Someone's impersonating your domain. Now what?

Run the suspect domain through the free authenticity check on our homepage — no account needed. If what you have is a message rather than a domain, paste the whole thing into Check a message and we'll pull out the links and check the domains behind them.

You get a clear verdict — from likely legitimate through to likely malicious — backed by evidence you can read and forward: how long the domain has existed, where it's hosted, whether it appears in phishing and abuse feeds, and whether it imitates your brand. That's the difference between “this looks dodgy” and a report someone will act on.

From a signed-in investigation view, the response tools prepare what the first hour actually needs:

• An abuse-report evidence bundle — the findings packaged in copyable form, ready to attach.
• Who to contact — registrar and hosting lookup notes, because the right inbox is half the battle.
• A takedown-request draft — a starting letter you edit, not a blank page.
• An incident note — a short summary fit for clients, colleagues, or your insurer.

No one can promise a takedown — removal decisions sit with registrars, hosts, and platforms, and anyone who guarantees otherwise is overselling. What you control is how fast, credible, and complete your report is. That's the part we make easy.

Impersonation is rarely a one-off. Keep the suspect domain tracked so you're alerted if its verdict worsens, and scan your own domain — every security scan includes lookalike-domain detection, so the next copycat shows up in your findings instead of a customer's inbox.