NextDNS · home network security threats
12 JUNE 2026 · window -24h
At a glance
- ❌ RED — 11 security-category blocks in the last 24h
- Threshold: 0 green · 1-4 amber · 5+ red
- Source: NextDNS Analytics API · profile PA
Why this matters
The security suite (AI threat detection, threat-intel feeds, Google Safe Browsing, cryptojacking, DNS rebinding, IDN homographs, typosquatting, DGA, NRD, parking, CSAM) catches DNS queries that match known-bad indicators. A non-zero count means a device on the home network tried to resolve a domain on a security list — worth investigating which device and which domain to confirm whether the block was protective (great) or a false-positive on legitimate use.
Privacy blocks (ads/trackers/social-media filters) are not counted here — they’re high-volume by design and noise-up the signal.
Security-category breakdown
| Category | Blocks |
|---|---|
| AI-Driven Threat Detection | 11 |
Top devices in the window
| Device | Queries |
|---|---|
unidentified (__UNIDENTIFIED__) |
75,721 |
| Apple TV Upstairs | 54,154 |
| Dan’s MacBook 14” Pro | 27,434 |
| Audrey iMac M1 | 13,837 |
| iPhone 13 Pro | 9,144 |
| Lounge TV | 4,519 |
| Dan’s M2 | 42 |
What to do next
- Open the NextDNS log: https://my.nextdns.io/9bb389/logs
- Filter to the security category that fired (e.g. Threat Intel Feeds)
- For each blocked query, identify: which device, which domain, what was running at the time
- Decision: keep block (real threat caught) · allowlist (false positive) · investigate device (malware/compromised app)
Generated by dare_nextdns_audit.py --check security