There are many possible use cases, but in short: if you want to know that someone is trying to register a domain trying to fool you or your users, and they're trying to look trustworthy so they give it an SSL/TLS certificate.
For example if you're running "example.com" and want to know that someone issued a certificate to "example.corn". Or if you're using services from "example.com" and want to know if there's a phishing campaign targetting them. Or if you want to get a notification feed for all certificates registered under your main domain for audit purposes.
If you have other use cases, tell us about them!
Currently the information comes from the public certificate transparency logs. We'll be integrating more sources in the future.
Which keyword has been triggered, and the details about the certificate which has been issued.
If you enable that option, we'll try to do fuzzy matching against the domains we find. For example the letter "o" and the number "0" will match. We'll also simplify unicode characters to their basic letter component and remove any decorators. We'll match characters which may look similar in narrow font like "m" and "rn". And a few other tricks...
It's a POST request with user agent "phishtrack.net" and JSON content like this:
{
"keyword": "your keyword",
"created": "2020-10-22T11:22:33.445566Z",
"cert_hash": "0a0b0c0d0e0f....",
"username": "your username",
"names": ["example.com", "foo.example.com"],
}
No, only those with certificates which get submitted to CT logs will. However we're getting close to a stage where almost every certificate authority is reporting their certificates.
Normally within a couple hours of creation of a domain certificate. Most logs will only update once an hour. There's a little bit of processing required after that.
We're not selling or sharing any data. Stripe (for payment processing) and Rollbar (for serverside reporting) are the only 3rd parties which get any information. There is no 3rd party content embedded on the site either.