Cert BadgerDocumentation
Everything you need to know about using Cert Badger to protect your domains.
Quick Navigation
Getting Started
1. Create Your Account
Sign up for a free account to get started. You'll receive a verification email to confirm your address.
The free plan includes 1 domain with all features enabled, so you can try everything before upgrading.
2. Add Your First Domain
Navigate to Domains in the sidebar and click Add Domain. Enter your domain name (e.g., example.com).
Once added, Cert Badger automatically:
- Generates 200+ typosquat variations to monitor
- Sets up uptime monitoring (checks every minute)
- Fetches your current SSL certificate details
- Begins watching for new subdomains in CT logs
3. Configure Notifications
Go to Settings to configure which alerts you want to receive via email. You can enable or disable notifications for:
- Typosquat detections (potential phishing domains)
- New subdomain discoveries
- Uptime incidents (when your site goes down)
- SSL certificate issues
Dashboard Guide
Domain Status Overview
The dashboard shows a summary of all your monitored domains at a glance. Each domain card displays:
- Status badge - Active or Paused
- Typosquats count - Number of lookalike domains being monitored
- Subdomains count - Discovered subdomains
- Alerts count - Total alerts generated
- SSL info - Certificate issuer and expiration
- Uptime status - Current status and uptime percentage
Domain Detail Page
Click on any domain to see detailed information organized in tabs:
- Overview - SSL certificate details and monitoring stats
- Uptime - 24-hour history chart and incident details
- Alerts - All alerts with severity and status
- Subdomains - Discovered subdomains from CT logs
- Typosquats - All monitored variations with detection status
Typosquat Detection
What is Typosquatting?
Typosquatting is when attackers register domains that look similar to legitimate ones to trick users. For example, if you own example.com, an attacker might register examp1e.com or exampel.com for phishing.
Detection Techniques
Cert Badger generates lookalike domain variations using 11 different techniques:
Character Omission
example → exmple
Character Swap
example → exapmle
Character Duplication
example → examplee
Adjacent Key
example → ezample
Homoglyph
example → examp1e (1 for l)
Wrong TLD
example.com → example.co
Vowel Swap
example → exomple
Bit Flip
example → dxample
Hyphenation
example → ex-ample
Subdomain
example.com → example.com.fake.com
Singular/Plural
example → examples
How Detection Works
We monitor Certificate Transparency (CT) logs in real-time. When a new SSL certificate is issued for any domain, we check if it matches one of your typosquat variations. If it does, you receive an immediate alert.
Why CT Logs?
Certificate Transparency is a public log of all SSL certificates. Since phishing sites need HTTPS to look legitimate, attackers must get certificates - and we catch them when they do.
Subdomain Discovery
Cert Badger automatically discovers subdomains of your monitored domains by watching CT logs. Whenever a certificate is issued for any subdomain (like api.example.com or staging.example.com), we record it.
Why This Matters
- Discover shadow IT - services deployed without your knowledge
- Track your complete domain footprint
- Identify potentially forgotten or abandoned subdomains
- Spot unauthorized subdomain usage
Subdomain Statuses
Uptime Monitoring
Every monitored domain is checked every 60 seconds to ensure it's accessible. We track:
- HTTP response status codes
- Response time (latency)
- Uptime percentage
- Incident history
Understanding Uptime Stats
Uptime Percentage
The percentage of checks where your site was reachable. 99.9% uptime means about 8.7 hours of downtime per year.
Response Time
How long it takes your server to respond. Higher times may indicate performance issues.
Incidents
Periods when your site was unreachable. An incident starts when we detect downtime and ends when the site recovers.
History Chart
The 24-hour visual shows green for up periods and red for down periods at a glance.
SSL Certificate Monitoring
We monitor your SSL certificates and alert you before they expire. An expired certificate causes browser warnings that scare away visitors.
What We Track
- Issuer - Who issued the certificate (Let's Encrypt, DigiCert, etc.)
- Valid From/To - Certificate validity period
- Days Until Expiry - Countdown to expiration
- Subject - The domain(s) the certificate covers
Expiry Warnings
Alerts & Notifications
Alert Types
Typosquat Detected
A lookalike domain was found in CT logs. Someone registered a domain similar to yours and obtained an SSL certificate.
New Subdomain
A new subdomain was discovered. This could be a new service, or potentially unauthorized usage.
Site Down
Your domain failed to respond to HTTP checks. You'll also be notified when it recovers.
SSL Expiring
Your SSL certificate is expiring soon and needs to be renewed.
Alert Severity Levels
Managing Alerts
View all alerts in the Alerts section or within each domain's detail page. Alerts have statuses:
Settings
Notification Preferences
Control which alerts trigger email notifications. You can enable or disable:
- Typosquat detection alerts
- New subdomain alerts
- Uptime incident alerts
- SSL certificate alerts
Even with email notifications disabled, all alerts are still logged and visible in your dashboard.
Subscription & Billing
View your current plan, domain usage, and upgrade options in the Settings page. You can upgrade at any time to monitor more domains.
Frequently Asked Questions
What is Certificate Transparency?
Certificate Transparency (CT) is a public logging system for SSL/TLS certificates. When a Certificate Authority (like Let's Encrypt) issues a certificate, it must be logged publicly. This allows domain owners to detect unauthorized certificates - and allows us to catch typosquatters when they get certificates for lookalike domains.
How quickly will I be alerted?
Typosquat and subdomain alerts are typically sent within 10 seconds of a certificate appearing in CT logs. Uptime alerts are sent within 1-2 minutes of detecting an issue (we wait for a second failed check to avoid false alarms).
What should I do when I get a typosquat alert?
First, verify it's not a legitimate domain (like a partner or subsidiary). If it appears malicious:
- Check if the domain is hosting a phishing page
- Report it to the domain registrar for abuse
- Report it to Google Safe Browsing and other blocklists
- Alert your users/customers if there's an active threat
- Consider sending a UDRP complaint for trademark infringement
Why do I see "new" subdomains I already know about?
We only discover subdomains when new certificates are issued. If a subdomain gets a new certificate (like during renewal), we'll log it again. The "times seen" counter shows how many times we've observed it. Known subdomains can be marked as "reviewed" to filter them out.
Can I monitor domains I don't own?
Yes - there's no ownership verification required. This is useful for monitoring competitor domains, partner sites, or domains you're considering acquiring. However, you're responsible for using the service ethically and legally.
Do you offer an API?
API access is coming soon. If you need programmatic access to your monitoring data, please contact us to discuss your requirements.