When querying for a domain one would may find a subdomain even if it's not mentioned somewhere else (eg. company certificate).
I took an example of https://crt.sh/?q=esaflip.duckdns.org (disclaimer: I don't know the owner, I just picked it as good example)
The Certificate Transparency is a movement of popular (free) certificate issues like LetsEncrypt or digicert.
A list of "CT Monitors" can be found here: https://certificate.transparency.dev/logs/
One of them is https://crt.sh/
When querying for a domain one would may find a subdomain even if it's not mentioned somewhere else (eg. company certificate). I took an example of https://crt.sh/?q=esaflip.duckdns.org (disclaimer: I don't know the owner, I just picked it as good example)
Using
exclude=expiredlike in https://crt.sh/?q=duckdns.org&exclude=expired would show only current issued certificates.Displaying this information in the report would be helpful identifying subdomains based on open data (OSINT)