Domain Threat Intelligence Calculator

Evaluate suspicious domains with deep security signals and weighted scoring. Spot phishing patterns faster quickly. Export charts, reports, and evidence for confident reviews today.

Enter Domain Intelligence Signals

Custom Weights

Weights let you emphasize category importance. They are normalized automatically during scoring.

Example Data Table

Domain Blacklist Hits Phishing Reports Typosquat Similarity DMARC Threat Score Level
secure-banking-alerts.net 4 82 88 None 79.40 Critical
cdn-support-mail.org 1 36 52 Monitor 51.25 High
trustedvendor-example.com 0 5 12 Reject 16.80 Low

Formula Used

1) Reputation Score
Reputation = 0.25 × Blacklist Risk + 0.20 × Malware Risk + 0.25 × Phishing Risk + 0.10 × Spam Risk + 0.20 × Abuse Confidence
2) Infrastructure Score
Infrastructure = 0.25 × Age Risk + 0.20 × Certificate Risk + 0.15 × DNSSEC Risk + 0.20 × Newly Observed Risk + 0.05 × Parked Risk + 0.15 × Subdomain Risk
3) Email Authentication Score
Email = 0.35 × SPF Risk + 0.30 × DKIM Risk + 0.35 × DMARC Risk
4) Similarity Score
Similarity = 0.80 × Typosquat Similarity + 0.20 × WHOIS Privacy Risk
5) Exposure Score
Exposure = 0.35 × Port Risk + 0.25 × Registrar Risk + 0.25 × Hosting Risk + 0.15 × WHOIS Privacy Risk
6) Overall Threat Score
Overall = (Reputation × Wr + Infrastructure × Wi + Email × We + Similarity × Ws + Exposure × Wx) ÷ (Wr + Wi + We + Ws + Wx)

All category scores are capped between 0 and 100. Higher values indicate stronger suspicion, weaker control posture, or more harmful reputation evidence.

How to Use This Calculator

  1. Enter the domain name you want to review.
  2. Add evidence such as blacklist hits, phishing reports, and abuse confidence.
  3. Fill infrastructure details, including domain age, certificate status, and DNSSEC state.
  4. Set email authentication values for SPF, DKIM, and DMARC.
  5. Add similarity and exposure signals like typosquat score, open ports, and provider reputation.
  6. Adjust category weights if your team prioritizes certain intelligence sources more heavily.
  7. Press Calculate Threat Score to display the result below the header and above the form.
  8. Download the summary using CSV or PDF for analyst notes, case files, or incident reviews.

FAQs

1) What does this calculator estimate?

It estimates the threat posture of a domain using reputation, DNS, authentication, similarity, and exposure signals. The output is a weighted score from 0 to 100.

2) Does a high score prove a domain is malicious?

No. A high score indicates stronger risk signals, not absolute proof. Analysts should confirm ownership, intent, recent activity, and supporting telemetry before blocking permanently.

3) Why does domain age matter?

New domains often carry more uncertainty because they have limited reputation history. Attackers also rotate fresh domains frequently for phishing, malware delivery, or short-lived abuse.

4) Why are SPF, DKIM, and DMARC included?

Weak or missing email authentication can support spoofing and impersonation. Strong policies reduce abuse potential and improve confidence when reviewing suspicious mail-related domains.

5) Can I customize the scoring model?

Yes. The weight fields let you prioritize the categories most relevant to your environment. The calculator normalizes those weights automatically before building the final score.

6) What is typosquat similarity?

It is a 0 to 100 measure of how closely a domain resembles a known brand or legitimate hostname. Higher similarity can indicate impersonation risk.

7) Should WHOIS privacy always be treated as bad?

No. WHOIS privacy has many legitimate uses. Here it is only a supporting signal, and it should never outweigh stronger intelligence such as phishing reports or blacklist evidence.

8) When should I export CSV or PDF?

Export when you need to share findings, document a case, attach evidence to tickets, or preserve the scoring snapshot used during review.

Related Calculators

Domain Reputation Score CalculatorPhishing Domain Risk CalculatorMalicious Domain Detection CalculatorDDoS DNS Exposure CalculatorDomain Blacklist Check CalculatorDNSSEC Validation Status CalculatorLookalike Domain Risk CalculatorExpired Domain Risk CalculatorDomain Abuse Risk CalculatorDNS Tunnel Detection Calculator

Important Note: All the Calculators listed in this site are for educational purpose only and we do not guarentee the accuracy of results. Please do consult with other sources as well.