D3 All features
Audit-grade Reporting

Evidence that holds up in a transaction,
a courtroom or a regulatory audit

A D3 report is not a scan output. It is a SHA-256 signed, ISO 8601 timestamped evidence document — structured for direct use in M&A transactions, NIS2 compliance audits, trademark filings and UDRP proceedings.

Why a WHOIS screenshot is not evidence

Manual lookup
—Alterable — no hash or signature
—No verification of data source
—Point-in-time, no retrieval proof
—No compliance mapping
—Manually compiled — error-prone
D3 Certified Report
SHA-256 signed — tampering detectable
Data sourced from authoritative registrars
ISO 8601 UTC timestamps per record
NIS2, ISO 27001, UDRP mapping included
Automated — no manual errors

Evidence integrity

SHA-256 evidence hash

The complete raw evidence bundle is serialised and hashed with SHA-256 at generation time. Any post-generation modification changes the hash — making tampering detectable.

ISO 8601 timestamps

Every data retrieval is timestamped in ISO 8601 UTC format. Timestamps are included in the signed hash, preventing backdating of findings.

Raw record preservation

DNS responses are stored verbatim. Independent verification against the original response is possible without relying solely on D3's parsed output.

PDF & JSON export

Export as a print-ready PDF for direct submission to auditors, regulators and legal teams — or as structured JSON for SIEM and workflow ingestion.

Report structure

§1
Executive Summary
Overall score and letter grade (A+ to F), plain-English summary of key findings, highest-priority risks and recommended actions. Written for C-level and legal readers.
§2
DNS & Email Security Audit
SPF, DKIM, DMARC, BIMI, MTA-STS, DANE/TLSA, CAA and TLS-RPT — each with pass/fail status, raw record values and remediation guidance.
§3
WHOIS / RDAP Registration Data
Registrar, registrant, registration and expiry dates, EPP status codes, nameservers and DNSSEC — sourced from authoritative RDAP servers via IANA bootstrap.
§4
Typosquatting Analysis
All plausible lookalike variants generated by 12 mutation techniques, DNS-verified and risk-scored. Owner comparison distinguishes external threats from defensive registrations.
§5
Reputation & Blocklist Checks
Domain and IPs checked against Spamhaus SBL/XBL/DBL and Google Web Risk. Listed/not-listed status with specific list identifiers.
§6
Compliance Mapping
Findings automatically mapped to NIS2 Article 21 and ISO/IEC 27001:2022 Annex A controls. Ready for your auditor.
§7
AI Executive Interpretation
AI-generated narrative that interprets technical findings through the commercial lens of the selected product — valuation, due diligence, exploration or security.
§8
Evidence Appendix & SHA-256
Raw connector output, ISO 8601 retrieval timestamps and a SHA-256 hash of the complete evidence bundle. Any post-generation alteration of the data changes the hash.

How professionals use D3 reports

M&A transaction annex

Attach to the transaction disclosure schedule or legal annex. SHA-256 hash and timestamps make the evidence verifiable and tamper-evident.

UDRP & trademark filings

Typosquatting evidence, WHOIS data and risk scores as supporting documentation in UDRP proceedings or trademark infringement filings.

Regulatory submission

NIS2 and ISO 27001 sections are structured for direct submission to regulators, auditors and certification bodies.

ISO 27001 evidence folder

Every DNS finding mapped to specific ISO 27001:2022 Annex A controls — structured evidence for A.8.16 (monitoring activities) and related controls.

Regulatory & compliance mapping

FrameworkHow D3 reports are used
ISO 27001 / 27701Evidence for A.8.16 (monitoring activities), A.8.7 (malware protection) and A.8.9 (configuration management)
NIS2 DirectiveArt. 21(2)(a) risk analysis, Art. 21(2)(h) cryptography and DNSSEC, continuous monitoring for essential and important entities
PCI DSS 4.0Requirement 12.3 — risk assessment documentation for internet-facing assets
GDPRArticle 32 — appropriate technical measures; domain security as part of organisational data security posture
DORA (EU 2022/2554)ICT risk management — network and information systems integrity for financial entities
UDRP proceedingsTimestamped, SHA-256 signed evidence of typosquatting and domain abuse for trademark dispute proceedings

Generate your first certified report

Free account. 3 trial credits. No credit card required.

Create free account About certified reports
Products
ValuationDue DiligenceSecurity AuditAvailability/defensePricing
Features
Features overviewRisk, Reputation & Brand MonitoringTechnical & Security AnalysisAudit-grade Reporting
Developers
API & MCP DocumentationAPI Reference (PDF)MCP Integration GuideOpenAPI Spec (JSON)
Company
About D3Data SourcesD3 Certified ReportContactPress informationPrivacy PolicyTerms & Conditions
© 2026 Veniatis · D3 Domain Due DiligenceSiriusstraat 4, 7622 VZ Borne · The NetherlandsAudit-ready. Evidence-based. Exportable.Built by AgenticDevelopment