Uncover hidden subdomains with our powerful Subdomain Lookup

Use our subdomain finder to reveal subdomains, public or hidden, related to a domain. Our subdomain API uses an advanced subdomain scanner so security analysts and ethical hackers can find subdomains in seconds.

Contact Sales
Get Started
More Details
curl --location --request GET 'https://api.whoisfreaks.com/v1.0/subdomains?apiKey=API_KEY&domain=google.com&after=2010-02-28&before=2025-05-20&status=active&page=3'
[
  {
    "domain": "google.com",
    "status": true,
    "query_time": "2025-05-22T16:00:50.978835309",
    "current_page": 3,
    "total_pages": 182,
    "total_records": 18128,
    "subdomains": [
      {
        "subdomain": "liqckdx.sites.google.com",
        "first_seen": "2022-05-17",
        "last_seen": "N/A",
        "inactive_from": "N/A"
      },
      {
        "subdomain": "gkwpvg8.sites.google.com",
        "first_seen": "2023-06-09",
        "last_seen": "2025-05-01",
        "inactive_from": "N/A"
      },
      {
        "subdomain": "igc0b4i.sites.google.com",
        "first_seen": "2023-12-02",
        "last_seen": "2025-05-01",
        "inactive_from": "N/A"
      },
      {
        "subdomain": "ediscovery.google.com",
        "first_seen": "2016-09-01",
        "last_seen": "2025-05-20",
        "inactive_from": "N/A"
      },
      {
        "subdomain": "lnivsn4.sites.google.com",
        "first_seen": "2022-05-24",
        "last_seen": "N/A",
        "inactive_from": "N/A"
      },
      {
        "subdomain": "m6yg874.sites.google.com",
        "first_seen": "2023-12-06",
        "last_seen": "N/A",
        "inactive_from": "N/A"
      },
      {
        "subdomain": "12w2grv.sites.google.com",
        "first_seen": "2023-06-10",
        "last_seen": "N/A",
        "inactive_from": "N/A"
      },
      {
        "subdomain": "134s1fm.sites.google.com",
        "first_seen": "2023-06-07",
        "last_seen": "N/A",
        "inactive_from": "N/A"
      }
    ]
  }
]
pricing backgroundEclipse Top RightEclipse Top LeftEclipse WHOIS Stats

Product

Subdomains API

An advanced subdomain scanner offering precise lookup and search capabilities, enabling security analysts, ethical hackers, and researchers to discover subdomains in seconds.

Subdomains Lookup API

Use the Subdomains Lookup API to retrieve each subdomain, with it's complete details such as first seen, last seen, and status. You can also retrieve sub-subdomains.

Explore More
Documentation
monitoring

Product

Subdomains Database

Monitor subdomains to detect misconfiguration and prevent attacks.

Subdomains Database

Access a comprehensive Subdomains Database to strengthen your security posture, map external attack surfaces, and identify misconfigurations before attackers do. Stay ahead of these threats by continuously monitoring subdomains linked to your organization, partners, or targets.

Explore More
Documentation
monitoring

Features

What Our Subdomains Solution Offers

Comprehensive subdomain discovery, powered by our Subdomains API and robust database.

Request a Quote
Contact Sales
Feature icon

Subdomain Enumeration

Subdomain Lookup will fetch all public or internal subdomains of a domain, mapping assets for reconnaissance and security.

Feature icon

Discovery Timeline

Includes timestamps for when each subdomain was first and last seen, like "first_seen": "2023-06-02".

Feature icon

Total Subdomain Count

Returns the total_records field (e.g., 22), giving an instant overview of the domain’s subdomain footprint.

Feature icon

Output Format

Data is returned in a clean JSON or XML formats that are easy to integrate with any third party service.

Feature icon

Subdomains Filtration

Filter subdomains by status (active/inactive) and refine results using inactive_from and last_seen dates.

Feature icon

Subdomains Data Updates

Get subdomain updates daily, weekly, or monthly-with monthly snapshots when real-time data isn't critical.

Feature icon

Up-to-date Data

Our crawlers scans internet 24/7 to deliver accurate, complete, and up-to-date data, so you can detect changes faster.

Feature icon

Downloadable CSV File

In addition to JSON and XML responses, users can also download the data as a CSV file from our Subdomain Lookup tool.

Use Cases

Subdomains in Action

Explore real-world use cases of our Subdomains API and database to track, analyze, and secure subdomains.

Feature icon

Brand Protection

Monitor impersonated and typo-squatted subdomains abusing your brand. Catch lookalikes and act early.

Feature icon

Attack Surface Management

Inventory all exposed subdomains to eliminate blind spots. Use the data to reduce external attack paths.

Feature icon

Threat Detection & Prevention

Detect suspicious subdomains tied to phishing, malware delivery, MiTM, DDoS, or takeover attempts.

Feature icon

Security Auditing

Audit subdomains for misconfigurations, legacy endpoints, and weak DNS or hosting setups.

Feature icon

Domain Expiry & Cleanup

Identify orphaned subdomains tied to decommissioned services and vendors. Retire or redirect them to prevent abuse.

Feature icon

Competitive Intelligence

Analyze competitor subdomains to spot new test products, regional rollouts, and infrastructure changes.

Request demo background

Integrate Subdomains API to uncover every subdomain and protect your infrastructure. Detect shadow assets, reduce attack surface.

Request Demo

FAQs

Common questions on subdomain discovery integration: auth, pagination, exports, and accuracy notes.

What is a Subdomain Lookup Tool?

A Subdomain Lookup Tool helps you discover all active and inactive subdomains associated with a given domain, providing insights into your domain’s infrastructure, security risks, and misconfigurations.

What information will I receive from the Subdomain Lookup?

From the Subdomain Lookup, you will receive the following information:

  1. Domain Name: The primary domain for which the lookup was performed, e.g., whoisfreaks.com.
  2. Status: Indicates whether the domain lookup was successful. In this case, the status is true, meaning the query was successful.
  3. Subdomains: A list of all the subdomains associated with the domain. Each subdomain includes:
    • Subdomain Name: The name of the subdomain, e.g., demo.whoisfreaks.com.
    • First Seen: The date when the subdomain was first detected, e.g., 2023-06-02.
    • Last Seen: The date when the subdomain was last detected, for example, testapi.whoisfreaks.com was last seen on 2025-02-19.
  4. Query Time: The timestamp indicating when the lookup was performed. For example, the query was made at 2025-05-13T10:51:18.812417424.
  5. Total Records: The total number of subdomains discovered for the domain. In this case, there are 22 records listed.

The subdomain details allow you to track when each was first seen and, in some cases, when it was last observed, providing a comprehensive overview of the domain's subdomain activity over time.

How does the Subdomain Lookup Tool work?

The tool works by querying public DNS records, using certificate transparency logs, third-party databases, and other open-source intelligence methods to gather a comprehensive list of subdomains associated with a domain.

Can the Subdomain Lookup Tool detect expired subdomains?

Yes, the tool can identify subdomains that are no longer active, based on their historical records. This helps in cleaning up outdated or forgotten endpoints from your domain.

How accurate is the Subdomain Lookup Tool?

The tool’s accuracy depends on the quality of the data sources it pulls from, such as DNS records, certificate logs, and other public databases. However, it may not detect every single subdomain if not publicly registered.

How can I secure subdomains discovered through the tool?

After discovering subdomains, ensure they’re properly configured with secure protocols (like HTTPS), restrict access with firewalls or authentication, and remove any unused subdomains to reduce potential attack surfaces.

Do you have notification service when API credits are near to an end?

Yes, we will inform you via an email. We send notification email on 80%,90%,100% usage. You can get credits/ subscription usage information from our billing portal or through API.

Do you have rate limiting on number of requests being made on your paid plans?

Yes, we have rate limiting on requests being made on all of our paid plans. The requests limit is shown in the following table.

The Table is divided into three types of plans:

1) API Credits

Credits Live-rpm Bulk-rpm Historical/Reverse-rpm
5000 20 8 3
15000 35 12 5
50000 80 20 10
150000 120 25 15
450000 150 35 20
1000000 200 50 25
3000000 300 70 35

2) API Subscription

Credits Live-rpm Bulk-rpm Historical/Reverse-rpm
5000 20 8 3
15000 35 12 5
50000 80 20 10
150000 120 25 15
450000 150 35 20
1000000 200 50 25
3000000 300 70 35
  • Live-rpm: API requests per minute limit for live WHOIS lookup API, domain availability API, SSL certificate lookup API, and DNS lookup API endpoints.
  • Bulk-rpm: API requests per minute limit for bulk domain WHOIS lookup API endpoint.
  • Historical/Reverse-rpm: API requests per minute limit for historical, and reverse WHOIS API endpoints.

In case, the request per minute exceeds, it'll throw an error with HTTP error code of 429.

Do you charge credit on 4xx error status codes in response?

No, We do not charge credits on 4xx status codes in response. All WHOIS APIs follow same rule for 4xx status codes in response.

What is the number of free API credits available for new users, and are these credits rate-limited?

We will provide 500 API credits to new users and yes, those credits have a rate-limiting of 10 requests per minute for Live APIs, 5 requests per minute for Bulk Domain Lookup, and 1 request per minute for Reverse/Historical Endpoints.
Ready to get started?Join now and claim 500 credits for free!

Elevate your cybersecurity strategy with our all-in-one domain and IP intelligence platform empowering analysts, researchers, and brand owners with real-time WHOIS, DNS, IP, and subdomain insights.

Sign Up For Free