Traditional approaches usually have a 24-hour blindspot and do not cover ccTLDs. We use a combination of passive DNS, zone files, Certificate Transparency logs and WHOIS/RDAP to detect most newly registered domains near instantly.


  "timestamp": "2023-03-26T13:30:38Z",
  "domain": ""

timestamp represents the true registration time of the domain (as listed in WHOIS/RDAP).


The current rate is around 200,000 newly registered domains per day.


€499/month — talk to us at to set up the subscription and get your API key.

Threat intelligence partners get free or discounted access to this data feed.


Authenticate by passing your API key as Bearer token in the Authorization header.

The WebSocket streaming endpoint is available without authentication for testing purposes (up to 10 minutes per day).


The WebSocket endpoint is available at the following URL.



Newline-delimited JSON dumps of the previous day’s stream are made available daily at the following URL.

The file is updated every day between midnight and 1am UTC. Use conditional requests (If-Modified-Since) or make use of HEAD requests to avoid unnecessary bandwidth usage.