Many certificate services automatically issues domain-validated (DV) certificates to websites by checking the URL's phishing status against the Google Safe Browsing API. Once issued, the issuer does not monitor the certificates or take any action afterward. Even if Google later flags the domain as malicious, the issuer will not revoke certificates. As a result, many phishing websites are secured with SSL certificates, spoofing the legitimate clients name. By monitoring the certificate logs, you can detect if your organizations name gets spoofed on SSL certificates. The reason why this is possible is that the issuer submits all of the certificates into a certificate transparency log. This is a mechanism designed to increase public transparency into the activities of CAs. The logs can be accessed by Kaduu.

We monitor all common CA's. Here are some examples:

• cPanel, Inc. Certification Authority,
• LetsEncrypt,
• Cloudflare, Inc,
• Sectigo Limited,
• GlobalSign nv-sa,
• DigiCert Inc,
• Google Trust Services LLC,
• ZeroSSL RSA Domain Secure Site CA,
• Amazon,
• Unizeto Technologies S.A,
• Go Daddy Secure Certificate Authority,
• Microsoft Azure TLS Issuing CA 02,
• TWCA Secure SSL Certification Authority,
• Sectigo RSA Domain Validation Secure Server CA

Setting up certificate monitoring is very simple. Navigate to the expert menu and click on certificates. You can enter a search term like "bank". Kaduu will show you all the results that contain the word "bank". If you want to get notified about new certificates containing the same word, you can go to alerts and setup your alert.