Newly Registered Domains (NRD)
Most malicious domains are registered from a few days to only a few seconds before becoming active, making those domains a very valuable subset of domains to analyze when looking for future malicious activity.
Traditional approaches usually have a 24-hour blindspot and do not cover ccTLDs. We use a combination of passive DNS, zone files, Certificate Transparency logs and WHOIS/RDAP to detect most newly registered domains near instantly.
Format
timestamp represents the true registration time of the domain (as listed in
WHOIS/RDAP).
Rate
The current rate is around 200,000 newly registered domains per day.
Pricing
€499/month — talk to us at contact@dns0.eu to set up the subscription and get your API key.
Threat intelligence partners get free or discounted access to this data feed.
Authentication
Authenticate by passing your API key as Bearer token in the Authorization header.
The WebSocket streaming endpoint is available without authentication for testing purposes (up to 10 minutes per day).
Stream
WebSocket
WebSocket
The WebSocket endpoint is available at the following URL.
Google Cloud Pub/Sub
Google Cloud Pub/Sub
Upon request, you will be granted the pubsub.subscriber role for the topic projects/dns0eu/topics/data.nrd.
Amazon SNS
Amazon SNS
Evaluating demand, please register your interest at contact@dns0.eu.
Azure Event Hubs
Azure Event Hubs
Evaluating demand, please register your interest at contact@dns0.eu.
Apache Kafka
Apache Kafka
Evaluating demand, please register your interest at contact@dns0.eu.
Download
Newline-delimited JSON dumps of the previous day’s stream are made available daily at the following URL.
The file is updated every day between midnight and 1am UTC. Use conditional
requests (If-Modified-Since) or make use of HEAD requests to avoid
unnecessary bandwidth usage.