Website made by Christopher Tarry. Email and other contact info is available on my Github.

Note that this is not actually all newly registered domains, and may only be a limited subset of them, because the output here is domains that apply for certificates through CAs that implement certificate transparency. However, most major CAs are covered.

You can connect via websockets to get the same data at the /ws endpoint. Data is sent encoded as JSON.

One way to filter this data down a lot more if you were looking for something like phishing domains would be to add in WHOIS data and actually resolve the domain IP addresses. There are certain registrars and hosts that are higher risk than others.

  Example filter 1:
  
  const domain = parsed["domain"];
  const issuer = parsed["issuer"];
  const split = domain.split(".");
  // Technically you should use the public suffixes list...
  const tld = split[split.length - 1];

  let riskScore = 0;
  if (tld === "top" || tld === "co") {
    riskScore += 5;
  }
  if (issuer.indexOf("Let's Encrypt") !== -1) {
    riskScore += 5;
  }
  return riskScore > 5;
  

  Example filter 2:
  
  const substrings = ["paypal", "chase", "fidelity", "vanguard"];
  for (const substring of substrings) {
    if (includesSubstring(parsed["domain"], substring)) {
      return true;
    }
  }
  return false;
  

  Example filter 3:
  
  const substrings = ["coinbase", "binance", "bitfinex", "bybit"];
  for (const substring of substrings) {
    if (includesSubstringWithLevenshtein(parsed["domain"], substring, 2)) {
      return true;
    }
  }
  return false;
  

  Examples:
  
    // Examples:
    // includesSubstring("coinbase-support.com", "coinbase") = true
    // includesSubstring("coinbase-support.com", "co1nb4se") = false

    // Examples:
    // includesSubstringWithLevenshtein("coinbase-support.com", "coinbase", 0) = true
    // includesSubstringWithLevenshtein("coinbase-support.com", "coinbase", 1) = true
    // includesSubstringWithLevenshtein("coinbase-support.com", "coinbase", 2) = true

    // includesSubstringWithLevenshtein("co1nbase-support.com", "coinbase", 0) = false
    // includesSubstringWithLevenshtein("co1nbase-support.com", "coinbase", 1) = true
    // includesSubstringWithLevenshtein("co1nbase-support.com", "coinbase", 2) = true

    // includesSubstringWithLevenshtein("co1nb4se-support.com", "coinbase", 0) = false
    // includesSubstringWithLevenshtein("co1nb4se-support.com", "coinbase", 1) = false
    // includesSubstringWithLevenshtein("co1nb4se-support.com", "coinbase", 2) = true