Reports
Executive and technical views for domain posture, platform exposure and remediation.
Internet Infrastructure Intelligence
Datazag maps malicious infrastructure at certificate issuance — surfacing whole campaigns before the first domain attacks — and delivers scored, annotated intelligence straight into your SIEM, warehouse and controls.
Your slice of the graph
You tell us what you operate, own and protect. That scope carves the full infrastructure graph down to the domains, certificates and networks being built against your organisation — and what comes out is a watchlist, not a firehose.
The SaaS, cloud and payment platforms your business runs on — the infrastructure attackers imitate to reach your people.
Your names, product marks and domains — the strings attackers register against, character-swap and wrap in certificates.
Campaign terms, executive names, product launches — the language your attackers borrow before they send anything.
Out the other side
Every entry arrives scored and explained, so it can be triaged, blocked or escalated without a human re-deriving why it matters.
Relationship Intelligence
A certificate, DNS change or routing event is only the first clue. Datazag uses it as a pivot into related domains, IPs, certificates, providers, networks and historical observations.
That relationship context turns one signal into a wider campaign view. Intelligence then becomes evidence packaged for the way each team works: reports, alerts, APIs and cloud data shares.
See this exact pivot run on a real criminal hosting cluster: One Signal, 150 Domains →
Detection quality
A suspicious domain doesn’t become an alert because one signal fired. It has to survive four independent checks — each looking at evidence the others can’t see.
Does its DNS configuration match how the impersonated platform actually resolves — or how attackers stage it?
Where does it live? Hosting network, IP abuse history, certificate patterns — scored against 360M+ domains of prior observation.
What's actually being served? Content and behaviour, checked against the platform it claims to be.
A final adjudication pass over the full evidence before a high-confidence verdict — the same review, on every alert, at machine speed.
Every alert ships with its confidence tier and the reasons behind the score — so you set the threshold. Block high-confidence automatically; route the rest to review. And because every verdict is explainable, every disagreement is auditable: you can see exactly why we flagged it, and tell us when we're wrong.
Missed threats are the failure you never see — so we don’t hunt domain by domain. One confirmed signal pivots to the entire hosting cluster, surfacing the domains no per-domain scanner would ever individually flag. We found 150 that way from a single certificate →
Into your stack
One platform · multiple delivery methods
Reports, alerts, APIs and datasets are not separate products. They are different ways to consume Datazag's continuously updated infrastructure intelligence.
Datazag Intelligence Platform
Infrastructure Graph
Domains, DNS, certificates, hosting, ASNs, platforms, history, evidence and risk context.
Executive and technical views for domain posture, platform exposure and remediation.
Real-time intelligence for SOC workflows, partner monitoring and platform abuse teams.
Lookup, score and enrich domains, infrastructure and platform indicators inside your products.
Continuously refreshed intelligence delivered into your analytics and marketplace stack.
The internet right now
Datazag continuously observes public internet infrastructure and turns domains, certificates, DNS, routing and platform relationships into operational intelligence.
360M+
Continuously correlated against DNS, certificates and infrastructure history.
10M+
IP addresses currently linked to domains in the Datazag corpus.
4.3B
Total IP space indexed for context and infrastructure correlation.
78k
ASN ownership and routing context for infrastructure intelligence.
Coverage model
Public telemetry is normalised into Datazag's own graph so customers see explainable relationships, provider context and historical change rather than isolated indicators.
Datazag Observatory
Search, pivot, visualise and download aggregated infrastructure intelligence from Datazag's continuously updated internet graph.
The same pivot builder mapped 150 domains from a single signal: read the investigation →
Snapshot 06:00 UTC
412
New domains
last hour
83
Alert candidates
scored
17
Routing changes
snapshot
Pivot builder
Preview
Timeline
Graph
Who it’s for
White-label investigations and earlier alerts across your whole client base.
Explore→External infrastructure signal for underwriting and portfolio monitoring.
Explore→Safer sending and onboarding decisions from infrastructure intelligence.
Explore→Scored, explainable intelligence delivered into the stack you already run.
Explore→Free Domain Health Report
Datazag reviews public DNS, visible platforms, subdomains, certificates and infrastructure exposure, then sends a detailed multi-page report for technical and executive teams.
We use publicly observable infrastructure signals. No agent, questionnaire or asset inventory is required.
Generated analysis
The report is generated from live checks, platform fingerprints, subdomain review and infrastructure intelligence.
Multi-page report
example.com
Executive summary
Overall risk · key exposure · priority actions
Platform exposure
Microsoft 365 · Cloudflare · Google Workspace
DNS & subdomain health
SPF · DMARC · MTA-STS · ownership · takeover signals
Technical findings
Evidence, context and prioritised remediation
Recommended action
Review email authentication, exposed platforms and subdomain ownership before attackers exploit weak signals.