Strategic Risk Intelligence

Strategic Overview

High-level posture indicators with period-over-period trends

22915

Total Threats

-40.4% vs prior 30d

20873

Active Threats

-45.1% vs prior 30d

8.9%

Neutralized

+2.7pp vs prior 30d

309

Critical Risk

+143.3% vs prior 30d

2215

Emerging (7d)

+1130.6% vs prior 30d

Executive Summary

Threat activity has decreased, with total detected threats declining 40.4% compared to the prior 30-day period. Of 22915 total threats, 309 classified as critical risk and 53.1% are email-capable (impersonation ready). Response posture is a gap requiring attention at 8.9% neutralization, up 2.7pp from the prior period — most identified threats remain unaddressed.

Last updated Mar 24, 2026 11:50

Detection Trends (30 Days)

Threat Composition & Exposure

How mature are detected threats and what systemic exposure do they represent?

Risk Score Distribution

Active High-Risk Domain Age

51.4% of active high-risk threats are less than 30 days old — a leading indicator of active campaigns.

Threat Lifecycle Funnel

Progression from dormant registration to active threat. Domains can appear in multiple stages.

Dormant

31%

6999

Infrastructure Ready

19%

4273

Active (Live)

40%

9080

Weaponized

22%

5084

Confirmed Phishing

542

Neutralized

2042

Infrastructure Intelligence

Which registrars, nameservers, and TLDs are concentrated in your threat landscape?

Top Registrars

Registrar	Count	Avg Risk	Response Rate
Hosting Concepts B.V. d/b/a Registrar.eu	229	23	0%
Name.com, Inc.	225	19	1%
Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn)	209	38	0%
NICENIC INTERNATIONAL GROUP CO., LIMITED	177	16	26%
Dominet (HK) Limited	175	35	0%
Sav.com, LLC	174	26	0%
Amazon Registrar, Inc.	169	16	2%
Network Solutions, LLC	157	28	1%
ENOM, INC.	152	22	0%
Unstoppable Domains	146	25	1%

Top Nameservers

Nameserver	Count	Avg Risk
elly.ns.cloudflare.com., jaime.ns.cloudflare.com.	30	31
ns1.livedns.co.uk., ns2.livedns.co.uk., ns3.livedns.co.uk.	29	15
ns01.one.com., ns02.one.com.	29	26
everton.ns.cloudflare.com., mona.ns.cloudflare.com.	29	10
koa.ns.cloudflare.com., mina.ns.cloudflare.com.	28	20
ns1.reg.ru., ns2.reg.ru.	27	12
ns1.wordpress.com., ns2.wordpress.com., ns3.wordpress.com.	27	27
ns1.hyp.net., ns2.hyp.net., ns3.hyp.net.	27	24
ns1.ename.net., ns2.ename.net.	27	6
anastasia.ns.cloudflare.com., bob.ns.cloudflare.com.	26	0

Active Threats & Response

Response effectiveness, emerging threats, and recent risk changes

Response Effectiveness

848

Taken Down

1283

Blacklisted

2042

Total Neutralized

Takedown Rate 3.7%

Blacklist Rate 5.6%

Neutralization Rate 8.9%

Discovery Method Breakdown

Emerging Threats (Last 7 Days, Risk 50+)

Lookalike Domain	Target Domain	Risk Score	Registrar	Website	Detected
instagramthem.com	instagram.com	55	GoDaddy.com, LLC	Parked	8 hours, 18 minutes ago
invoicetoquickbooks.com	quickbooks.intuit.com	55	NAMECHEAP INC	Phishing	6 days, 7 hours ago
airwallexapp.click BLOCKED	airwallex.com	55	NameSilo, LLC	Offline	3 days, 8 hours ago
binancehelp.digital	binance.com	55	-	Offline	2 days, 8 hours ago
airwallex-pro.click BLOCKED	airwallex.com	55	NameSilo, LLC	Offline	3 days, 8 hours ago
youraibookingwizard.com	booking.com	55	GoDaddy.com, LLC	Parked	4 days, 8 hours ago
auth-airwallex.click BLOCKED	airwallex.com	55	NameSilo, LLC	Offline	3 days, 8 hours ago
receipttoquickbooks.com	quickbooks.intuit.com	55	NAMECHEAP INC	Phishing	6 days, 7 hours ago
quickbookservices.com	quickbooks.intuit.com	55	HOSTINGER operations, UAB	Phishing	1 day, 8 hours ago
wellsfargo.my	wellsfargo.com	55	HOSTINGER operations, UAB	Parked	5 days, 7 hours ago
tnvroblox.com	roblox.com	55	HOSTINGER operations, UAB	Phishing	1 day, 8 hours ago
levisiteur-booking.com	booking.com	55	HOSTINGER operations, UAB	Phishing	6 days, 8 hours ago
syncdigitalcloud.tech	icloud.com	55	HOSTINGER operations, UAB	Phishing	4 days, 8 hours ago
instagram163.com	instagram.com	55	Cloudflare, Inc.	Phishing	5 days, 8 hours ago
squarespacesites.com	squarespace.com	55	GoDaddy.com, LLC	Parked	1 day, 8 hours ago

Recent Risk Increases

Not all domains are rescanned. Only domains that pass all skip conditions are rescanned for risk scoring. If any of the following conditions is met, the domain is skipped:

Domain created more than X days ago: 10 days
Domain discovered more than X days ago: 10 days
Risk score unchanged for X days: 10 days

Lookalike Domain	Target Domain	Previous	Current	Change	What Changed	Date
exploref1cloudsolutions.com	icloud.com	0	70	+70	+Dangerous Email Provider (10pts) +MX Records (15pts) +SPF Records (15pts) +Website Phishing (20pts)	Mar 08, 2026
caofficedropbox.com	dropbox.com	0	65	+65	+Dangerous Email Provider (15pts) +MX Records (15pts) +SPF Records (15pts) +Website Live (10pts)	Mar 08, 2026
icloud-devlce.com	icloud.com	15	75	+60	+MX Records (15pts) +SPF Records (15pts) +Website Live (10pts)	Mar 08, 2026
topbet-mobile.com	t-mobile.com	15	75	+60	+MX Records (15pts) +SPF Records (15pts) +Website Live (10pts)	Mar 08, 2026
instagramadsagency.info	instagram.com	0	60	+60	+Dangerous Email Provider (10pts) +MX Records (15pts) +SPF Records (15pts) +Website Phishing (20pts)	Mar 06, 2026
spartanbooking.info	booking.com	0	60	+60	+Dangerous Email Provider (10pts) +MX Records (15pts) +SPF Records (15pts) +Website Phishing (20pts)	Mar 08, 2026
barclaysdirect-uk.com	barclays.com	15	75	+60	-	Mar 05, 2026
skrillsswe.com	skrill.com	15	75	+60	+MX Records (15pts) +SPF Records (15pts) +Website Live (10pts)	Mar 08, 2026
skrillche.com	skrill.com	15	75	+60	+MX Records (15pts) +SPF Records (15pts) +Website Live (10pts)	Mar 08, 2026
fabhotel-booking.online	booking.com	15	75	+60	+MX Records (15pts) +SPF Records (15pts) +Website Live (10pts)	Mar 08, 2026
ibis-bookingsindia.online	booking.com	15	75	+60	+MX Records (15pts) +SPF Records (15pts) +Website Live (10pts)	Mar 08, 2026
bsantanderbonds.com	santander.com	10	65	+55	+Dangerous Email Provider (15pts) +MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Live (10pts)	Mar 24, 2026
distressbookings.com	booking.com	15	70	+55	+Dangerous Email Provider (25pts) +MX Records (15pts) +SPF Records (15pts) +Very Recent Domain (10pts) +Website Parked (5pts)	Mar 24, 2026
happybookingtravel.com	booking.com	0	55	+55	+Dangerous Email Provider (10pts) +MX Records (15pts) +SPF Records (15pts) +Website Parked (5pts)	Mar 08, 2026
webwhatsapp.digital BLOCKED	whatsapp.com	30	85	+55	+Blacklisted (30pts) +Dangerous Email Provider (25pts) +MX Records (15pts) +SPF Records (15pts)	Mar 04, 2026

Domain-Level Analysis

Which of your brands are most targeted and carry the highest aggregate risk?

Most Targeted Domains

#	Legitimate Domain	Lookalikes	Avg Risk	High Risk	Threat Level	Response Rate
1	booking.com	1518	30	170	Medium	6%
2	icloud.com	1394	31	161	Medium	16%
3	checkout.com	781	25	30	Low	8%
4	binance.com	739	23	20	Low	16%
5	schwab.com	693	13	3	Low	32%
6	shopify.com	609	21	21	Low	2%
7	whatsapp.com	581	21	17	Low	16%
8	intuit.com	497	31	51	Medium	4%
9	wise.com	483	27	6	Medium	1%
10	t-mobile.com	451	21	11	Low	5%

Domain Protection Status

10/10

DMARC Protected (quarantine/reject)

7/10

BIMI Configured (brand logo in inbox)

#	Domain	Lookalikes	DMARC Policy
1	booking.com	1518	reject
2	icloud.com	1394	quarantine
3	checkout.com	781	reject
4	binance.com	739	quarantine
5	schwab.com	693	reject
6	shopify.com	609	reject
7	whatsapp.com	581	reject
8	intuit.com	497	reject
9	wise.com	483	reject
10	t-mobile.com	451	reject

Highest Average Risk Domains

#	Legitimate Domain	Avg Risk	Max Risk	Lookalikes	Severity	Response Rate
1	morganstanley.com	37	75	15	Medium	0%
2	mashreq.com	36	75	42	Medium	2%
3	payoneer.com	36	90	153	Medium	5%
4	quickbooks.intuit.com	36	85	129	Medium	8%
5	americanexpress.com	35	80	226	Medium	5%
6	wellsfargo.com	35	95	107	Medium	30%
7	sumup.com	33	85	123	Medium	8%
8	airwallex.com	32	90	86	Medium	9%
9	mizuhogroup.com	32	70	14	Medium	0%
10	servicenow.com	32	85	104	Medium	4%