DomainRisk.io runs 50+ security checks across WHOIS, DNS, SSL/TLS, email authentication and subdomains — then correlates findings into named attack scenarios and a 90-day volatility signal. One explainable score. Every deduction linked to a concrete fix.
Updated now · model 2026.02
2 attack scenarios active — DNS Hijack Signal · Brand Impersonation Risk
Critical
TLS certificate expires in 11 days — renew immediately
High
DMARC policy: none — domain can be spoofed in phishing attacks
High
Nameserver change detected — verify this was authorized
Medium
SPF record uses +all — overly permissive, tighten policy
Healthy
WHOIS registrar lock active — transfer protection enabled
Five intelligence sources · every scan · every plan
WHOIS
Registrar · expiry · flags
DNS
All records · CAA · DNSSEC
SSL / TLS
Cert · expiry · HTTP headers
Email Auth
SPF · DMARC · DKIM · MTA-STS
Subdomains
Discovery · takeover · exposure
Domain risk monitoring is only useful if it tells you exactly what changed, why it matters, and what to do next. DomainRisk.io is built around that principle at every layer — from raw check to correlated attack scenario.
A weighted 0–100 Global Security Score across three axes: Exploitable Risk (50%), Hardening Gaps (30%) and Governance (20%). Any Critical finding caps the score at 30 — severe risk is never masked. Every deduction linked to a named factor and concrete fix.
A deterministic correlation engine maps combinations of findings to 8 named attack scenarios — Email Spoofing Risk, DNS Hijack Signal, Brand Impersonation, Admin Takeover and more. No AI, no guesswork. Each carries an attack vector, impact, likelihood and evidence.
A 90-day domain stability index built from weighted change signals — registrar changes (×3), nameserver flips (×2), SSL invalidation (×2) and DNS shifts (×1). Ideal for vendor due diligence, acquisition screening and portfolio triage.
Every scan is compared to the previous snapshot. DNS record changes, ASN routing shifts, score drifts ≥10 points and new critical findings are logged to an auditable timeline with full evidence.
Instant notifications for raw findings and attack scenario events (new, escalation, resolution, regression). Enriched JSON payloads carry model version, top factors and recommended actions — ready for SIEM, Jira or PagerDuty.
PDF reports spanning 13 sections — executive summary, attack scenarios, scored findings, DNS and WHOIS evidence, HTTP security header audit, subdomain inventory, change timeline, recommended actions and compliance checklist. CSV exports also available.
No agents to install, no API keys to configure. Add a domain, trigger a scan and get an explainable security report — immediately.
Enter any registered domain. Set your preferred scan frequency (daily or weekly), configure your alert threshold and notification channel. No TLD or registrar restrictions.
WHOIS, DNS, SSL, email-auth and subdomain signals are collected in parallel. The score engine computes the 3-axis Global Security Score and foundational sub-scores. The scan runs asynchronously — your dashboard stays responsive throughout.
A weighted security score is produced with explainable factors and specific remediation actions. The deterministic scenario engine correlates findings into named attack scenarios. Changes are logged, alerts fire, and a full PDF report is ready to download.
Whether you run a SOC, manage client portfolios as an MSSP, oversee IT and compliance, or screen vendors — DomainRisk.io adapts to your workflow.
Triage alerts ranked by severity and score drift. Investigate with timeline snapshot diffs and attack scenario evidence. Feed confirmed findings into incident tickets via webhook.
SOC workflowMonitor independent client portfolios. Deliver attack scenario narratives in 13-section PDF reports. Use Volatility Score to prioritise which clients need immediate attention each cycle.
MSSP workflowPrevent expiry outages with multi-stage alerts. Audit HTTP security headers, MTA-STS and DNSSEC alongside DNS. Deliver executive-ready reports with compliance checklist — no IT involvement per cycle.
Compliance workflowCombine the Global Security Score with the Volatility Score to assess both current posture and 90-day historical stability — before onboarding a vendor or closing an acquisition.
Due diligence workflowFree account, no credit card, no time limit. Add a domain, run a full 50+ check scan, get named attack scenarios and export an audit-ready PDF report — immediately.