skipped:
- Domain created more than X days ago: 10 days
- Domain discovered more than X days ago: 10 days
- Risk score unchanged for X days: 10 days
| Lookalike Domain | Target Domain | Previous | Current | Change | What Changed | Date |
|---|---|---|---|---|---|---|
| kaoricloud.com | icloud.com | 15 | 35 | +20 | +Dangerous Registrar (25pts) +Very Recent Domain (10pts) | Mar 16, 2026 |
| epicgames-security.com | epicgames.com | 20 | 40 | +20 | +MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) | Mar 17, 2026 |
| capryliccloud.click | icloud.com | 10 | 30 | +20 | +Very Recent Domain (10pts) +Website Phishing (20pts) | Mar 21, 2026 |
| atoniccloud.digital | icloud.com | 0 | 20 | +20 | +Website Phishing (20pts) | Mar 22, 2026 |
| web-ebay.com | ebay.com | 10 | 30 | +20 | +Very Recent Domain (10pts) +Website Phishing (20pts) | Mar 14, 2026 |
| ups.ma | ups.com | 40 | 60 | +20 | +Website Phishing (20pts) | Mar 21, 2026 |
| shopifyecomagency.com | shopify.com | 65 | 85 | +20 | +Dangerous Registrar (25pts) +MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Phishing (20pts) | Mar 12, 2026 |
| uretericcloud.click | icloud.com | 10 | 30 | +20 | +Very Recent Domain (10pts) +Website Phishing (20pts) | Mar 13, 2026 |
| jhoolcloudio.click | icloud.com | 10 | 30 | +20 | +Very Recent Domain (10pts) +Website Phishing (20pts) | Mar 16, 2026 |
| githubshopstore.shop | github.com | 0 | 20 | +20 | +Website Phishing (20pts) | Mar 18, 2026 |
| barcllays.click BLOCKED | barclays.com | 20 | 40 | +20 | +Blacklisted (30pts) +Very Recent Domain (10pts) | Mar 12, 2026 |
| netflixcasinogiris.com | netflix.com | 35 | 55 | +20 | +Website Phishing (20pts) | Mar 11, 2026 |
| icloud-id.store BLOCKED TAKEN DOWN | icloud.com | 0 | 20 | +20 | +Blacklisted (30pts) +Very Recent Domain (10pts) | Mar 12, 2026 |
| whatsapp-vp.com | whatsapp.com | 35 | 55 | +20 | +Website Phishing (20pts) | Mar 14, 2026 |
| spotifybilling.icu | spotify.com | 0 | 20 | +20 | +Website Live (10pts) | Mar 10, 2026 |
Domain-Level Analysis
Which of your brands are most targeted and carry the highest aggregate risk?
Most Targeted Domains
| # | Legitimate Domain | Lookalikes | Avg Risk | High Risk | Threat Level | Response Rate |
|---|---|---|---|---|---|---|
| 1 | booking.com | 2271 | 31 | 239 | Medium |
|
| 2 | icloud.com | 1936 | 31 | 223 | Medium |
|
| 3 | americanexpress.com | 1103 | 33 | 2 | Medium |
|
| 4 | checkout.com | 1099 | 26 | 42 | Medium |
|
| 5 | binance.com | 943 | 23 | 31 | Low |
|
| 6 | whatsapp.com | 838 | 21 | 22 | Low |
|
| 7 | shopify.com | 791 | 22 | 36 | Low |
|
| 8 | schwab.com | 728 | 14 | 8 | Low |
|
| 9 | intuit.com | 643 | 32 | 60 | Medium |
|
| 10 | wise.com | 614 | 27 | 9 | Medium |
|
Domain Protection Status
10/10
DMARC Protected (quarantine/reject)
7/10
BIMI Configured (brand logo in inbox)
| # | Domain | Lookalikes | DMARC Policy | Protected | BIMI |
|---|---|---|---|---|---|
| 1 | booking.com | 2271 | reject | ||
| 2 | icloud.com | 1936 | quarantine | ||
| 3 | americanexpress.com | 1103 | reject | ||
| 4 | checkout.com | 1099 | reject | ||
| 5 | binance.com | 943 | quarantine | ||
| 6 | whatsapp.com | 838 | reject | ||
| 7 | shopify.com | 791 | reject | ||
| 8 | schwab.com | 728 | reject | ||
| 9 | intuit.com | 643 | reject | ||
| 10 | wise.com | 614 | reject |
Highest Average Risk Domains
| # | Legitimate Domain | Avg Risk | Max Risk | Lookalikes | Severity | Response Rate |
|---|---|---|---|---|---|---|
| 1 | payoneer.com | 38 | 90 | 172 | Medium |
|
| 2 | sumup.com | 37 | 85 | 149 | Medium |
|
| 3 | quickbooks.intuit.com | 37 | 95 | 170 | Medium |
|
| 4 | wellsfargo.com | 36 | 95 | 127 | Medium |
|
| 5 | airwallex.com | 35 | 90 | 101 | Medium |
|
| 6 | mashreq.com | 34 | 75 | 50 | Medium |
|
| 7 | morganstanley.com | 33 | 75 | 20 | Medium |
|
| 8 | americanexpress.com | 33 | 80 | 1103 | Medium |
|
| 9 | mizuhogroup.com | 32 | 70 | 14 | Medium |
|
| 10 | intuit.com | 32 | 100 | 643 | Medium |
|