Raw Internet Data.
Ready to Plug Into
Your Stack.
Domain registrations, DNS records, and SSL/TLS certificate streams delivered as structured JSON via REST API. Whether you are building a security product, running an enterprise SOC, or developing in-house threat intelligence tooling, CodePunch gives you the raw data layer to power it.
No contracts · Cancel anytime · Active since 2017
gTLD domains monitored
Domain changes per day
SSL certs tracked / day
In production
Three feeds.
One API. Your product.
Each feed delivers structured JSON via REST. Integrate one data stream or all three into your platform, pipeline, or internal tooling with no preprocessing required.
Domain Activity
Daily feed of newly registered and deleted gTLD domains, sourced directly from zone files. Over 240 million domains monitored across all gTLDs, with 10 to 12 million additions and a similar number of deletions processed every 24 hours.
- Zone file sourced, all gTLDs covered
- 240M+ domains under monitoring
- 10 to 12M daily additions and deletions
DNS & Subdomains
Search domains, resolve DNS records, enumerate subdomains, and map nameserver relationships. Full gTLD and experimental ccTLD coverage.
- A, CNAME, MX, NS, TXT lookups
- Subdomain enumeration
- ASN & IP data
SSL/TLS Certificates
Monitor SSL/TLS certificates as they are issued across all TLDs. Since zone files are unavailable for ccTLDs, certificate generation data is the primary method for tracking new ccTLD domain activity. 6 to 10 million certificates processed daily.
- Real-time certificate stream
- 90-day searchable history
- Covers gTLDs & ccTLDs via cert monitoring
Built for teams that build.
CodePunch is a data provider, not an end product. Our customers use the feeds as a raw ingredient inside their own systems.
Security Product Vendors
Enrich your platform with internet-wide domain and certificate data
Threat intelligence platforms, brand monitoring SaaS, and OSINT tools ingest CodePunch feeds directly into their own data pipelines. gTLD coverage comes from zone file processing with over 240 million domains monitored and 10 to 12 million changes surfaced daily. ccTLD activity, where zone files are not publicly available, is tracked through SSL certificate generation data. No collection infrastructure to build or maintain on your end.
Enterprise Security Teams
Feed your SOC and threat intelligence workflows directly
Large organisations running in-house security operations use the API to monitor for lookalike domains, track certificate issuance for their assets, and query DNS infrastructure as part of incident investigation workflows. Integrates directly into SIEM platforms, internal dashboards, and automated alerting pipelines.
Corporate Software Divisions
Build internal security tooling without collecting the data yourself
Companies with an internal software or engineering team use CodePunch to power proprietary security tools including domain watchlists, certificate expiry monitors, and DNS change detection systems, without the overhead of running their own zone file processing or certificate transparency log ingestion. The data is ready. You just build on top.
Designed to plug into your existing pipeline.
A straightforward REST API returning consistent JSON. No proprietary SDKs, no vendor lock-in. Fits naturally into any data ingestion pipeline, SIEM integration, or internal tooling stack.
Key-based auth, one header, any HTTP client
Consistent, predictable JSON response schema
Paginated results for bulk data ingestion
Daily feed updates from zone file processing
# Step 1: Authenticate with your key and secret GET https://api.codepunch.com/dnfeed/v2 /auth/{YOUR_API_KEY}/{YOUR_API_SECRET} # Response { "status": true, "token": "a1b2c3d4e5f6..." } ───────────────────────────────────────────── # Step 2: Query today's added .com domains # containing the keyword "bank" GET https://api.codepunch.com/dnfeed/v2 /a1b2c3d4e5f6/added ?kw=bank&tlds=com&limit=500 # Response { "status": true, "records": 4821, "data": [ { "domain": "secure-yourbank-login.com", "tld": "com", "date": "2026-04-24", "idn": 0 } ] }