Strategic Risk Intelligence

Strategic Overview

High-level posture indicators with period-over-period trends

24518

Total Threats

-29.4% vs prior 30d

22358

Active Threats

-34.2% vs prior 30d

8.8%

Neutralized

+2.6pp vs prior 30d

344

Critical Risk

+182.2% vs prior 30d

3079

Emerging (7d)

+1629.8% vs prior 30d

Executive Summary

Threat activity has decreased, with total detected threats declining 29.4% compared to the prior 30-day period. Of 24518 total threats, 344 classified as critical risk and 53.0% are email-capable (impersonation ready). Response posture is a gap requiring attention at 8.8% neutralization, up 2.6pp from the prior period — most identified threats remain unaddressed.

Last updated Mar 26, 2026 04:02

Detection Trends (30 Days)

Threat Composition & Exposure

How mature are detected threats and what systemic exposure do they represent?

Risk Score Distribution

Active High-Risk Domain Age

48.1% of active high-risk threats are less than 30 days old — a leading indicator of active campaigns.

Threat Lifecycle Funnel

Progression from dormant registration to active threat. Domains can appear in multiple stages.

Dormant

30%

7457

Infrastructure Ready

19%

4582

Active (Live)

40%

9711

Weaponized

22%

5467

Confirmed Phishing

630

Neutralized

2160

Infrastructure Intelligence

Which registrars, nameservers, and TLDs are concentrated in your threat landscape?

Top Registrars

Registrar	Count	Avg Risk	Response Rate
GoDaddy.com, LLC	3241	24	1%
NAMECHEAP INC	890	56	2%
NameSilo, LLC	759	42	19%
Dynadot Inc	606	20	1%
Dynadot LLC	597	8	31%
HOSTINGER operations, UAB	569	50	6%
Spaceship, Inc.	508	20	6%
Cloudflare, Inc.	463	39	1%
TurnCommerce, Inc. DBA NameBright.com	416	7	0%
TUCOWS.COM, CO.	413	47	1%

Top Nameservers

Nameserver	Count	Avg Risk
p1.atakdomain.com., p2.atakdomain.com.	27	19
ns1.reg.ru., ns2.reg.ru.	27	11
ns1.ename.net., ns2.ename.net.	27	6
anastasia.ns.cloudflare.com., bob.ns.cloudflare.com.	26	0
ns1.kenpains.com., ns2.kenpains.com.	26	28
cortney.ns.cloudflare.com., gabriel.ns.cloudflare.com.	26	2
sk.s7.ans1.ns147.klczy.com., sk.s7.ans2.ns147.klczy.com.	25	32
dns14.ovh.net., ns14.ovh.net.	25	49
a8.share-dns.com., b8.share-dns.net.	25	15
dns1.regway.com., dns2.regway.com., dns3.regway.com.	25	25

Active Threats & Response

Response effectiveness, emerging threats, and recent risk changes

Response Effectiveness

908

Taken Down

1350

Blacklisted

2160

Total Neutralized

Takedown Rate 3.7%

Blacklist Rate 5.5%

Neutralization Rate 8.8%

Discovery Method Breakdown

Emerging Threats (Last 7 Days, Risk 50+)

Lookalike Domain	Target Domain	Risk Score	Registrar	Website	Detected
doordash.work BLOCKED	doordash.com	100	Squarespace Domains II LLC	Parked	2 days ago
nexusaicloud.site	icloud.com	100	NAMECHEAP INC	Phishing	4 days ago
m-coinbase.com BLOCKED	coinbase.com	100	Squarespace Domains II LLC	Parked	38 minutes ago
klarnaco.com BLOCKED	klarna.com	100	Squarespace Domains II LLC	Parked	6 days ago
activate-coinbase.com BLOCKED	coinbase.com	100	HOSTINGER operations, UAB	Parked	5 days ago
binance-live.com BLOCKED	binance.com	100	Squarespace Domains II LLC	Parked	1 hour, 33 minutes ago
lnstagram.fun BLOCKED	instagram.com	100	HOSTINGER operations, UAB	Parked	6 days ago
intuitsupport.org	intuit.com	95	NameSilo, LLC	Parked	3 minutes ago
yourshopifyaudit.com	shopify.com	95	NAMECHEAP INC	Phishing	3 days ago
20icloud.com BLOCKED	icloud.com	95	Tucows Domains Inc.	Offline	7 minutes ago
coinbase-wallet.online BLOCKED	coinbase.com	95	NameSilo, LLC	Parked	6 days ago
binarce.com BLOCKED	binance.com	95	NAMECHEAP INC	Offline	6 days, 1 hour ago
quickbooksfraud.biz	quickbooks.intuit.com	95	NameSilo, LLC	Parked	23 hours, 32 minutes ago
atlasexpedia.com BLOCKED	expedia.com	95	NAMECHEAP INC	Live	47 minutes ago
1673383-coinbase.com BLOCKED	coinbase.com	90	NameSilo, LLC	Parked	1 day ago

Recent Risk Increases

Not all domains are rescanned. Only domains that pass all skip conditions are rescanned for risk scoring. If any of the following conditions is met, the domain is skipped:

Domain created more than X days ago: 10 days
Domain discovered more than X days ago: 10 days
Risk score unchanged for X days: 10 days

Lookalike Domain	Target Domain	Previous	Current	Change	What Changed	Date
best-neteller-casinos.net	neteller.com	10	50	+40	+MX Records (15pts) +SPF Records (15pts) +Website Live (10pts)	Mar 08, 2026
doordashanalytics.com	doordash.com	10	50	+40	+Dangerous Email Provider (10pts) +MX Records (15pts) +SPF Records (15pts)	Mar 08, 2026
bookingbuddy-hotels.com	booking.com	20	60	+40	+Dangerous Email Provider (10pts) +MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Live (10pts)	Mar 06, 2026
netflixextras.com	netflix.com	30	70	+40	+Dangerous Email Provider (10pts) +MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Phishing (20pts)	Mar 12, 2026
salesgenaicloud.info	icloud.com	0	40	+40	+Dangerous Email Provider (10pts) +MX Records (15pts) +SPF Records (15pts)	Mar 04, 2026
icloud-service-alert.com	icloud.com	35	75	+40	+Dangerous Registrar (25pts) +MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Live (10pts)	Mar 04, 2026
mashreq.sa	mashreq.com	0	40	+40	-	Mar 02, 2026
intuitarot.com	intuit.com	0	40	+40	+MX Records (15pts) +SPF Records (15pts)	Mar 08, 2026
useonyxcheckout.info	checkout.com	0	40	+40	+Dangerous Email Provider (10pts) +MX Records (15pts) +SPF Records (15pts)	Mar 04, 2026
renders-alipay.com	alipay.com	35	75	+40	-	Mar 05, 2026
galeriecarrefour.com	carrefour.com	15	55	+40	+Dangerous Email Provider (10pts) +MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Parked (5pts)	Mar 10, 2026
atlassian-analytics.com	atlassian.com	10	50	+40	-	Feb 28, 2026
scraperforshopify.com	shopify.com	15	50	+35	+MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Live (10pts)	Mar 25, 2026
tikcetmastarbooking.com	booking.com	15	50	+35	+MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Live (10pts)	Mar 24, 2026
crissbooking.com	booking.com	40	75	+35	+Dangerous Registrar (25pts) +MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Live (10pts)	Mar 23, 2026

Domain-Level Analysis

Which of your brands are most targeted and carry the highest aggregate risk?

Most Targeted Domains

#	Legitimate Domain	Lookalikes	Avg Risk	High Risk	Threat Level	Response Rate
1	booking.com	1770	30	185	Medium	6%
2	icloud.com	1527	31	168	Medium	15%
3	checkout.com	898	25	34	Low	7%
4	binance.com	834	23	25	Low	15%
5	schwab.com	693	13	3	Low	33%
6	shopify.com	619	21	22	Low	2%
7	whatsapp.com	591	21	17	Low	16%
8	intuit.com	540	31	54	Medium	4%
9	kraken.com	492	26	20	Medium	8%
10	wise.com	484	27	6	Medium	2%

Domain Protection Status

10/10

DMARC Protected (quarantine/reject)

7/10

BIMI Configured (brand logo in inbox)

#	Domain	Lookalikes	DMARC Policy
1	booking.com	1770	reject
2	icloud.com	1527	quarantine
3	checkout.com	898	reject
4	binance.com	834	quarantine
5	schwab.com	693	reject
6	shopify.com	619	reject
7	whatsapp.com	591	reject
8	intuit.com	540	reject
9	kraken.com	492	reject
10	wise.com	484	reject

Highest Average Risk Domains

#	Legitimate Domain	Avg Risk	Max Risk	Lookalikes	Severity	Response Rate
61	aeonbank.co.jp	26	45	8	Medium	0%
62	aliexpress.com	26	85	287	Medium	5%
63	ups.com	26	95	234	Medium	3%
64	skrill.com	26	75	90	Medium	4%
65	asana.com	25	65	236	Low	2%
66	td.com	25	95	292	Low	2%
67	github.com	25	90	344	Low	8%
68	checkout.com	25	100	898	Low	7%
69	zoom.us	25	70	203	Low	2%
70	airbnb.com	25	90	369	Low	6%