Features

Subdomain Enumeration

Fetches all known subdomains for a given domain, like demo.whoisfreaks.com and ssl.whoisfreaks.com. Helps users discover services and endpoints hosted under the main domain.

Discovery Timeline

Includes timestamps for when each subdomain was first and last seen, like "first_seen": "2023-06-02" and "last_seen": "2025-02-19". This gives historical visibility into the presence and potential removal of services.

Total Subdomain Count

Returns the total_records field (e.g., 22), giving an instant overview of the domain’s subdomain footprint. Useful for estimating the complexity and scale of the domain's infrastructure.

JSON Output Format

Data is returned in a clean, structured JSON format that is easy to parse and integrate with other tools. Ideal for developers, analysts, and automation pipelines.

Common Use Cases

DNS Misconfiguration Detection Detect and troubleshoot DNS issues like broken or orphaned subdomains, helping ensure your domain is properly configured and not unintentionally leaking internal infrastructure.
Security Auditing Conduct thorough security audits by uncovering all known subdomains, helping identify misconfigured servers, legacy endpoints, or forgotten systems that may expose your infrastructure to potential threats or unauthorized access.
Attack Surface Mapping Map every public-facing subdomain to fully understand your external digital footprint. This comprehensive view helps cybersecurity teams assess vulnerabilities and prioritize risk mitigation efforts based on visible infrastructure components.
Brand Protection Detect suspicious subdomains impersonating your brand to host phishing campaigns, distribute malware, or mislead users. Continuous monitoring helps safeguard reputation and prevent misuse of your company’s digital identity.
Competitive Intelligence Analyze a competitor's subdomains to infer new product testing, deployment practices, or technology stacks. This can offer valuable insight into their strategies, upcoming features, or internal tooling choices.
Domain Expiry & Cleanup Identify subdomains associated with expired or deprecated services, then retire or redirect them as needed to reduce clutter, avoid confusion, and limit attack vectors left behind by forgotten systems.
Infrastructure Inventory Maintain a dynamic inventory of your domain’s infrastructure by tracking all subdomains—active and historical—so teams can better manage assets, identify redundancies, and plan upgrades or retirements across distributed systems.
Response
Subdomains Lookup Documentation

Authorization

You can make authorized requests to our API by passing API key as a query parameter. To get your API key, login to our billing dashboard and get your API key! If your API key has been compromised, you can change it by clicking on the reset button in the billing dashboard.

API GET
https://api.whoisfreaks.com/v1.0/subdomains?apiKey=API_KEY&domain=ipgeolocation.io
Query Parameters
  • Required
    apiKeyGet your API key from our billing dashboard.
    domainThe domain for which you would like to retrieve subdomains.
  • Optional
    formatTwo formats are available JSON, XML. If you don't specify the 'format' parameter, the default format will be JSON.
Responses
200 OK
400 Invalid Param Exception.
401 Provided API key is invalid.
401 Provided API key is inactive.
401 Please buy a subscription plan or add api credits.
401 Your subscription is deactivated.
401 Repeated payment failures.
401 Your account is deactivated.
401 Suspicious Activity.
412 Exceeded the limit of api plan requests.
413 Exceeded the limit of api credits requests.
413 Exceeded the limit of surcharge requests.
429 Maximum request limit reached.
500 Internal Server error.
503 Service is unavailable.
504 Request is timed-out.
Request
Shell Node.js Java Python PHP Ruby JS C# Go C Swift
GET
Copy
Response
200 400 401 412 413 429 500 503 504
Copy
OK

Credit Usage API

You need credits to use SSL Lookup API. Below is the credit usage for each lookup API.

  • Live SSL Certificate Lookup service will charge 1 credit per successful query for a domain without chaining. With chaining enabled, 1 credit will be charged for every 2 certificates in the response.

You can fetch credits usage and remaining credits information through this API.

Request
GET
Copy
Response
XML JSON
Copy


FAQs

What is a Subdomain Lookup Tool?

A Subdomain Lookup Tool helps you discover all active and inactive subdomains associated with a given domain, providing insights into your domain’s infrastructure, security risks, and misconfigurations.

What information will I receive from the Subdomain Lookup?

From the Subdomain Lookup, you will receive the following information:

  1. Domain Name: The primary domain for which the lookup was performed, e.g., whoisfreaks.com.
  2. Status: Indicates whether the domain lookup was successful. In this case, the status is true, meaning the query was successful.
  3. Subdomains: A list of all the subdomains associated with the domain. Each subdomain includes:
    • Subdomain Name: The name of the subdomain, e.g., demo.whoisfreaks.com.
    • First Seen: The date when the subdomain was first detected, e.g., 2023-06-02.
    • Last Seen: The date when the subdomain was last detected, For example, testapi.whoisfreaks.com was last seen on 2025-02-19.
  4. Query Time: The timestamp indicating when the lookup was performed. For example, the query was made at 2025-05-13T10:51:18.812417424.
  5. Total Records: The total number of subdomains discovered for the domain. In this case, there are 22 records listed.

The subdomain details allow you to track when each was first seen and, in some cases, when it was last observed, providing a comprehensive overview of the domain's subdomain activity over time.

How does the Subdomain Lookup Tool work?

The tool works by querying public DNS records, using certificate transparency logs, third-party databases, and other open-source intelligence methods to gather a comprehensive list of subdomains associated with a domain.

Can the Subdomain Lookup Tool detect expired subdomains?

Yes, the tool can identify subdomains that are no longer active, based on their historical records. This helps in cleaning up outdated or forgotten endpoints from your domain.

How accurate is the Subdomain Lookup Tool?

The tool’s accuracy depends on the quality of the data sources it pulls from, such as DNS records, certificate logs, and other public databases. However, it may not detect every single subdomain if not publicly registered.

How can I secure subdomains discovered through the tool?

After discovering subdomains, ensure they’re properly configured with secure protocols (like HTTPS), restrict access with firewalls or authentication, and remove any unused subdomains to reduce potential attack surfaces.

Do you have notification service when API credits are near to an end?

Yes, we will inform you via an email. We send notification email on 80%,90%,100% usage. You can get credits/ subscription usage information from our billing portal or through API.

What happened if API credits have been utilized and my system is using whois API?

We provide surcharge requests on all active API credits subscriptions. You can fetch credits and surcharge requests information through our API. Each subscription plan has different surcharge requests limit.

Do you charge credit on 4xx error status codes in response?

No, We do not charge credits on 4xx status codes in response. All Whois APIs follow same rule for 4xx status codes in response.

What is the number of free API credits available for new users, and are these credits rate-limited?

We will provide 500 API credits to new users and yes, those credits have a rate-limiting of 10 requests per minute for Live APIs, 5 requests per minute for Bulk Domain Lookup, and 1 request per minute for Reverse/Historical Endpoints.

Do you have rate limiting on number of requests being made on your paid plans?

Yes, we have rate limiting on requests being made on all of our paid plans. The requests limit is shown in the following table.

The Table is divided into three types of plans:

1) API Credits

Credits Live-rpm Bulk-rpm Historical/Reverse-rpm
5000 20 8 3
15000 35 12 5
50000 80 20 10
150000 120 25 15
450000 150 35 20
1000000 200 50 25
3000000 300 70 35

2) API Subscription

Credits Live-rpm Bulk-rpm Historical/Reverse-rpm
5000 20 8 3
15000 35 12 5
50000 80 20 10
150000 120 25 15
450000 150 35 20
1000000 200 50 25
3000000 300 70 35
  • Live-rpm: API requests per minute limit for live Whois lookup API, domain availability API, SSL certificate lookup API, and DNS lookup API endpoints.
  • Bulk-rpm: API requests per minute limit for bulk domain Whois lookup API endpoint.
  • Historical/Reverse-rpm: API requests per minute limit for historical, and reverse Whois API endpoints.

In case, the request per minute exceeds, it'll throw an error with HTTP error code of 429.


Whois footer banner