This category will monitor any SSL certificates registered with one of 

Before that, we will apply fuzzy match algorithms in order to generate permutation on the domain you saved in 

. The objective is to find out whether anyone registered domains that are similar to yours, preventing 

Flare applies a wide range of fuzzy match algorithms and heuristics to identify possible impersonators. We look at things like homoglyphs, insertions, deletions, omissions, repetitions, transpositions, vowels swap and bitsquatting.

, Flare will spot the following look-alike domains (and many others):

We will not detect look-alike domains that combine multiple strategies. For example, 

 since it includes permutation of both a character addition and a TLD swap.

, we will not create Lookalike Domain events for 

, even though they are both lookalikes of each other. 

 domain identifier is added after a Lookalike event has already been added to the feed of 

, we will not remove the event from the feed.

Certstream only detects newly-registered domains in real time, and we do not have historical data from this source. We also cannot backfill matches from Certstream on new domains. 

DNStwist will detect domains that are currently registered, no matter how long ago it was first registered. However, if a domain was registered in the past, then expired and is no longer registered, DNStwist will not pick it up.

The default severity score for most SSL certificates registration found is Low. However, multiple factors enter in our Risk classification algorithm, possibly pushing the Risk score either way;

Factors leading to lower scores are whether Flare suspects the domain registered to belong to you, looking among other things, at the domain and TLD in the case of a subdomain registration. Various trustworthy cloud and hosting services automatically register domains that follow a specific pattern.

Factors leading to higher severity score include the registration authority, the similarity between domains and how many domains were registered at once.

This document explains how SSL certificate monitoring tracks certificates from specified authorities, using fuzzy match algorithms to prevent typosquatting and phishing. Factors such as suspected ownership, registration authority, domain similarity, and n

Leaked Credentials

Look-alike Domains

Emerging Sources

Flare

docs.flare.io

Welcome to Flare!

What We Are Working On

2024 Releases

2025 Releases

Get Started

Unresolved Events

Event Trends

Event Explorer

Identifier Trends

Dashboard

Respond to Leaked Credentials Events

Respond to Open Web Events

Respond to Look-alike Domains Events

Respond to .ph Domain Alerts

Respond to Illicit Networks Events

Playbooks

Flare Executive and VIP Monitoring

GUIDES

Search in Existing Data

Understand Event Severity

Open Ports

Events

Email Alerts

Alert Central

Configure Identifiers

Configure Identifiers - Advanced

Identifiers - Listing Subdomains

Rate-limiting of identifier event feeds

Identifiers

Collection Overview

Telegram Channels

Named Breaches

Collection Data Categories

Collection

Scheduled Reports

Reports Migration FAQ

Reports

Global Search - Quota

Global Search

Use Cases

Credentials Browser

Identity Profile

Identity Exposure Management

Intel

Conversation Explorer

Saved Queries

Threat Flow

Network

Actor Intelligence

Forum Thread Intelligence

Supply Chain Ransomware Exposure Monitoring

Takedown Services

Actions

Flare Account and Session Takeover Prevention

IDENTIFIERS (cloned)

Tenants

Team

Roles & Permissions

Profile

Integrations Hub

SSO and Authentication

Policies

Pre-Sales Tenants

Untitled

Azure Sentinel Integration

Azure Sentinel Integration (Legacy)

Discord

Jira

Microsoft Entra ID

ServiceNow

Slack

Splunk App

Microsoft Teams

Webhooks

Integrations

Illicit Networks

Source Code Secret Detection

Open Web

DATA SOURCES

Product Specifications

Fraudster Jargon

Data Fields

Queries

Event Date Fields

Asset Relations

REFERENCES

RESEARCH CENTER