Feature
Evidence Packs
Every alert includes complete, timestamped evidence — ready for registrar takedown requests, compliance audits, and legal review.
Full-page screenshot
Visual capture of the suspected page at the time of detection, timestamped and stored securely.
WHOIS / RDAP data
Registrar, creation date, nameservers, and registrant information where available.
DNS records
A, AAAA, MX, TXT, and NS records for the suspect domain.
HTTP headers & redirects
Full response headers, redirect chain, and final destination URL.
Certificate chain
SSL/TLS certificate details including issuer, validity, and Subject Alternative Names.
AI verdict & reasoning
Explainable risk assessment with specific indicators that triggered the alert.
Why evidence matters
For registrar takedowns
Registrars and hosting providers require specific evidence to act on abuse reports. A screenshot alone is not enough — they need WHOIS proof that the domain is not yours, evidence of malicious content, and clear documentation of the threat.
For compliance audits
NIS2, ISO 27001, and cyber-insurance questionnaires increasingly require documented incident response. Evidence packs provide a timestamped audit trail showing you detected and responded to brand threats.
For legal review
If a threat escalates to legal action, you need contemporaneous evidence. Our evidence packs capture the threat at the moment of detection — before attackers can modify or remove content.
Get the evidence on threats targeting you
Run a free brand check, then verify your domain to access full evidence packs for any threats we detect.