Got an invoice or a 'new bank details' email that looks slightly off? Paste the domain, type the supplier's name, and we'll tell you in seconds whether you're looking at a typosquat, a fake-invoice page, or the real company. Free, no signup. Catches the BEC / invoice-fraud patterns that caused £49M in UK losses last year.
No password. No credit card. Just your email to receive results.
One sign-in, both apps — Free, Pro or MSP covers security and authenticity. No second subscription.
Hosted on security-certified infrastructure providers.
acmecorp.com
Security posture: critical
/ 100
CRITICAL FINDINGS
Domain can be impersonated to send phishing email — no DMARC enforcement
Critical3 employee credentials found in stealer logs — active breach risk
CriticalSubdomain hijacking vulnerability — attacker can host content on affected domain
HighTLS certificate expires in 6 days — site will show browser security warnings
High2 lookalike domains actively resolving — phishing infrastructure detected
HighNo password · No credit card · Just your email
Multi-source
Evidence signals
< 60s
Check time
Clear
Verdicts
Global
Brand coverage
Sample Open Source Intel Providers
One subscription, every lens. Cyber Essentials · GDPR · PCI · CCPA · DMARC · Suppliers · Invoice · Crypto · MSP. See them all ↓
How it works
Paste the domain you're worried about. We run the checks a careful person would — without you having to click anything.
From an email, a text, a QR code — just the domain part (no https://). No login required for a free check.
We review public technical, reputation and authenticity evidence without requiring you to visit the target site.
You see the outcome, the main reasons for concern, and the practical next step.
What we check
Every verdict is backed by practical evidence you can act on. Free gives the core verdict; Pro adds deeper evidence and team workflows.
Included free — the verdict
Identifies domains that appear designed to imitate recognised organisations or trusted services.
Reviews whether the visible domain identity conflicts with common brand and service expectations.
Highlights domains that use character sets or encodings commonly abused in impersonation attacks.
Uses public registration context to help distinguish established services from newly created infrastructure.
Checks whether the domain resolves and whether the public technical setup is consistent with a legitimate service.
Reviews whether the domain presents a valid, current certificate for the service being checked.
Cross-references public abuse and malware intelligence to identify known harmful infrastructure.
Includes browser-level safety context where available.
Surfaces useful public ownership and registrar context where available.
Reviews visible page evidence for impersonation and credential-harvesting indicators.
Looks for technical patterns often associated with disposable or automated phishing infrastructure.
Adds hosting and network reputation context to help explain why a domain needs closer review.
Captures a safe view of the page and the resources it loads so teams can review evidence without clicking through themselves.
Paste up to 50 suspicious domains at once on Pro, or up to 250 domains per bulk list on MSP. Sortable verdict table, CSV export, deep-link into each individual investigation. Ideal for fraud triage and supplier vetting.
Generate a short-lived public link to a verdict. Send to a colleague or the person who reported the suspicious email — they see the outcome and practical evidence, no sign-in needed.
Monitor selected domains and receive an alert when the user-facing verdict changes materially.
One-click PDF export of the investigation outcome, findings, factual metadata and remediation context. Keep a record, share with stakeholders, attach to an incident ticket.
The verdict combines multiple evidence categories and presents the practical outcome. One Pro subscription unlocks Pro on both the authenticity app and the security app.
Who uses this
Paste the domain from the sender address or the reset-password link. Verdict in under 60 seconds.
The link in the SMS looks legit — royalmail-delivery.co or similar. Check it before you tap and enter any details.
A supplier is asking you to update their bank details. Is their domain really theirs, or a lookalike registered last week?
One subscription, many lenses
You're seeing the invoice / BEC fraud lens. The same Free, Pro or MSP account unlocks every other lens — switch any time, no second subscription.
UK compliance
Pre-assessment readiness — see exactly what the assessor will check.
EU/UK privacy
Externally verifiable technical baseline + Article mapping.
US compliance
External attack surface review with prioritised evidence.
US privacy
Privacy notice, do-not-sell, and Global Privacy Control checks.
Email security
Anti-spoofing audit — every email-authentication standard in one report.
Vendor risk
Vet a third party's external security posture before you contract.
Fraud workflow
Fake stablecoin, airdrop or wallet-connect site? Verify the domain before you sign.
Workflows
Group client domains, track remediation work, export branded bundles, and invite read-only contacts.
Pricing
Free checks are unlimited in the obvious sense — just slower-per-hour. Upgrade when you investigate regularly, need longer history, or want to share verdicts with a team.
One account, both apps — one subscription. Free, Pro or MSP, a single MyDomainRisk sign-in unlocks both apps — the security app (harden the external configuration of any domain you want to assess) and the authenticity app (check whether a suspicious link or supplier domain is genuine). Same non-intrusive checks underneath, different lens depending on the question you're asking. One tier, one subscription, both tools.
For checking suspicious domains you receive
Free
No credit card required. Start checking suspicious domains immediately.
For fraud, IT and triage teams checking suspicious domains at scale
Pro
Unlock bulk checks, team workflows, and longer verdict history.
50 authenticity domains · 50 checks per day · 10 history per domain
Managing multiple separate customer estates?See MSP →
No lock-in. Cancel any time, or downgrade at the end of the period and keep Pro until the billing date.
For consultancies, MSPs and agencies managing many client estates
MSP
Everything in Pro, plus Portfolio clients, branded report bundles with report checks, delegated read-only portal access, a client audit trail, and per-client Priorities work queues and Alerts.
Need more than 250 security or 150 authenticity domains? support@mydomainrisk.com
No lock-in. Cancel any time, or downgrade to Pro / Free at period end.
Do I need a credit card to try it?
No. The Free plan requires only your email address — no payment details at any point. You get 5 checks per day.
Can you tell me for certain whether a domain is safe?
No, and we're explicit about that. We give you a clear verdict and the practical evidence behind it. Even 'appears genuine' can't guarantee safety; new compromises and zero-day registrations happen. Use the verdict to inform judgement, not replace it.
Will checking a domain notify the site owner?
No. All checks are passive — we query public DNS, WHOIS, certificate transparency logs, and third-party threat intel feeds. Nothing is sent to the domain itself and no traffic appears in their server logs.
What's a “character-substitution typosquat”?
A domain that substitutes letters for visually-similar digits or characters to impersonate a brand — g00gle.com (zeros for o's), paypa1.com (one for l), micr0soft.com (zero for o). If the substituted characters map back to a known brand exactly, it's almost certainly phishing.
Can I cancel my Pro subscription at any time?
Yes. You can downgrade to Free or cancel immediately from your account page. No contracts, no minimum term.
What happens to my check history?
Verdicts are stored against your account — the last 5 checks per domain on Free. You can export or delete your data at any time. See our Privacy Policy for full details.
Free for 5 domains. No card required. Pro unlocks bulk investigation, shareable verdict reports, and longer history.
Check a domain — free, 60 seconds