NextDNS · home network security threats

3 JULY 2026 · window -24h

At a glance

Why this matters

The security suite (AI threat detection, threat-intel feeds, Google Safe Browsing, cryptojacking, DNS rebinding, IDN homographs, typosquatting, DGA, NRD, parking, CSAM) catches DNS queries that match known-bad indicators. A non-zero count means a device on the home network tried to resolve a domain on a security list — worth investigating which device and which domain to confirm whether the block was protective (great) or a false-positive on legitimate use.

Privacy blocks (ads/trackers/social-media filters) are not counted here — they’re high-volume by design and noise-up the signal.

Security-category breakdown

No security-category blocks in this window.

Top devices in the window

Device Queries
unidentified (__UNIDENTIFIED__) 34,168
iphone-13-pro-max 15,230
Dan’s M2 12,430
Audrey iMac M1 7,680
Apple TV Upstairs 5,897
Lounge TV 4,502
iPhone 13 Pro 657
Dan’s MacBook 14” Pro 532
immich 42

What to do next

  1. Open the NextDNS log: https://my.nextdns.io/9bb389/logs
  2. Filter to the security category that fired (e.g. Threat Intel Feeds)
  3. For each blocked query, identify: which device, which domain, what was running at the time
  4. Decision: keep block (real threat caught) · allowlist (false positive) · investigate device (malware/compromised app)

Generated by dare_nextdns_audit.py --check security

Source: dare_nextdns_security_2026-07-03.md · Rendered
Built with — component scripts