Query the open web programmatically: favicon-hash pivoting (find every site that serves a given icon) plus ASN / org / region / IP enrichment — across millions of crawled domains.
Get your free keyGive a domain → get its favicon SHA-256 and every other domain serving the same icon. The classic Shodan/FOFA recon move, over the open web.
Resolve a domain to its hosting org/ASN, region, IPs, MX and CNAME — with an ASN-popularity score so you can tell WordPress.com from a one-off box.
Give an apex → get every host we've seen under it (including DNS-discovered names never crawled as pages), each with its primary IP. A free crt.sh-style map of the attack surface.
curl -H "X-API-Key: YOUR_KEY" \
"https://cl0q.com/api/favicon?domain=github.com"
{ "domain":"github.com", "sha256":"2ee43237…",
"also_used_by_total": 26,
"also_used_by": ["gist.github.com","cli.github.com", …] }
Billing isn't live yet — during beta every tier is free. Grab a key now; paid plans (and higher limits) plug into the same key when they launch.
Email is optional (we'll only use it to tell you when paid tiers and new endpoints land). Your key is shown once — copy it somewhere safe.
✅ Your free API key (free tier · 30/min · 1,000/day):
⚠️ Save this now — it won't be shown again.
Send your key as the X-API-Key header (or ?key= query param) on every request.
GET /api/favicon?domain=<domain> → that domain's favicon hash + who else uses it GET /api/favicon?hash=<hex sha256> → every domain serving that icon (?limit=, max 1000) GET /api/subdomains?domain=<apex> → every host seen under that apex + its IP (?limit=, max 1000)
Free tier: 30 requests/minute, 1,000/day. Responses include X-RateLimit-Limit / X-RateLimit-Remaining; 429 with Retry-After when exceeded.