Knogin
[Domaines API]

Subdomain Domain

The Subdomain domain provides subdomain discovery and tracking capabilities for monitoring domain infrastructure.

Metadonnees du module

The Subdomain domain provides subdomain discovery and tracking capabilities for monitoring domain infrastructure.

Retour à la Liste

Reference source

content/modules/domain-subdomain.md

Dernière Mise à Jour

5 févr. 2026

Catégorie

Domaines API

Checksum du contenu

4b96095848584dde

Étiquettes

api-domainsgeospatial

Documentation rendue

Cette page rend le Markdown et Mermaid du module directement depuis la source publique de documentation.

Overview#

The Subdomain domain provides subdomain discovery and tracking capabilities for monitoring domain infrastructure. It records discovered subdomains with first-seen and last-seen timestamps, enabling investigators to track changes in an organization's or target's web presence over time.

Key Features#

  • Subdomain Discovery - Identify and catalog subdomains associated with parent domains to map out the complete web infrastructure of entities under investigation.

  • Temporal Tracking - Record when each subdomain was first discovered and last observed, enabling change detection and infrastructure evolution analysis.

  • Parent Domain Linking - Associate each subdomain with its parent domain record for hierarchical infrastructure mapping and organized browsing.

  • Change Detection - Compare subdomain inventories over time to identify newly created or recently disappeared subdomains that may indicate infrastructure changes.

  • Infrastructure Mapping - Build a comprehensive picture of an entity's online presence by cataloging all discovered subdomains under their parent domains.

Use Cases#

  • Cyber Investigation - Map the complete web infrastructure of investigation targets to identify related services, staging servers, and command-and-control endpoints.

  • Threat Monitoring - Track subdomain changes over time to detect new infrastructure that may indicate evolving threat actor operations.

  • Digital Footprint Analysis - Catalog an organization's subdomain inventory to understand the scope of their online presence and identify potential exposure points.

  • Infrastructure Timeline - Use first-seen and last-seen timestamps to build a timeline of infrastructure changes for investigative analysis.

Integration#

The Subdomain domain supports cyber investigation workflows across the platform:

  • Domain Profiles - Subdomains link to parent domain profile records
  • Threat Intelligence - Subdomain changes can indicate threat actor activity
  • Investigation Management - Subdomain discoveries associate with active investigations
  • URL Profiles - Discovered subdomains may correspond to tracked URL profiles

Last Reviewed: 2026-02-05