1. Why should I use this service?

    There are many possible use cases, but in short: if you want to know that someone is trying to register a domain trying to fool you or your users, and they're trying to look trustworthy so they give it an SSL/TLS certificate.

    For example if you're running "" and want to know that someone issued a certificate to "example.corn". Or if you're using services from "" and want to know if there's a phishing campaign targetting them. Or if you want to get a notification feed for all certificates registered under your main domain for audit purposes.

    If you have other use cases, tell us about them!

  2. Where does the information come from?

    Currently the information comes from the public certificate transparency logs. We'll be integrating more sources in the future.

  3. What information do I get?

    Which keyword has been triggered, and the details about the certificate which has been issued.

  4. What does keyword normalisation mean?

    If you enable that option, we'll try to do fuzzy matching against the domains we find. For example the letter "o" and the number "0" will match. We'll also simplify unicode characters to their basic letter component and remove any decorators. We'll match characters which may look similar in narrow font like "m" and "rn". And a few other tricks...

  5. What does the webhook notification look like?

    It's a POST request with user agent "" and JSON content like this:

      "keyword": "your keyword",
      "created": "2020-10-22T11:22:33.445566Z",
      "cert_hash": "0a0b0c0d0e0f....",
      "username": "your username",
      "names": ["", ""],

  6. Are all created domains reported?

    No, only those with certificates which get submitted to CT logs will. However we're getting close to a stage where almost every certificate authority is reporting their certificates.

  7. How quickly will I get notifications?

    Normally within a couple hours of creation of a domain certificate. Most logs will only update once an hour. There's a little bit of processing required after that.

  8. What about privacy / data sharing?

    We're not selling or sharing any data. Stripe (for payment processing) and Rollbar (for serverside reporting) are the only 3rd parties which get any information. There is no 3rd party content embedded on the site either.