Discover subdomains from Certificate Transparency logs covering major certificate authorities
Each subdomain includes the date it was last observed in CT logs, helping you gauge activity
WHOIS, DNS, Safety Check, and more to analyze a domain across multiple dimensions.
Frequently Asked Questions
What is a Subdomain Finder?
A subdomain finder discovers subdomains associated with a domain name by searching Certificate Transparency logs. When SSL/TLS certificates are issued, the domain names they cover are recorded in public CT logs. This tool searches those logs to list known subdomains along with the date each was last seen.
What data source does this tool use?
This tool searches Certificate Transparency (CT) logs from major certificate authorities. CT logs are public, append-only records of SSL/TLS certificates. The data covers certificates logged by Google, Cloudflare, Sectigo, Let's Encrypt, and other participating CAs.
Why might some subdomains be missing?
This tool only finds subdomains that have had SSL/TLS certificates issued for them and logged in Certificate Transparency logs. Subdomains that have never had a certificate, or that use certificates not logged in CT, will not appear. Internal-only subdomains typically do not have public certificates.
What does the "last seen" date mean?
The "last seen" date indicates when the subdomain was most recently observed in a Certificate Transparency log entry. A recent date suggests the subdomain is likely still active. An older date may indicate the subdomain is no longer in use or its certificate has not been renewed.