Free Website Acquisition Due-Diligence Check
Buying a website or online business? Enter its domain to run an instant technical due-diligence snapshot — transfer & expiry risk, SSL, DNS resilience, and email spoofability — free, no signup. It flags the technical red flags to raise before you close.
The technical due-diligence checklist
The tool above checks each of these live. Take the list into any deeper review — the financial and legal due diligence sit alongside it.
Domain registration & expiry
A domain that lapses shortly after you buy can be lost or re-registered by anyone. Confirm the renewal date and that the domain transfers to your account at close.
Registrar transfer lock
An unlocked domain can be moved without a lock in the way; a registry danger state (hold, redemption, pending-delete) means it's already at risk. Agree the exact transfer mechanics before funds move.
TLS certificate health
An expired or weak certificate is a live-site issue and a small remediation cost. Verify HTTPS is served correctly and the certificate is not about to expire.
Email authentication (SPF / DMARC)
A mail domain with no enforced DMARC can be spoofed in phishing that trades on the business's reputation — a real liability you inherit until it's tightened.
DNS resilience
A single nameserver or a domain that fails to resolve is a single point of failure for all of the site’s traffic. Price the fragility in.
Uptime & full-site health over time
A one-time check is a snapshot. Reliability history and a full-site crawl (broken links, errors on every page) only appear over time — watch them through the close and after.
What is technical due diligence when buying a website?
Technical due diligence is verifying the technical assets and risks of an online business before you buy it — who really controls the domain, whether it can be transferred cleanly to you, whether the certificate and DNS are healthy, and whether the email domain is protected against spoofing. It sits alongside the financial and legal due diligence; it does not replace them. This free tool checks the parts that are visible from the public internet in seconds.
What technical red flags should I look for before buying a website?
The blocking ones are a domain that is expired or about to expire, a domain in a registry danger state (hold / redemption / pending-delete), or a site not serving valid HTTPS. The ones to price in are an unlocked domain (agree the transfer mechanics), no enforced DMARC (spoofable email reputation), a single nameserver (a DNS single point of failure), and weak security-header posture. This tool flags each of these from the live domain.
Does this value the business or replace a full audit?
No. It reads the public technical posture of the domain and frames it as acquisition risk. It does not value the business, verify revenue or traffic, or replace financial and legal due diligence — treat it as the fast first pass on the technical side, and a checklist to take into a deeper review.
How do I keep the site safe through the acquisition and after?
The riskiest window is around the handover — a lapsed renewal, a certificate that expires mid-transfer, or a DNS change that breaks the site. Claim the free Merlonix plan ($0, no credit card) to monitor up to three domains continuously, or start a trial for a whole portfolio. Merlonix re-checks the certificate, DNS, registrar lock, email-auth and uptime on a schedule and alerts you before anything lapses — so the asset you bought stays the asset you paid for.