Domain, DNS, and certificate data feeds for security products and internal tools.
CodePunch runs the collection infrastructure and exposes the data through simple API feeds. Use it to monitor new domains, inspect DNS records, track subdomains, and follow SSL/TLS certificate activity without building your own collectors.
REST API · Structured JSON · Monthly plans · No long-term contract
240M+
gTLD domains monitored
10-12M
domain additions processed daily
10M+
SSL certificates tracked daily
2017
in production since
Choose the data feed your system needs.
Each feed returns structured JSON over REST. Start with one data stream or combine all three for domain, DNS, subdomain, and certificate visibility.
Domain Activity
Daily feed of newly added and deleted gTLD domains sourced from zone file processing. Useful for watchlists, phishing detection, brand monitoring, and newly registered domain analysis.
- Zone file sourced gTLD coverage
- 240M+ domains monitored
- 10 to 12M daily additions and deletions
DNS & Subdomains
Query DNS records, enumerate subdomains, and map nameserver relationships. Designed for investigation workflows, asset discovery, and enrichment inside existing tools.
- A, AAAA, CNAME, MX, NS, TXT lookups
- Subdomain enumeration
- ASN and IP data
SSL/TLS Certificates
Monitor certificate issuance across TLDs. Certificate activity is especially useful where zone files are unavailable, including many ccTLD monitoring workflows.
- Certificate stream and search
- 90-day searchable history
- 6 to 10M certificates processed daily
Data sources
Zone files, DNS records, and certificate activity.
CodePunch processing
Collection, normalization, filtering, and history.
Your system
SIEM, threat intel platform, dashboard, or internal tool.
For teams that need the data, not another dashboard.
CodePunch is a data provider. Customers use the feeds inside their own products, security operations workflows, and internal systems.
Security Product Vendors
Add domain and certificate intelligence to your own platform
Threat intelligence platforms, brand monitoring products, and OSINT tools use CodePunch feeds as an input layer. gTLD activity comes from zone file processing. Certificate activity helps cover TLDs where zone files are not available.
Enterprise Security Teams
Feed SOC, brand protection, and investigation workflows
Monitor lookalike domains, track certificate issuance, query DNS infrastructure, and enrich alerts inside SIEM platforms, case management systems, internal dashboards, and automated pipelines.
Corporate Software Divisions
Build internal tools without maintaining collectors
Engineering teams use the API to power domain watchlists, certificate monitors, DNS change detection, and asset discovery tools without operating zone file ingestion or certificate transparency collection themselves.
REST API responses designed for ingestion, search, and alerting.
Use any HTTP client. Authenticate, query the feed, page through results, and store the records in your own pipeline. No proprietary SDK is required.
Two-step token authentication
Predictable JSON response shape
Pagination for bulk ingestion
Daily feed updates from production collectors
# Step 1: Authenticate with your key and secret GET https://api.codepunch.com/dnfeed/v2 /auth/{YOUR_API_KEY}/{YOUR_API_SECRET} # Response { "status": true, "token": "a1b2c3d4e5f6..." } # Step 2: Query today's added .com domains containing "bank" GET https://api.codepunch.com/dnfeed/v2 /a1b2c3d4e5f6/added ?kw=bank&tlds=com&limit=500 # Response { "status": true, "records": 4821, "data": [ { "domain": "example-bank-alert.com", "tld": "com", "date": "2026-04-24", "idn": 0 } ] }