Using ThreatScope Check and understanding results
ThreatScope Check helps inspect the publicly visible trust posture of a domain.
It looks at signals that can be observed from public sources and presents them in a more understandable way. This may include domain registration visibility, DNS-related information, certificate-related signals, email or web posture indicators, and other checks depending on the current version of the service.
ThreatScope Check is intended to support early investigation and interpretation. It is not a full security audit, penetration test, compliance assessment, or guarantee that a domain is safe.
What ThreatScope Check is useful for
ThreatScope Check can help you:
- inspect what is publicly visible about a domain
- identify missing, unclear, or unexpected signals
- compare a domain’s observed setup with what you expected to see
- spot possible configuration drift or incomplete setup
- gather useful information before raising a support, DNS, hosting, or security request
It is especially useful when you want a quick external view of a domain’s visible configuration.
How to read the results
ThreatScope Check results should be read as a point-in-time snapshot.
A result shows what the tool could observe when the check was run. It does not necessarily show the complete internal configuration of a domain or organisation.
When reviewing a result, pay attention to:
- Observed signals — what was found from public sources
- Missing or limited signals — what could not be found or confirmed
- Explanations — why a result may matter
- Limitations — where the result may be affected by source availability, timing, or domain configuration
A missing signal does not always mean something is wrong. It may mean the information is not publicly available, is still propagating, or is not relevant to how the domain is used.
Why results may vary
Domain information can change over time, and public sources do not always update at the same speed.
Results may vary because of:
- recent DNS, hosting, email, or certificate changes
- DNS propagation or caching
- domain renewal, transfer, or delegation changes
- public registry or RDAP limitations
- third-party source delays or temporary unavailability
- parked, redirected, unused, or non-sending domains
- unusual but valid domain configurations
- temporary lookup errors or rate limits
For recently changed domains, it is normal for results to look inconsistent for a period of time.
Common examples
A domain was recently updated
If DNS, nameserver, email, or certificate settings were recently changed, ThreatScope Check may still see old or partial information.
Try again later and compare the result.
A domain is parked or unused
Some domains are registered but not actively used for a website or email. These domains may show fewer visible signals.
That may be expected.
A domain does not send email
A domain that does not send email may have a different mail posture from a normal sending domain.
This is not automatically a problem, but the intended use of the domain matters.
Public data is limited
Some registration or ownership details may be redacted, unavailable, or sparse depending on the registry and public lookup source.
ThreatScope Check can only show what is publicly observable.
Before contacting support
Before reporting an issue, please check:
- the domain was entered correctly
- the result still looks unexpected after running the check again
- the domain was not recently changed, transferred, renewed, or reconfigured
- the result is not explained by a parked, redirected, unused, or non-sending domain
- the issue is not caused by a temporary third-party service delay
When to contact us
Please contact us if:
- the check fails to complete
- the result appears clearly wrong
- the same domain gives inconsistent results without an obvious reason
- a label or explanation is confusing
- a legitimate domain setup is not handled well
- you have found an edge case that may improve the service
When contacting us, please include the domain, what you expected, and what you saw.