Frequently asked questions

We rely on our own Certificate Transparency scanning, indexing and searching service and normalize certificate data so you only see leaf certificates relevant to your rules. No need to run your own ingestion stack.

Real-time webhooks fire within minutes of CT log publication. Daily recaps summarize everything that matched in the last 24 hours so leadership can review without noise.

Yes. Every rule supports Unicode homoglyph detection and configurable edit distance. CatchPhi.sh generates risky variants and checks them alongside your literal domain or regex patterns.

Webhook payloads and emails include WHOIS snapshots, DNS answers, and AI-backed risk scores when available so you can quickly prioritize takedowns.

Webhook delivery is the primary integration path today. CSV and REST exports are on the roadmap—reach out if you need early access.

Certificate Transparency data is public by design. CatchPhi.sh only stores the certificate metadata necessary to evaluate your rules and deliver notifications. We never ingest certificate private keys or customer secrets.

Yes. Each subscription tier supports multiple rule lists and webhook destinations. Agencies often create one rule set per client and stream alerts into their existing ticketing system.

We retry failed webhook deliveries with exponential backoff for up to 24 hours and log failures in your activity feed. You can also fall back to the daily recap email to ensure nothing is missed.