Alert Configuration¶

Alerts automatically detect newly registered domains that match your criteria and provide enriched threat intelligence about each match.

Creating an Alert¶

Navigate to User Alerts and click "Create Alert".

URL Keyword¶

The primary keyword to search for in domain names.

Requirements

Minimum 3 characters
Maximum 255 characters
Real-time validation with estimated match count

Examples

paypal - Monitors for PayPal-related domains
microsoft - Monitors for Microsoft brand
yourcompany - Monitor your brand name

Validation

As you type, the system validates your keyword against the database and shows Green for valid keyword with estimated match count, Yellow for warnings, or Red for errors.

Example validation message: Will match approximately 5,000 domains

Match Type¶

Choose how strictly to match your keyword.

Full Match

Triggers when the keyword appears exactly within a domain name.

Example: Keyword paypal

Matches: paypal-login.com, secure-paypal.net, paypal123.org
Doesn't match: paypa1.com, paypai.com, payppal.com

Use for exact brand name protection, monitoring specific terms without variations, and reducing false positives.

Fuzzy Match

Detects typosquatting and character variations using Damerau-Levenshtein distance, Jaro-Winkler similarity, and Jaccard similarity.

Character substitutions detected:

a to 4, e to 3, i to 1, o to 0, s to 5, l to 1, t to 7

Example: Keyword google

Matches: g00gle.com, go0gle.net, goog1e.org, gooogle.com, gogole.com, gogle.com
Does NOT match exact google.com

Critical Limitation

Fuzzy match intentionally excludes exact matches. If you need both:

Create a Full Match alert for exact matches
Create a Fuzzy Match alert for variations

Use for typosquatting detection, homoglyph attacks, common typo patterns, and character substitution attacks.

Advanced Options¶

Additional URL Keywords

Space-separated keywords that must ALL appear somewhere in the domain name. All additional keywords must be present. Position in domain doesn't matter. Works with both Full and Fuzzy match types.

Example 1 - Reduce False Positives:

URL Keyword: bank
Additional Keywords: login secure

Matches: bank-login-secure.com, securebanking-login.net
Doesn't match: mybank.com (missing login/secure), bank-login.com (missing secure)

Example 2 - Compound Terms:

URL Keyword: pay
Additional Keywords: pal

Matches: paypal-login.com, pay-pal-secure.net
Doesn't match: payment.com (missing pal)

Use to filter out generic matches, require specific context terms, and create compound keyword alerts.

On-Page Keyword

A keyword that must be found in the actual page content (HTML).

Process:

Domain must match URL criteria (keyword + additional keywords)
System fetches the page content
Searches for on-page keyword in HTML
All conditions must be met for alert to trigger

Example:

URL Keyword: bank
On-Page Keyword: login

Matches: mybank.com with "login" on the page
Doesn't match: mybank.com without "login" on page
Doesn't match: shop.com even if it has "login" (URL doesn't match)

Use to verify page content matches domain intent, detect active phishing pages (not just parked domains), require specific context like "login", "password", "account", and filter out legitimate but coincidentally matching domains.

Note: On-page checks add processing time. Only use when necessary. Can significantly reduce false positives.

Live Preview Panel¶

As you configure your alert, the right panel shows a live preview with an example domain showing your keywords highlighted, trigger explanation, and character substitution examples for fuzzy matches.

Example preview:

This alert will trigger when:
- URL contains: "paypal"
- Match type: Fuzzy
- On-page content includes: "login"

Example variations detected:
- paypa1 (l→1)
- paypa! (l→!)
- p4ypal (a→4)

Alert List¶

After creating alerts, view them in the User Alerts list.

Alert Display¶

Each alert shows:

Keyword Badge: Clickable - filters events to this keyword
Match Type Chip: Full (blue chip) or Fuzzy (purple chip)
Additional Keywords Display: Shows space-separated list
On-Page Indicator: Icon shows if on-page check is active
Action Buttons: Events (view all events for this alert) and Delete (remove alert with confirmation)

Alert Events¶

When a domain matches your criteria, an Alert Event is created.

Navigate to Alert Events to see all triggered alerts.

Event Information¶

Each event displays:

Triggered Date: When domain was detected
Domain: Domain name (clickable for WHOIS modal)
Keyword: Which alert triggered
Match Type: Full or Fuzzy
HTTP Status: Color-coded status check
Screenshot: Thumbnail (click to expand)
Actions: Add to watchlist, view details

Expandable Details¶

Click any event to expand full details.

WHOIS Information Card

Registrar name
Registration date
Nameservers list
Abuse contact email
Abuse contact phone

Screenshot Card

Full-size screenshot (if available)
"No screenshot" if capture failed
Click to open in modal

On-Page Content Card

Shows if on-page keyword was found
Displays content snippet in monospace box
Highlights relevant context

DNS Records Card

A Records: IPv4 addresses
AAAA Records: IPv6 addresses
NS Records: Nameservers
MX Records: Mail servers with priority
TXT Records: SPF, DKIM, DMARC, verification
CNAME Records: Aliases

Click + icon to send value to advanced filters. Records are grouped by record type and expandable/collapsible.

Filtering Alert Events¶

Basic Filters (Toolbar)

Keyword Filter: Dropdown list of your keywords, lazy-loaded for performance, select to show only events from that alert.

Date Filter: Date picker for trigger date, filter to specific date range.

Advanced Filters (Collapsible Panel)

Click "Advanced Filters" to reveal:

DNS Filters:

A Record: Filter by IPv4 address
Nameserver: Filter by NS record
MX Record: Filter by mail server
TXT Record: Filter by TXT record content

Date Filters:

Registration Date From: Earliest registration date
Registration Date To: Latest registration date

WHOIS Filters:

Registrar: Filter by registrar name

Filter Actions:

Apply Filters: Execute filter query
Clear All: Reset to no filters
Badge shows active filter count

Click the + icon in DNS records to instantly populate filters.

Export Functionality¶

Export filtered results for analysis:

Click "Export" button in toolbar
Downloads as CSV/Excel
Includes all visible columns and enrichment data

Troubleshooting¶

No Events Triggering¶

Possible causes: Keyword too specific, additional keywords too restrictive, on-page keyword never found, or no matching domains registered recently.

Try checking preview for estimated matches, temporarily removing additional keywords, testing with broader keyword first, and verifying keyword validation shows matches.

Too Many False Positives¶

Possible causes: Keyword too generic, fuzzy match too broad, or missing additional keywords.

Try adding additional URL keywords, adding on-page keyword requirement, switching from Fuzzy to Full Match, or using more specific base keyword.

On-Page Check Not Working¶

Possible causes: Page requires JavaScript, page behind authentication, connection timeout, or page doesn't contain keyword.

Screenshots show visual content which may help verify. Check if domain is actually active. Try different on-page keyword or monitor via Watchlist instead.

Quota Limits¶

Screenshot Quota¶

Per Alert Check

Maximum 100 screenshots per alert run
If alert matches 150 domains, only first 100 get screenshots
Prioritizes most recently registered

Per User Per Month

1000 screenshots total per month
Check remaining in Preferences
Quota resets monthly on your sign-up anniversary

Use on-page keywords to reduce matches, be selective with Fuzzy matches, focus alerts on high-value targets, and check quota regularly.

Getting Started: Initial setup and overview
Watchlist: Continuous monitoring of specific domains
Interfaces: Notification and integration options
REST API: Programmatic alert management

Alerts - Monids Documentation