[pfg]

The API is essentially a paginated list of certificates. There's no "search by domain" or anything like that. Monitors are expected to continuously get the latest entries and check them according to their rules.

COMODO has a site[1] which allows you to search through a dump of various CT log servers by domain (and various other X.509 fields). It's a great tool, but it doesn't provide the guarantees you get when you scan CT logs directly - you can't be sure the information hasn't been tampered with.

I'm currently working on a side-project where I'm essentially pushing CT log data to a pubic dataset on Google BigQuery, allowing researchers and CT monitors to easily query any CT data. As with COMODO's tool, however, you lose out on the cryptographic assurances a real CT log server provides.

[1]: https://crt.sh/