NextDNS · home network security threats
9 JUNE 2026 · window -24h
At a glance
- ❌ RED — 17 security-category blocks in the last 24h
- Threshold: 0 green · 1-4 amber · 5+ red
- Source: NextDNS Analytics API · profile PA
Why this matters
The security suite (AI threat detection, threat-intel feeds, Google Safe Browsing, cryptojacking, DNS rebinding, IDN homographs, typosquatting, DGA, NRD, parking, CSAM) catches DNS queries that match known-bad indicators. A non-zero count means a device on the home network tried to resolve a domain on a security list — worth investigating which device and which domain to confirm whether the block was protective (great) or a false-positive on legitimate use.
Privacy blocks (ads/trackers/social-media filters) are not counted here — they’re high-volume by design and noise-up the signal.
Security-category breakdown
| Category | Blocks |
|---|---|
| AI-Driven Threat Detection | 10 |
| Typosquatting | 4 |
| Threat Intelligence Feeds | 3 |
Top devices in the window
| Device | Queries |
|---|---|
| Apple TV Upstairs | 64,544 |
unidentified (__UNIDENTIFIED__) |
59,304 |
| Dan’s MacBook 14” Pro | 35,831 |
| Audrey iMac M1 | 11,793 |
| iPhone 13 Pro | 10,810 |
| Lounge TV | 3,298 |
| Dan’s M2 | 20 |
What to do next
- Open the NextDNS log: https://my.nextdns.io/9bb389/logs
- Filter to the security category that fired (e.g. Threat Intel Feeds)
- For each blocked query, identify: which device, which domain, what was running at the time
- Decision: keep block (real threat caught) · allowlist (false positive) · investigate device (malware/compromised app)
Generated by dare_nextdns_audit.py --check security