We find and report malicious domains.
Independent investigation, evidence, and escalation — until the threat is taken down.
What we do
How we work
A repeatable pipeline built for evidence and speed. Every case follows the same four stages.
Intake
A domain comes in via report or from our own monitoring. We log it, hash the evidence, and open a case.
Investigate
OSINT, passive DNS, WHOIS history, and infrastructure mapping. We connect the domain to its operators and hosting.
Verify
No takedown moves without proof. We confirm the abuse, document it, and build a defensible evidence package.
Escalate
We route the case to the right registrar, registry, host, or regulator — and push until the threat is gone.
Our principles
Evidence first
Every claim is backed by documented, reproducible proof — never assumptions.
Independent
No platform allegiances. We work for the integrity of the open web.
Fast escalation
Time matters. Verified threats reach the right authority without delay.
Confidential
Reporters and sources are protected. Details stay inside the case.
Get in touch
Found something malicious, or need a domain investigated? Reach the right desk directly — we read every message.