Live phishing intel — CertStream + RDAP + URLScan

Brand protection that actually moves takedowns.

Trusyn detects phishing kits and typosquats targeting your brand the moment a certificate is issued, gathers court-grade evidence, and dispatches RFC-compliant abuse reports to the registrar, hosting provider, and reputation systems — automatically.

Sign in to dashboardRequest a demo

[email protected] · DKIM + SPF + DMARC aligned · Cloudflare-fronted

<60s
From CertStream issuance to first scan
5+
Parallel abuse channels per incident
RFC 5322
Mail headers · Message-ID · auto-submitted
RAA §3.18
Registrar DNS-abuse compliance baked in
Pipeline

From certificate issuance to registrar suspension — autonomously.

01
Detect

We watch CertStream and DNS feeds for newly-issued certificates whose hostnames look like your brand — typosquats, homoglyphs, brand keywords.

02
Validate

Headless Chromium opens the page from a Turkish-locale mobile profile, captures a full-page screenshot + DOM, resolves origin IP through Cloudflare, runs RDAP against the registrar.

03
Score

Visual similarity, brand-asset hits, login-form heuristics and Levenshtein distance combine into a HIGH / MEDIUM / LOW confidence band.

04
Dispatch

Templated RFC-compliant abuse mails go to hosting + registrar + Cloudflare; intel platforms (URLScan, ThreatFox, SmartScreen, Safe Browsing) get parallel submissions.

05
Track

An IMAP poller classifies replies (ACTIONED / DECLINED / BOUNCE) by token. Status surfaces in the dashboard and the public incident page.

Coverage

One detection — five+ parallel pressure points.

Hosting & DNS
  • Cloudflare Trust & Safety
  • Registrar abuse desks (RAA §3.18)
  • Hosting provider abuse contacts via IP RDAP
Reputation systems
  • Google Safe Browsing
  • Microsoft Defender SmartScreen
  • URLScan.io public verification
  • abuse.ch ThreatFox IOC feed
Evidence shipped
  • Full-page screenshot (PNG)
  • DOM snapshot at detection
  • WHOIS / RDAP record
  • Public, auth-free incident page
Compliance

Built so abuse desks don't reject the mail on first read.

ICANN RAA §3.18

Registrar abuse mails cite the 5 April 2024 DNS-abuse amendment by name.

Power of attorney gating

No abuse mail leaves the queue until a signed PoA is approved, and recipients can fetch it from the message body.

RFC 5322 hygiene

Message-ID, Precedence: bulk, Auto-Submitted, X-Trusyn-* tracking. DKIM-signed via Google Workspace.

Multi-tenant isolation

Brands, incidents, and reports never cross a tenant boundary. Public pages expose only the fields already in the abuse mail.

Ready to stop chasing phishing kits by hand?

Onboarding is one signed power-of-attorney away. Reach out and we'll wire your brand into the detection pipeline within a day.

[email protected]Sign in