Non-intrusive external scanning

Before you pay, check the domain.

Got an invoice or a 'new bank details' email that looks slightly off? Paste the domain, type the supplier's name, and we'll tell you in seconds whether you're looking at a typosquat, a fake-invoice page, or the real company. Free, no signup. Catches the BEC / invoice-fraud patterns that caused £49M in UK losses last year.

No password. No credit card. Just your email to receive results.

One sign-in, both apps — Free, Pro or MSP covers security and authenticity. No second subscription.

Hosted on security-certified infrastructure providers.

acmecorp.com

Security posture: critical

34

/ 100

TLS / Certificate
18/30
Security headers
9/30
DNS / Email
7/20
Internet exposure
10/20

CRITICAL FINDINGS

!

Domain can be impersonated to send phishing email — no DMARC enforcement

Critical
!

3 employee credentials found in stealer logs — active breach risk

Critical
!

Subdomain hijacking vulnerability — attacker can host content on affected domain

High
!

TLS certificate expires in 6 days — site will show browser security warnings

High
!

2 lookalike domains actively resolving — phishing infrastructure detected

High
Scan a domain free — 60 seconds →

No password · No credit card · Just your email

Multi-source

Evidence signals

< 60s

Check time

Clear

Verdicts

Global

Brand coverage

Sample Intelligence Providers

Google Web RiskHave I Been PwnedShodanurlscan.ioAbuseIPDBHudsonRock

MyDomainRisk combines signals from trusted sources including Google Web Risk, Have I Been Pwned, Shodan, urlscan.io, AbuseIPDB, and HudsonRock, alongside public DNS, certificate transparency, phishing, malware, and ransomware intelligence feeds.

Evidence Signals Checked

Malware and phishing reputationBreach exposureInternet exposureBrand-abuse indicatorsRansomware leak monitoring

One subscription, every lens. Cyber Essentials · GDPR · PCI · CCPA · DMARC · Suppliers · Invoice · Crypto · MSP. See them all ↓

How it works

Three steps to a verdict

Paste the domain you're worried about. We run the checks a careful person would — without you having to click anything.

1

Paste the suspicious domain

From an email, a text, a QR code — just the domain part (no https://). No login required for a free check.

2

We run multiple checks in parallel

We review public technical, reputation and authenticity evidence without requiring you to visit the target site.

3

Get a clear verdict

You see the outcome, the main reasons for concern, and the practical next step.

What we check

Everything your authenticity check needs

Every verdict is backed by practical evidence you can act on. Free gives the core verdict; Pro adds richer evidence and team workflows.

Included free — the verdict

Free

Lookalike patterns

Identifies domains that appear designed to imitate recognised organisations or trusted services.

Free

Brand similarity

Reviews whether the visible domain identity conflicts with common brand and service expectations.

Free

Internationalised domains

Highlights domains that use character sets or encodings commonly abused in impersonation attacks.

Free

Domain history

Uses public registration context to help distinguish established services from newly created infrastructure.

Free

DNS and reachability

Checks whether the domain resolves and whether the public technical setup is consistent with a legitimate service.

Free

TLS health

Reviews whether the domain presents a valid, current certificate for the service being checked.

Free

Threat intelligence

Cross-references public abuse and malware intelligence to identify known harmful infrastructure.

Free

Browser safety context

Includes browser-level safety context where available.

Free

Registration metadata

Surfaces useful public ownership and registrar context where available.

Free

Page review

Reviews visible page evidence for impersonation and credential-harvesting indicators.

Free

Infrastructure patterns

Looks for technical patterns often associated with disposable or automated phishing infrastructure.

Pro features
Pro

Hosting reputation

Adds hosting and network reputation context to help explain why a domain needs closer review.

Pro

Page screenshot + resource summary

Captures a safe view of the page and the resources it loads so teams can review evidence without clicking through themselves.

Pro

Intake queue + email parser

Submit one suspicious domain manually, or paste a forwarded email and review extracted candidate domains before queueing them into normal investigations.

Pro

Authenticity AI assistant

Authenticated users get an assistant scoped to verdicts, intake, email parsing, bulk investigations, monitoring, reports, plan limits and safe next steps.

Pro

Bulk investigate

Paste up to 50 suspicious domains at once on Pro, or up to 250 domains per bulk list on MSP. Sortable verdict table, CSV export, deep-link into each individual investigation. Ideal for fraud triage and supplier vetting.

Pro

Shareable verdict reports

Generate a short-lived public link to a verdict. Send to a colleague or the person who reported the suspicious email — they see the outcome and practical evidence, no sign-in needed.

Pro

Verdict-change alerts

Monitor selected domains and receive an alert when the user-facing verdict changes materially.

Pro

PDF investigation report

One-click PDF export of the investigation outcome, findings, factual metadata and remediation context. Keep a record, share with stakeholders, attach to an incident ticket.

The verdict combines multiple evidence categories and presents the practical outcome. One Pro subscription unlocks Pro on both the authenticity app and the security app.

Who uses this

Before you click that link

"Is this email really from my bank?"

Paste the domain from the sender address or the reset-password link. Verdict in under 60 seconds.

"Missed delivery" texts

The link in the SMS looks legit — royalmail-delivery.co or similar. Check it before you tap and enter any details.

Supplier / vendor emails

A supplier is asking you to update their bank details. Is their domain really theirs, or a lookalike registered last week?

Pricing

Simple, transparent pricing

Free checks are unlimited in the obvious sense — just slower-per-hour. Upgrade when you investigate regularly, need longer history, or want to share verdicts with a team.

One account, both apps — one subscription. Free, Pro or MSP, a single MyDomainRisk sign-in unlocks both apps — the security app (monitor the external risk around any domain you assess) and the authenticity app (check whether a suspicious link or supplier domain is genuine). Same non-intrusive checks underneath, different lens depending on the question you're asking. One tier, one subscription, both tools.

For checking suspicious domains you receive

Free

£0/month

No credit card required. Start checking suspicious domains immediately.

Check a domain — free, 60 seconds
  • Useful starter triage for suspicious links and supplier domains
  • Clear five-bucket verdict with plain-English evidence
  • Free email forensics — check a whole .eml/.msg email by drop, paste or forward, and keep cases
  • Core domain, TLS, DNS, threat-intelligence and lookalike checks
  • 5 tracked domains and 5 interactions per day (scans, investigations and email checks combined)
  • Short history for recent decisions

For fraud, IT and triage teams checking suspicious domains at scale

Pro

£19/month

Unlock bulk checks, team workflows, and longer verdict history.

Upgrade to Pro
  • Everything in Free, expanded to 50 tracked domains and 50 interactions/day (scans, investigations and email checks combined)
  • Bulk investigations, intake queue, email parser, browser feeder, Slack and Teams feeders
  • Email-forensics evidence-pack PDF export for abuse reports, insurers and claims
  • Shareable verdict links, PDF investigation reports and longer history
  • Richer evidence: screenshots, IP reputation, visual brand analysis where enabled, AI help
  • Security-app Pro is included: Portfolio, Alerts, PDF reports and scheduled monitoring

50 tracked domains · 50 interactions/day · 10 history per authenticity domain

Managing multiple separate customer estates?See MSP →

No lock-in. Cancel any time, or downgrade at the end of the period and keep Pro until the billing date.

For service providers

For consultancies, MSPs and agencies managing many client estates

MSP

£99/month

Everything in Pro, plus Portfolio clients, branded report bundles and evidence packs with report checks, delegated read-only portal access, a client audit trail, per-client Priorities work queues and Alerts, and progress signals for client reviews.

Upgrade to MSP
  • Everything in Pro, scaled for multi-customer operations
  • Portfolio clients with per-client schedules, Priorities, Alerts and CSV exports
  • Client-ready report bundles and evidence packs with report checks, branding, Prepared by / Prepared for and progress narratives
  • Delegated read-only client portal plus client audit trail
  • Higher capacity: 250 tracked domains and 250 interactions per day (scans, investigations and email checks combined)

Need more than 250 domains? support@mydomainrisk.com

No lock-in. Cancel any time, or downgrade to Pro / Free at period end.

Frequently asked questions

Do I need a credit card to try it?

No. The Free plan requires only your email address — no payment details at any point. You get 5 checks per day.

Can you tell me for certain whether a domain is safe?

No, and we're explicit about that. We give you a clear verdict and the practical evidence behind it. Even 'appears genuine' can't guarantee safety; new compromises and zero-day registrations happen. Use the verdict to inform judgement, not replace it.

Will checking a domain notify the site owner?

No alert, email, or notification goes to anyone. Most checks read public records — DNS, certificate transparency logs, registration data, and threat-intelligence feeds. A small number look at the site the way any visitor's browser would: a TLS handshake and a single ordinary page request. At most, the site's logs would show the equivalent of one normal page visit — nothing is probed, attacked, or changed.

What's a “character-substitution typosquat”?

A domain that substitutes letters for visually-similar digits or characters to impersonate a brand — g00gle.com (zeros for o's), paypa1.com (one for l), micr0soft.com (zero for o). If the substituted characters map back to a known brand exactly, it's almost certainly phishing.

Can I cancel my Pro or MSP subscription at any time?

Yes. You can downgrade or cancel from your account page at any time. No contracts, no minimum term — you keep your paid features until the end of the current billing period.

What happens to my check history?

Verdicts are stored against your account — the last 5 checks per domain on Free. You can export or delete your data at any time. See our Privacy Policy for full details.

Got a suspicious domain? Check it first.

Free for 5 domains. No card required. Pro unlocks bulk investigation, shareable verdict reports, and longer history.

Check a domain — free, 60 seconds