The artifact
Every Domain Audit Report carries 15 dossier checks across the apex plus up to 100 CT-discovered subdomains, signed with Ed25519, ISO-timestamped, with each finding mapped to SOC 2 / ISO 27001 / NIST. Delivered to your email in 10–30 minutes.
pack.json) — SHA-256 plus Ed25519 signatureDefault · one-shot
$29/ pack · ₹1,999 IN
One signed pack for one apex plus up to 100 CT-discovered subdomains. Delivered in 10–30 min by email. The artifact is valid forever — re-run only when you want fresh evidence.
Get a pack →No subscription. No account required to receive the artifact.
Optional · monthly add-on
+$19 / month/ mo
Daily re-scan. Regression alerts on TLS expiry, DMARC weakening, SPF lookup overflow. A fresh signed pack on the 1st of every month.
Add monitoringEvery finding cites the standard it references. Read the full methodology document at /methodology/v1.
Every pack is signed with our Ed25519 key. Verify offline against the public key.
curl -O https://drwho.me/sample/pack.pdf curl -O https://drwho.me/sample/manifest.json curl -O https://drwho.me/sample/manifest.sig curl -O https://drwho.me/.well-known/evidence-pack-pubkey.pem openssl pkeyutl -verify -pubin -inkey evidence-pack-pubkey.pem \ -rawin -in manifest.json -sigfile <(base64 -d manifest.sig) jq -r '.artifacts.pdf.sha256' manifest.json shasum -a 256 pack.pdf
what this is not
the Domain Audit Report is supporting technical evidence for public-facing domain controls. it is not a SOC 2 audit report and does not replace an auditor; it gives them less to chase. it is not a penetration test, not a risk register, and not a substitute for compliance tooling like Vanta, Drata, or SecureFrame — those tools manage the audit programme; the pack documents the public domain surface they reference.