diff --git a/bbot/modules/bufferoverrun.py b/bbot/modules/bufferoverrun.py
index 224239636..1eba8ad4c 100644
--- a/bbot/modules/bufferoverrun.py
+++ b/bbot/modules/bufferoverrun.py
@@ -17,18 +17,20 @@ class BufferOverrun(subdomain_enum_apikey):
     base_url = "https://tls.bufferover.run/dns"
     commercial_base_url = "https://bufferover-run-tls.p.rapidapi.com/ipv4/dns"
 
+    async def setup(self):
+        self.commercial = self.config.get("commercial", False)
+        return await super().setup()
+
     def prepare_api_request(self, url, kwargs):
-        if "x-rapidapi-key" in kwargs["headers"]:
+        if self.commercial:
             kwargs["headers"]["x-rapidapi-host"] = "bufferover-run-tls.p.rapidapi.com"
+            kwargs["headers"]["x-rapidapi-key"] = self.api_key
         else:
             kwargs["headers"]["x-api-key"] = self.api_key
         return url, kwargs
 
-    async def request_url(self, query, commercial=None):
-        if commercial is None:
-            commercial = self.options.get("commercial", False)
-        _, domain = self.helpers.split_domain(query)
-        url = f"{self.commercial_base_url if commercial else self.base_url}?q=.{domain}"
+    async def request_url(self, query):
+        url = f"{self.commercial_base_url if self.commercial else self.base_url}?q=.{query}"
         return await self.api_request(url)
 
     def parse_results(self, r, query):
diff --git a/bbot/test/test_step_2/module_tests/test_module_bufferoverrun.py b/bbot/test/test_step_2/module_tests/test_module_bufferoverrun.py
new file mode 100644
index 000000000..b8a8137e2
--- /dev/null
+++ b/bbot/test/test_step_2/module_tests/test_module_bufferoverrun.py
@@ -0,0 +1,35 @@
+from .base import ModuleTestBase
+
+
+class TestBufferOverrun(ModuleTestBase):
+    config_overrides = {"modules": {"bufferoverrun": {"api_key": "asdf", "commercial": False}}}
+
+    async def setup_before_prep(self, module_test):
+        # Mock response for non-commercial API
+        module_test.httpx_mock.add_response(
+            url="https://tls.bufferover.run/dns?q=.blacklanternsecurity.com",
+            match_headers={"x-api-key": "asdf"},
+            json={"Results": ["1.2.3.4,example.com,*,*,sub.blacklanternsecurity.com"]},
+        )
+
+    def check(self, module_test, events):
+        assert any(e.data == "sub.blacklanternsecurity.com" for e in events), "Failed to detect subdomain for free API"
+
+
+class TestBufferOverrunCommercial(ModuleTestBase):
+    modules_overrides = ["bufferoverrun"]
+    module_name = "bufferoverrun"
+    config_overrides = {"modules": {"bufferoverrun": {"api_key": "asdf", "commercial": True}}}
+
+    async def setup_before_prep(self, module_test):
+        # Mock response for commercial API
+        module_test.httpx_mock.add_response(
+            url="https://bufferover-run-tls.p.rapidapi.com/ipv4/dns?q=.blacklanternsecurity.com",
+            match_headers={"x-rapidapi-host": "bufferover-run-tls.p.rapidapi.com", "x-rapidapi-key": "asdf"},
+            json={"Results": ["5.6.7.8,blacklanternsecurity.com,*,*,sub.blacklanternsecurity.com"]},
+        )
+
+    def check(self, module_test, events):
+        assert any(
+            e.data == "sub.blacklanternsecurity.com" for e in events
+        ), "Failed to detect subdomain for commercial API"