Monitoring certificate transparency in real time

Catch brand-abuse domains the moment they appear.

Domain Stream watches global certificate-transparency logs, crt.sh, DNS and threat feeds — and alerts you the instant a look-alike or typosquat domain targets your brand.

No signup needed to explore the demo · Alerts delivered to Telegram in seconds.
Certificate Transparencycrt.sh DNS active probingURLhaus / OpenPhish Fuzzy & typosquat matchingTelegram alerts
Why Domain Stream

Everything you need to spot impersonation early

Six detection sources feed one matching engine, so newly-registered look-alikes surface before they are used against your customers.

Real-time firehose

Streams 50+ certificate-transparency logs live. New TLS certs are scanned within seconds of issuance.

Typosquat & fuzzy matching

Exact, partial, subdomain, and edit-distance matching with homoglyph normalization catches deceptive look-alikes.

Enrichment built in

DNS, RDAP/WHOIS, open-port probing, AbuseIPDB and VirusTotal reputation on every domain you track.

Instant Telegram alerts

Two-way Telegram notifications with inline actions — dismiss, monitor, or whitelist right from the chat.

Workflow that scales

Triage alerts through active → monitoring → whitelisted states, with per-user workspaces and CSV export.

Self-hosted & private

Runs on your own infrastructure. Your keywords and alerts never leave your server.

How it works

From certificate issued to alert in seconds

1

Add your brand keywords

List the names, products and domains you want protected. Choose exact, partial or fuzzy matching per keyword.

2

We scan the streams

Domain Stream continuously matches your keywords against the live CT firehose and periodic threat feeds.

3

You get notified

Every match becomes an alert in your dashboard and a Telegram message you can act on immediately.

Watch your brand’s domains in real time

Explore the live demo now — or log in to start monitoring your own keywords.