Web Tech-Stack & New-Domain Sales-Trigger Intel

Detect what technology any website runs - CMS, ecommerce platform, analytics, marketing/email tools, JS frameworks, hosting/CDN, payment, web server, chat widgets, ad pixels, fonts - by fingerprinting its public, logged-out pages. Then turn that into B2B sales triggers: which prospects just adopted Shopify, added Klaviyo, dropped HubSpot, or just registered a brand-new domain.

This is the BuiltWith / Wappalyzer layer (their datasets and APIs are paid; bulk WHOIS is gated post-GDPR) packaged as a pay-per-use Apify actor, with the two things that actually move a sales pipeline: a maintained fingerprint ruleset and change detection over time.

Cross-sells with B2B Sales Triggers (tech adoption is a buying signal) and Shopify Store Discovery (this extends detection from Shopify-only to the whole web).

---

What you get

For each domain, a normalized record:

{
  "domain": "allbirds.com",
  "url": "https://allbirds.com/",
  "http_status": 200,
  "fetch_tier": "http",
  "page_title": "Allbirds - Wool Runners",
  "technologies": [
    { "name": "Shopify", "category": "ecommerce", "confidence": "high",
      "version": null, "evidence": "header:X-ShopId: 12345", "website": "shopify.com" },
    { "name": "Klaviyo", "category": "marketing", "confidence": "high", ... }
  ],
  "technologies_by_category": {
    "ecommerce": ["Shopify"], "marketing": ["Klaviyo"],
    "analytics": ["Google Analytics 4", "Google Tag Manager"], ...
  },
  "tech_count": 7,
  "categories_detected": ["advertising", "analytics", "ecommerce", ...],
  "registration": {                       // when include_registration / new_domain_intel
    "created_date": "2014-03-22", "registrar": "GoDaddy.com, LLC",
    "nameservers": ["ns1...","ns2..."], "domain_age_days": 4465,
    "is_new_domain": false, "rdap_available": true
  },
  "new_domain_trigger": false,
  "tech_added": ["Klaviyo"],              // monitor mode: vs the previous run
  "tech_removed": [],
  "change_detected": true,
  "matches_target": true,                 // find_by_technology mode
  "matched_target_technologies": ["Shopify"]
}

---

Modes

Mode	What it does	Charges
tech_stack	Full tech fingerprint for each domain (default).	domain_record + tech_stack_enrichment
find_by_technology	Fingerprint, then flag the domains that run one of your target_technologies ("everyone running Klaviyo"). Emits a summary record listing the matching domains.	domain_record + tech_stack_enrichment
new_domain_intel	RDAP registration lookup + new-domain trigger flag. Detection optional.	domain_record + new_domain_trigger
tech_change_monitor	Re-fingerprint a watchlist and diff each domain's tech set vs the previous scheduled run ("just adopted Shopify").	domain_record + tech_stack_enrichment + scheduled_delta_run

Find-by-technology is honest about the gate

A whole-web reverse index ("every site on the internet running Shopify") is the paid BuiltWith database. This actor instead checks the candidate domain list you supply against a target technology - perfect for qualifying a prospect list, an export from another lead-finder, or a competitor's customer page. The value is the ruleset and the change detection, not a copy of BuiltWith's crawl.

---

Input

{
  "mode": "tech_stack",
  "domains": ["shopify.com", "https://www.basecamp.com"],
  "target_technologies": ["Shopify", "Klaviyo"],   // find_by_technology mode
  "include_tech_detection": true,
  "include_registration": false,                    // adds RDAP + new_domain_trigger
  "min_confidence": "low",                           // high | medium | low
  "new_domain_days": 90,
  "enable_browser_escalation": false,
  "monitor_webhook_url": "",                         // Slack/email for scheduled runs
  "use_apify_proxy": true,
  "apify_proxy_groups": ["DATACENTER"],
  "concurrency": 4
}

Only mode is required. Provide domains to get real data; with none, the actor returns clearly-labeled sample output (demo mode) instead of failing.

---

How detection works

The fingerprint engine (src/fingerprint.py) is 100% offline and deterministic. The fetcher hands it the page's HTML body, the <script src> URLs, the HTTP response headers, and the Set-Cookie names; each technology rule is a set of signals (html, script, header, header_name, cookie, meta, url) with a confidence. We keep the single strongest signal per technology and capture a version where the signal exposes one (WordPress 6.5, jQuery 3.7.1, nginx 1.25, Angular 17).

min_confidence trades coverage for precision: high uses only response headers, unique vendor scripts, and <meta generator>; low adds weaker HTML heuristics. Categories: cms, ecommerce, analytics, marketing, framework, hosting, payment, web_server, widget, advertising, fonts, security.

Anti-bot escalation ladder

1. httpx over DATACENTER proxy - default, clears most sites.
2. curl_cffi Chrome-TLS impersonation over RESIDENTIAL proxy - defeats JA3/TLS-fingerprint WAFs that 403 a plain request.
3. Playwright headless browser (opt-in via enable_browser_escalation) - for JS / Cloudflare-interstitial pages. Skipped cleanly if not installed.

If every tier is blocked the domain record is emitted with available: false and a documented reason - the run still finishes SUCCEEDED.

---

Tech-change monitoring (the recurring value)

Save your input as a Task, then attach a Schedule (daily/weekly). On each scheduled run the actor re-fingerprints your watchlist, diffs each domain's tech set against the previous run, and emits a monitor_digest plus per-domain tech_added / tech_removed. Set monitor_webhook_url to push the digest to Slack. That's your "alert me when a prospect adopts/drops a technology" feed.

---

Pricing (pay-per-event)

Event	Price	When
domain_record	$0.004	Per domain fetched and processed.
tech_stack_enrichment	$0.008	Per domain where one or more technologies are detected.
new_domain_trigger	$0.010	Per domain RDAP registration lookup.
scheduled_delta_run	$0.010	Per scheduled monitor run that produces a change digest.

A plain tech_stack run on a domain that returns technologies costs $0.004 + $0.008 = $0.012.

---

Responsible use (legal-safety)

• Public pages only. We fetch each site's own homepage / public path, logged-out. No accounts, no user-supplied cookies, no paywalls, no form submission, no interaction.
• Polite. Per-request spacing and a capped concurrency; one homepage fetch per domain by default.
• PII-minimized. Registration intel uses RDAP and takes only dates, registrar, nameservers, and statuses - never registrant contact details (which are GDPR-redacted anyway). No personal data is enriched or stored.
• Detection is inference, not ground truth - confidence levels are provided so you can filter. Use the output for sales/martech research and qualification; do not treat a detection as a security audit.

---

MCP twin

For AI agents, the paired MCP server exposes detect_tech_stack, check_technology, bulk_tech_lookup, get_domain_registration, and find_tech_users as Model Context Protocol tools (x402 / Skyfire ready).