Free domain lookup with WHOIS data, DNS records, email security analysis (SPF, DMARC, BIMI), TLS certificates, and IP reputation scoring. Enter any domain for a full health report.
You can paste a full URL — the protocol, path, and port will be stripped automatically. Supports any public domain.
A comprehensive server-side analysis of any public domain — DNS records, email authentication, TLS certificates, registration data, and IP blacklist status.
A, AAAA, MX, NS, TXT, SOA, CNAME, CAA records with hosting provider identification.
SPF, DMARC, BIMI, and MTA-STS validation. Detects policy gaps enabling spoofing.
TLS version, cipher, certificate validity, expiry, SANs, and CT log analysis.
Checks resolved IPs against DNS-based blacklists (RBLs) for listing detection.
The health score (0–100) is a weighted composite across four categories. Each check contributes pass, warn, or fail findings that produce the final grade.
Type or paste any domain name or URL. The tool automatically strips the protocol, path, and port to extract the domain.
Our backend resolves DNS records, connects to the domain for TLS inspection, queries blacklists, and validates email security policies.
Receive a health score (A+ to F) with detailed findings across DNS, email security, TLS, and domain reputation categories.
Need programmatic access? Use our API for automated domain lookups.
View API DocumentationA single domain lookup runs 15 checks across DNS, email security, TLS certificates, and reputation — aggregated into a scored health grade.
Registrar, registration date, expiry, last-changed timestamp, and computed domain age in days.
Resolves IPv4 and IPv6 addresses. Multiple A records indicate CDN or load-balanced infrastructure.
Mail exchange servers with priority values. Missing MX indicates the domain cannot receive email.
Authoritative nameservers controlling the DNS zone. Changes indicate DNS provider migrations.
All TXT records including SPF policy, DMARC policy, DKIM keys, and domain verification tokens.
Zone authority record, canonical name aliases, and certificate authority authorization restrictions.
Parses SPF mechanisms (ip4, include, mx, redirect) with qualifiers and DNS lookup count vs RFC 7208 limit.
Extracts DMARC tags: policy (p), subdomain policy (sp), enforcement percentage (pct), and reporting addresses.
Checks for BIMI brand logo records and MTA-STS policies enforcing TLS on incoming SMTP connections.
Live certificate details: issuer, subject, SANs, expiry, days remaining, serial number, and signature algorithm.
Queries CT logs for total certificates issued, most recent issuance, and issuing CA history.
Checks resolved IPs against Spamhaus, SpamCop, Barracuda, and more. Aggregates all findings into an A+ to F grade.
A domain lookup retrieves publicly available information about a domain name across multiple layers: registration data (WHOIS), routing data (DNS records), security data (TLS certificates, email authentication), and reputation data (blacklists, certificate transparency logs). Each layer serves a different purpose — from troubleshooting DNS issues to investigating suspicious domains during security incidents.
DNS records are the foundation of how your domain works on the internet. Different record types control different aspects of domain behavior:
A records map your domain to IPv4 addresses — the hosting server. Multiple A records indicate load balancing or CDN usage. AAAA records serve the same purpose for IPv6.
MX records determine which servers receive email for your domain. The priority field controls failover order. Missing MX records mean the domain cannot receive email — relevant for identifying spoofed sender domains.
Nameservers are the authoritative source for all DNS data. NS changes indicate domain transfers or DNS provider migrations. In investigations, NS pointing to bulletproof hosting is a risk signal.
TXT records store SPF policies, DMARC policies, DKIM keys, and domain verification tokens. CAA records restrict which certificate authorities can issue TLS certificates for the domain.
Email authentication prevents domain spoofing and phishing. This tool checks all four layers:
Specifies which servers are authorized to send email. The tool parses each mechanism and counts DNS lookups against the RFC 7208 limit of 10.
The enforcement layer on top of SPF and DKIM. Analyzes policy (none/quarantine/reject), alignment modes, and reporting addresses.
Brand Indicators for Message Identification — displays a verified logo in email clients. Requires DMARC enforcement at p=reject or a VMC certificate.
Enforces TLS encryption on incoming SMTP connections, preventing downgrade attacks where email is intercepted by stripping encryption.
TLS certificates validate domain ownership and encrypt traffic. This tool retrieves the live certificate (issuer, subject, SANs, expiry, signature algorithm) and queries Certificate Transparency logs — the public record of every certificate issued by a trusted CA. For investigators, CT logs reveal subdomains, historical hosting changes, and certificate mis-issuance that may not appear in live DNS. Learn more about SSL/TLS →
The tool resolves A records to IP addresses, then checks each IP against DNS-based blacklists (Spamhaus, SpamCop, Barracuda, SORBS, UCEPROTECT). The overall health score aggregates DNS configuration, email security posture, TLS validity, and blacklist status into a single grade — weighted by impact: Email Security 30%, TLS/Certificate 25%, Domain Reputation 25%, DNS Configuration 20%. Learn more about domain reputation →
A domain lookup retrieves publicly available information about a domain: DNS records (A, MX, NS, TXT, CAA), WHOIS registration data (registrar, creation date, expiry), TLS certificate details, and reputation status. It is used for troubleshooting DNS issues, verifying email configuration, and investigating suspicious domains.
A WHOIS lookup queries the public registration database for a domain. It returns the registrar, registration date, expiry date, last-updated timestamp, nameservers, and — where not privacy-protected — registrant contact details. Domain age is critical in threat investigations: newly registered domains are a primary indicator of phishing infrastructure.
The tool retrieves A records (IPv4), AAAA records (IPv6), MX records (mail servers with priority), NS records (nameservers), TXT records (SPF, DMARC, verification tokens), SOA records (zone authority), CNAME records (canonical name aliases), and CAA records (certificate authority authorization). All include TTL values.
Yes, completely free with no account required. Enter any domain and get the full report: WHOIS data, all DNS record types, email security analysis (SPF, DMARC, BIMI, MTA-STS), TLS certificate info, certificate transparency logs, and IP reputation scoring.
Certificate Transparency (CT) is a public logging system where every TLS certificate issued by a trusted CA is recorded. This tool queries CT logs to show total certificates issued, most recent issuance, and the issuing CA. For investigators, CT logs reveal subdomains, historical hosting changes, and certificate mis-issuance not visible in live DNS.
The tool resolves A records to IP addresses and checks each against DNS-based blacklists (Spamhaus, SpamCop, Barracuda, and more). The health score aggregates DNS configuration, email security posture, TLS validity, and blacklist results into a grade from A+ to F, weighted by impact category.
SPF (Sender Policy Framework) is a DNS TXT record listing which servers are authorized to send email for a domain. The tool parses each mechanism — ip4, ip6, include, a, mx, redirect — with qualifiers (+pass, -fail, ~softfail, ?neutral). RFC 7208 limits SPF to 10 DNS lookups; exceeding this causes delivery failures.
Yes. A domain lookup reveals registration age (new = suspicious), hosting infrastructure via A/NS records, mail routing via MX, SSL certificate details and issuer, certificate transparency history showing all subdomains, and whether resolved IPs appear on threat intelligence blacklists. This tool is built for DFIR practitioners.
Paste email headers to check for phishing, spoofing, and authentication failures. 15+ analysis modules.
Scan any domain for open ports, SSL issues, DNS misconfigurations, and attack surface exposure.
Upload suspicious files for hash analysis, multi-engine reputation checks, and threat classification.
The DFIR Platform provides domain lookup via API, scheduled monitoring, IOC enrichment, and a full investigation workflow for security teams. Free tier available.