Indexing all major CT logs

Certificate Transparency,
structured.

Query CT logs by registered domain, exact hostname, SHA-256 fingerprint or keyword. Structured search across billions of certificate records.

PARALLEL
Half-year table scan
Certificates split by half-year tables, queried in parallel from newest to oldest.
STRUCTURED
Typed search
Pivot on registered domain, exact hostname, SHA-256 fingerprint or keyword. No regex over raw entries.
MONITOR
Shadow IT detection
Discover unknown subdomains, rogue certificates and phishing lookalikes across your entire domain portfolio.
Results for

About CTlogs.io

CTlogs.io indexes Certificate Transparency logs and makes them queryable with structured, typed search. Instead of scraping raw log entries, security teams can pivot on domains, subdomains, keywords and fingerprints across billions of records.

Why Certificate Transparency

Every publicly-trusted TLS certificate is recorded in append-only CT logs. That record is a goldmine for security teams: shadow IT discovery, phishing-domain detection, expiry monitoring and incident forensics all start with knowing what certificates exist for your names.

Structured, not scraped

CTlogs.io continuously ingests entries from all usable CT logs, parses each certificate, and indexes every field: subject, SANs, issuer, fingerprint, validity. You query fields, not text blobs.

Architecture

The frontend is served via Cloudflare Pages. API queries are processed by a dedicated backend that scans half-year certificate tables in parallel, from newest to oldest.

Live index size

Certificate records
Half-year tables
7+
CT log operators