domain.ct-logs
Certificate Transparency recon for a domain — discover its subdomains and issued certificates from public CT logs (passive attack-surface mapping). Pass domain. Returns the deduplicated set of subdomains seen across all certs (subdomains + subdomainCount), and the certificates (issuer, validity window, SAN dns names), most recent first. Sourced from SSLMate certSpotter (primary) with a crt.sh fallback — keyless. Live CT-log data over a huge append-only dataset an LLM cannot enumerate. For external attack-surface discovery, shadow-IT/subdomain inventory, and certificate monitoring. Note: CT shows names that ever appeared in a cert, not necessarily live hosts.
price
$0.0022 USDC per call
method
GET
/api/domain/ct-logspayment
x402 v2 · USDC on Base (EIP-3009) or Solana (SPL transfer)
auth
None. Sign the payment, retry with
PAYMENT-SIGNATURE.tier
Tier 0 — no paid upstream
Parameters
| Name | Type | Description |
|---|---|---|
domainrequired | string | min 3 chars · max 253 chars |
limit | integer | min 1 · max 500 |
Code samples
cURLbash
# 1. Probe with no auth → 402 envelope with PaymentRequirements curl -sS 'https://2s.io/api/domain/ct-logs?domain=xxx&limit=1' # 2. Sign + retry with PAYMENT-SIGNATURE: curl -sS 'https://2s.io/api/domain/ct-logs?domain=xxx&limit=1' \ -H 'PAYMENT-SIGNATURE: <base64-json-payload>' # Or use the canonical runner (handles probe → sign → retry): # EVM_PRIVATE_KEY=0x... node --env-file=.env.local \ # --experimental-strip-types scripts/x402-pay.ts \ # 'https://2s.io/api/domain/ct-logs?domain=xxx&limit=1'
TypeScript / Node — @2sio/sdktypescript
import { TwoS } from '@2sio/sdk'
const client = new TwoS({
privateKey: process.env.EVM_PRIVATE_KEY as `0x${string}`,
})
const result = await client.domain.ctLogs({
"domain": "xxx",
"limit": 1
})
console.log('endpoint:', result.endpoint)
console.log('cost:', result.costUsd, 'USDC')
console.log('tx:', result.settlement?.txHash)
console.log('data:', result.data)Python — 2siopython
import os
from twosio import TwoS
client = TwoS(private_key=os.environ["EVM_PRIVATE_KEY"])
result = client.domain.ct_logs(domain="xxx", limit=1)
print("endpoint:", result.endpoint)
print("cost:", result.cost_usd, "USDC")
print("tx:", (result.settlement or {}).get("tx_hash"))
print("data:", result.data)MCP — Claude Desktop / AgentKit / any MCP hostjson
// 1. Add @2sio/mcp to your MCP host config (Claude Desktop example below).
// EVM_PRIVATE_KEY funds x402 payments per call.
// claude_desktop_config.json
{
"mcpServers": {
"2sio": {
"command": "npx",
"args": ["-y", "@2sio/mcp"],
"env": { "EVM_PRIVATE_KEY": "0x..." }
}
}
}
// 2. Once the server is running, agents call this tool via standard MCP:
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "domain.ct-logs",
"arguments": {
"domain": "xxx",
"limit": 1
}
}
}Response
| Field | Type | Description |
|---|---|---|
ok | boolean | one of: true |
items | array | |
total | integer | Total matching rows upstream; null when unknown. |
source | object |
Example response datajson
{
"ok": true,
"items": [
{
"domain": "example",
"subdomainCount": 1,
"subdomains": [
"example"
],
"certCount": 1,
"certs": [
{
"issuer": "example",
"notBefore": "example",
"notAfter": "example",
"dnsNames": [
"example"
]
}
],
"truncated": false,
"provider": "example"
}
],
"total": 1,
"source": {
"provider": "example",
"url": "example",
"license": "example"
}
}Discovery
- /api/directory — full catalog of every endpoint
- /openapi.json — OpenAPI 3.1 spec (per-op x-payment-info, x402Payment security)
- /.well-known/x402 — machine-readable service descriptor for x402-aware crawlers
- /.well-known/mcp/server-card.json — MCP SEP-1649 server card
- /llms.txt — plain-text manifest for LLM ingestion
2s.io is x402-native. Every call is paid per-request from a USDC-funded EVM wallet on Base — no signup, no API keys, no monthly fees. Source code: github.com/2s-io/sdk.