We monitor, parse and deduplicate precertificates from all trusted Certificate Transparency logs in real time.

Format

JSON
{
  "id": "96582fcd0198b836ecb63807bc25fc17d66f78b32a75b29a72c3c012139caa0d",
  "serial_number": "041875a54ad86890122498dacd8d32f1c1cc",
  "subject": {
    "common_name": "newschatgpt-qsyteam.pages.dev",
    "alternative_names": [
      {
        "type": "domain",
        "name": "*.newschatgpt-qsyteam.pages.dev"
      },
      {
        "type": "domain",
        "name": "newschatgpt-qsyteam.pages.dev"
      }
    ],
    "key": {
      "id": "9abe4a1a0b43e1d2d193d422af7803c1a1259703",
      "algorithm": "ECDSA",
      "size": 256,
      "fingerprints": {
        "sha256": "d1d9b99c2a91ea683ac3a9fd43a24dc68f499bd0ffa4d00259e0d49f869fca31"
      }
    }
  },
  "issuer": {
    "common_name": "E1",
    "organization": "Let's Encrypt",
    "country": "US"
  },
  "validity": {
    "not_before": "2024-04-21T09:27:36Z",
    "not_after": "2024-07-20T09:27:35Z"
  }
}

id is the SHA-256 fingerprint of the TBS certificate with the poison extension and SCT list extension removed (when present). It identifies a unique certificate issuance and is used to pair precertificates and certificates.

Rate

The current rate is around 6,000,000 newly issued certificates per day.

Pricing

€999/month — talk to us at contact@dns0.eu to set up the subscription and get your API key.

Threat intelligence partners get free or discounted access to this data feed.

Authentication

Authenticate by passing your API key as Bearer token in the Authorization header.

The WebSocket streaming endpoint is available without authentication for testing purposes (up to 10 minutes per day).

Stream

The WebSocket endpoint is available at the following URL.

wss://data.dns0.eu/nic

Download

Newline-delimited JSON dumps of the previous day’s stream are made available daily at the following URL.

https://data.dns0.eu/nic

The file is updated every day between midnight and 1am UTC. Use conditional requests (If-Modified-Since) or make use of HEAD requests to avoid unnecessary bandwidth usage.

Newly Active Hostnames (NAH)Passive DNS (RRsets)