Why a screenshot is not enough

When a domain or brand name is at stake in a transaction, a trademark filing or a legal dispute, professionals have historically relied on manual lookups — screenshots of WHOIS records, informal DNS checks, printouts from registrar websites. These are not evidence. They cannot be verified, they can be altered, and they do not capture the full picture.

Without D3

—WHOIS screenshot — alterable, unverified

—Manual DNS lookup — point-in-time, no history

—No typosquatting landscape

—No compliance mapping for auditors

—No tamper-evident signature

—Days of manual research, often incomplete

With D3 Certified Report

SHA-256 signed — tampering is detectable

ISO 8601 timestamped — backdating impossible

12 mutation techniques for lookalike domains

NIS2 & ISO 27001 controls mapped automatically

Structured for annexing to legal documents

Ready in minutes, not days

What makes evidence legally useful

For evidence to be useful in a transaction, a regulatory filing or a legal proceeding, it must be verifiable (the data matches a known source), timestamped (provably collected before a specific date) and tamper-evident (any alteration is detectable). A D3 Certified Report satisfies all three: the SHA-256 hash of the complete evidence bundle is stored at generation time, and any subsequent modification of the underlying data changes the hash. The ISO 8601 UTC timestamps in the report prevent backdating of findings. The raw DNS responses are preserved verbatim, allowing independent verification.

What makes a D3 report certified

SHA-256 evidence hash

The complete raw evidence bundle is serialised and hashed with SHA-256 at generation time. Any post-generation modification of the underlying data changes the hash — making tampering detectable.

ISO 8601 timestamps

Every data retrieval is timestamped in ISO 8601 UTC format. Timestamps are included in the signed hash, preventing backdating of findings.

Raw record preservation

DNS responses are stored in raw format. Independent verification of reported values against the original response is possible without relying solely on D3's parsed output.

PDF & JSON export

Export as a paginated, print-ready PDF suitable for direct submission to auditors, regulators and legal teams — or as structured JSON for SIEM ingestion.

The D3 grading scale

Every report carries an overall score (0–100) converted to a letter grade displayed on a gold-accented shield at the top of the report. The grade reflects the weighted average of all connector scores.

A+ / A / A−

Score 82–100

Excellent. All critical controls present and correctly configured.

B+ / B / B−

Score 64–81

Good. Critical controls present with minor gaps or missing optional records.

C+ / C / C−

Score 46–63

Moderate. DMARC policy is none, or SPF/DKIM gaps detected.

D+ / D / D−

Score 28–45

Poor. DMARC absent or SPF/DKIM missing on an active mail domain.

F

Score 0–27

Failing. No email authentication. Domain trivially spoofable.

Report structure

§1

Executive Summary

Overall score and letter grade (A+ to F), plain-English summary of key findings, highest-priority risks and recommended actions. Written for C-level and legal readers.

§2

DNS & Email Security Audit

SPF, DKIM, DMARC, BIMI, MTA-STS, DANE/TLSA, CAA and TLS-RPT — each with pass/fail status, raw record values and remediation guidance.

§3

WHOIS / RDAP Registration Data

Registrar, registrant, registration and expiry dates, EPP status codes, nameservers and DNSSEC — sourced from authoritative RDAP servers via IANA bootstrap.

§4

Typosquatting Analysis

All plausible lookalike variants generated by 12 mutation techniques including IDN/Unicode homoglyphs, DNS-verified and risk-scored. Sorted by threat tier.

§5

Reputation & Blocklist Checks

Domain and IPs checked against Spamhaus SBL/XBL/DBL and Google Web Risk. Listed/not-listed status with specific list identifiers.

§6

Compliance Mapping

Findings automatically mapped to NIS2 Article 21 and ISO/IEC 27001:2022 Annex A controls. Ready for your auditor.

§7

AI Executive Interpretation

AI-generated narrative that interprets technical findings through the commercial lens of the selected product — valuation, due diligence, exploration or security.

§8

Evidence Appendix & SHA-256 Hash

Raw connector output, ISO 8601 retrieval timestamps and a SHA-256 hash of the complete evidence bundle. Any post-generation alteration of the data changes the hash.

How professionals use D3 Certified Reports

M&A transaction annex

Attach the D3 Certified Report to the transaction disclosure schedule or legal annex. The SHA-256 hash and ISO 8601 timestamps make the evidence verifiable and tamper-evident.

UDRP & trademark filings

Use typosquatting evidence, WHOIS registration data and risk scores as supporting documentation in UDRP proceedings or trademark infringement filings.

Regulatory submission

The NIS2 and ISO 27001 compliance mapping sections are structured for direct submission to regulators, auditors and certification bodies as evidence of continuous domain security monitoring.

ISO 27001 evidence folder

The security audit report maps every DNS finding to specific ISO 27001:2022 Annex A controls, providing structured evidence for A.8.16 (monitoring activities) and related controls.

Regulatory & compliance mapping

Every D3 report automatically maps findings to the controls and articles your auditor or regulator expects to see. You do not need to manually cross-reference findings against framework requirements — the mapping is done at generation time and included in the PDF.

Framework	How D3 reports are used
ISO 27001 / 27701	Evidence for A.8.16 (monitoring activities), A.8.7 (malware protection) and A.8.9 (configuration management)
NIS2 Directive	Art. 21(2)(a) risk analysis, Art. 21(2)(h) cryptography and DNSSEC, continuous monitoring for essential and important entities
PCI DSS 4.0	Requirement 12.3 — risk assessment documentation for internet-facing assets
GDPR	Article 32 — appropriate technical measures; domain security as part of organisational data security posture
DORA (EU 2022/2554)	ICT risk management — network and information systems integrity for financial entities
UDRP / Legal proceedings	Timestamped, SHA-256 signed evidence of typosquatting and domain abuse for trademark dispute proceedings

NIS2 Directive — domain security as a legal obligation

Since October 2024, NIS2 (EU Directive 2022/2555) requires essential and important entities to implement risk analysis and domain security controls under Article 21. Failure to comply carries fines of up to €10 million or 2% of annual global turnover, with personal liability for board members.

A D3 Security Audit or Due Diligence report provides structured, timestamped evidence of your domain security posture — mapped directly to the Article 21 controls your regulator will check. Running quarterly D3 reports creates an auditable trail of continuous monitoring, which is what NIS2 requires.

See Security Audit pricing Reporting features

★★★★★

Generate your first D3 Certified Report

Free account. 3 trial credits. Results in minutes.

Create free account View pricing

The domain & brand due diligencestandard for professionals