Threat Intelligence

Scam sites are rarely built one at a time. Operators clone the same toolkit across hundreds of domains and rotate identities after takedowns. The Threat Intelligence registry exposes those connections.

Networks

A Network is a cluster of domains forensically linked through shared infrastructure, build artefacts and operational patterns. Each network groups the brands and domains run by a single operation.

Signals

A Signal is a genome signature: a content or code fingerprint (build hash, favicon hash, DOM structure, tracking ID) shared across cloned deployments. Any domain matching a signal was built from the same kit.

Infrastructure

The Infrastructure section lets you pivot across the hosting layer (IP addresses, ASNs, registrars, nameservers, mail servers, SSL issuers and favicon hashes) to see which domains share a host or a certificate.

Watchdog warnings

The Watchdogs hub aggregates fraud alerts from financial regulators worldwide. Each warning links to its source and feeds the scoring of every flagged domain.

How it connects to scans

Every domain in the registry links back to its full scan result page. The Trust Score's scam-farm and regulator chains are driven by these same connections: if a domain belongs to a known network or is named in a regulator warning, that raises its risk.

For the model that makes these connections possible, see The graph behind every scan.