If you’re online, you’re already exposed.
We show you where—and what to do next.
Your domain, email, and users are already being tested. Quietly.
Three tools to close these gaps.
Three tools. One goal: fewer surprises.
Try it. If it’s wrong, you don’t pay.
Most first scans find something worth fixing.
Built from real-world phishing campaigns and incident response experience — not theory.
Three products. One attack lifecycle.
Attackers follow a process. Exposure first, then targeting, then exploitation. Each tool covers one stage.
Surface Sentinel
What attackers can already see
DNS, email config, open ports, certs — all publicly visible before any attack begins.
Scan My Domain →Ephemeral Sentinel
What they’re sending you right now
Phishing reports from your users — analyzed automatically, every reporter answered.
Try Ephemeral Sentinel →Trace Sentinel
Check it before you act
Got something suspicious? Paste it. Verdict in seconds. Free to try — no account needed.
Check Something Suspicious →Most teams start with Surface. That’s where attackers start.
What’s happening right now?
Got a suspicious message, link, or file?
Paste it, enter the URL, or upload a screenshot. Get a plain-language verdict in seconds.
Check with Trace Sentinel →Want to know what your domain exposes?
DNS records, open ports, email spoofing risk, TLS status. Structured report with a next step for each finding.
Scan with Surface Sentinel →Managing phishing reports from your team?
Every submission analyzed automatically. Every reporter gets a plain-English answer. No triage queue.
Try Ephemeral Sentinel →Most security issues aren’t advanced. They’re overlooked.
- Misconfigured DNS is indexed within hours. Domains without DMARC are being spoofed today.
- Phishing is targeted—attackers research your domain before they send anything.
- Most attacks are opportunistic. They go where exposure already exists.
Attackers automate finding these. Most businesses don’t.
What happens when these are missed
- Attackers send email as your domain
- Customers see browser warnings and leave
- Credentials are harvested from exposed services
- Internal reports go unanswered and disappear
One tool for each stage of an attack.
Built on the same principle — check what matters, explain what it means, tell you what to do next.
What are you trying to figure out?
Not sure where to start?
- Got a suspicious message → Try Trace Sentinel
- Own a domain → Run Surface Sentinel
- Have users reporting phishing → Use Ephemeral Sentinel
Trace Sentinel
Is this message a scam?
For anyone who receives a suspicious message, link, or file and needs to know if it’s real.
- Text, URL, image, and file analysis
- SAFE / SUSPICIOUS / LIKELY SCAM verdict with plain-language reasons
- Recommended actions — what to do next
- Deterministic, rules-based — no AI guesswork
Know whether to click, call back, or delete — in seconds.
Check Something Suspicious →Surface Sentinel
What attackers see about your domain
For IT managers, MSPs, and any team responsible for their organisation’s domain.
- DNS records, open ports, and exposed subdomains
- Misconfiguration detection — TLS, email spoofing, security headers
- Plain-English report with a suggested next step for each finding
- No setup. Results typically in under a minute.
You’ll see exactly what an attacker sees — without needing to be one.
Scan My Domain →Ephemeral Sentinel
What happens after your users click
For IT teams, help desks, and MSPs handling a steady stream of user-reported suspicious emails.
- Automatically analyzes submitted emails — no analyst required for routine triage
- Phishing signal detection — spoofed senders, malicious links, social engineering
- Header analysis — authentication results and routing anomalies
- Sends a plain-English explanation back to the reporter automatically
Submissions are analyzed automatically. Reporters receive a plain-English answer. No manual triage step.
Try Ephemeral Sentinel →Three tools. Different moments.
- Trace Sentinel → Something suspicious just landed
- Surface Sentinel → What your domain exposes
- Ephemeral Sentinel → What’s already hitting your users
DNS changes. Certificates expire. Services get exposed. Your external footprint changes whether you check it or not.
Domain misconfiguration and active phishing are connected.
If Surface Sentinel flagged missing DMARC or soft-fail SPF, attackers can already send email that appears to come from your domain. Your users are reporting those emails right now.
Ephemeral Sentinel closes that loop: submissions analyzed, reporters answered — automatically.
See Ephemeral Sentinel →Three tools. Clear pricing.
No contracts. No onboarding calls. Pay for what you use.
Three tools that replace uncertainty across the attack lifecycle.
One-time scans, continuous monitoring, and on-demand analysis—priced differently based on how you use them.
Surface Sentinel
Know what your domain is exposing before an attacker does.
from $29
Scan My Domain →Ephemeral Sentinel
Automatic triage and plain-English answers for every suspicious email reported.
from $29/mo
Try Ephemeral Sentinel →Trace Sentinel
Instant verdict on any suspicious message, link, or file. Pay per check.
free to try
Check Something Suspicious →Surface Sentinel example reports — three risk levels, one consistent format.
A consistent structured report. What changes is what it finds.
A well-configured domain with a few minor gaps. Nothing urgent.
- DMARC set to quarantine rather than reject
- Permissions-Policy header not configured
- All ports closed, no unexpected exposure
Fixable weaknesses that widen attack surface if left unaddressed.
- DMARC missing, domain spoofing risk
- 4 security headers not configured
- SPF soft-fail allows spoofed mail through
Urgent findings that need attention before they become incidents.
- TLS certificate expires in 14 days
- SMTP relay open to the internet
- HTTP serving content, no HTTPS redirect
Security that doesn’t depend on you remembering to check.
A one-time scan shows you today’s risk. Scheduled monitoring catches what changes after you deploy, update a record, or add a new service.
- Scheduled rescans — your exposure profile after a deployment, a DNS change, or a new service addition
- Change detection — catch a new open port, an altered record, or a subdomain you didn’t add
- Trend tracking — know whether each cycle leaves your posture better or worse than the last
Problems don't wait for quarterly reviews.
When scan findings need more than a report.
Tools surface the problem. Understanding what it means for your environment — and what to fix first — is a different problem. Straight answers. No drawn-out process. No unnecessary overhead.
- Remediation guidance specific to your environment
- Practical prioritization — fix what matters first
- Honest answers, not upsell pressure
35+ years in security engineering across real production environments. These tools automate what I've done by hand for decades.
Typically a 60–90 minute working session, remote. Starting from $250. No SOW, no sales process — just your findings and what to do about them.
Built by experience, not hype
ArcForgeLabs grew out of 35+ years of seeing the same problems in production environments — misconfigurations with real consequences, phishing that reached real people. Preventable. Almost never caught until something went wrong.
These tools automate the diagnostic work I’ve done by hand for decades. Designed for IT managers, MSPs, and small teams that need honest answers — without the overhead of enterprise tooling or a consulting engagement.
Who this is for
- Small IT teams managing security without dedicated staff
- MSPs scanning client domains and triaging client phishing
- Anyone who gets a suspicious message and needs a fast, honest answer
- Businesses that want practical tools — not enterprise overhead
Start with Surface. That’s where attackers start.
Your exposure exists whether you’ve seen it or not. Free scan. No account required.