New Pro signals: Domain Age + GitHub Analyzer
Token Analysis just got two new signals. Both target a specific category of scam that holder-only scanners completely miss: the fake-legitimacy play. A token launches with a polished website, a GitHub repo, a Telegram, a roadmap — all of it spun up in the last 72 hours. Holders look distributed. Liquidity looks fine. Until you check the dates.
The blind spot most tools have
Almost every Solana risk scanner focuses on one layer: the on-chain layer. Holder concentration, bundling, dev wallet history, liquidity ratios. That layer is critical — but it's not the whole picture, especially as scammers get better.
The next-tier scam isn't a fresh pump.fun launch with 12 wallets bundling supply. It's a project that looks like a real protocol. There's a homepage. There's a whitepaper. There's a GitHub. Real-looking team photos. The on-chain data even checks out at the surface — distribution looks reasonable, liquidity is locked. The catch: the entire web presence was created the week of the token launch.
That's the gap these two new signals close.
1. Domain Age (RDAP / WHOIS)
Every Token Analysis report now runs a RDAP lookup against the project's primary website. RDAP is the modern successor to WHOIS — it returns structured registration data: when the domain was registered, when it expires, who the registrar is.
What it catches:
- Brand-new domain + mature-looking project. A token claims to be an "established DeFi protocol" but its domain was registered 4 days ago. That's not a coincidence — that's the entire web presence created to support the token launch.
- 1–3 day old domains. Treated as a critical signal. Almost no legitimate project has a website registered within hours of token deploy. Real projects build the web presence first, then launch.
- Domain mismatch with claimed history. Project says "we've been working on this for 6 months" but the domain is 11 days old? Now you have evidence to push back.
Mild positive signal: domains 30+ days old at launch. Not a guarantee, but it's harder to fake — it means someone bothered to register the domain weeks before the launch hype began. Most rug operators don't think that far ahead.
What you'll see in the report
A new 🌐 Domain Age card with plain-English context. Example output:
The project's primary domain was registered 4 days ago. For a token claiming to be an established protocol with a $480K market cap, this timing strongly suggests the entire web presence was spun up around the launch — a pattern commonly associated with manufactured-legitimacy plays.
2. GitHub Repo Analyzer
If the token's metadata links a GitHub repository, the analyzer fetches it. Three calls in parallel: repo metadata, top contributors, recent commits. The AI then evaluates whether the repo looks like a real project or a hollow shell created to look legitimate.
What it catches:
- Shell repos. One contributor, zero stars, three generic commits like "init" and "first commit", created last week. Nobody's actually building anything — the repo exists to make the project look technical.
- Forked code with no original work. The "team" forked someone else's protocol, changed the README, and shipped it as their own. Common scam pattern.
- Archived or disabled repos. Project was abandoned. They're shipping a token off a dead codebase.
- Inactive >90 days. Last commit was three months ago, but the token is launching now. The dev moved on but is still trying to monetize the brand.
- Inaccessible repos. 404 on the linked GitHub. The team listed a repo that's been deleted or set to private. That's not a "they're being careful with their code" — that's "they don't want you to see what's actually there."
Positive signals: 5+ contributors, regular commits across multiple months, descriptive commit messages (not just "update"), proper open-source license, active issue tracker. Real projects look like real projects.
What you'll see in the report
A new 💻 GitHub Repo card. Example output for a shell repo:
The linked repository (acme-org/acme-protocol) was created 9 days ago by a single contributor with 2 stars and 3 commits, all using generic placeholder messages. There is no substantive code history that supports the project's claim of an in-development protocol. The repo's metadata exhibits characteristics consistent with a placeholder created to lend credibility around a token launch.
How to use these signals together
These signals are most powerful in combination — both with each other and with the existing on-chain checks.
The classic fake-legitimacy stack looks like this:
- Domain registered 5 days ago
- GitHub repo created 4 days ago, 1 contributor, 0 stars, 3 generic commits
- Twitter/Telegram opened in the last week
- Holder distribution looks "okay" because the bundle is staggered across 50+ wallets
- Token launches at $300K MC with a polished pitch
Without the new signals, holder-only analysis might pass this token as "medium risk." With them, the pattern is unambiguous: every part of the project's claimed identity was manufactured in a single week. That's not a project — it's a costume.
What this doesn't catch
Honest about limits. These signals don't help with:
- Pure memecoins with no claimed legitimacy. A pump.fun launch that's just a frog meme isn't pretending to be a protocol — it doesn't have a domain or GitHub to check. For those, the existing on-chain signals (holders, bundling, liquidity, dev wallet) are still the right lens.
- Sophisticated long-game scams. Some operators register the domain and prep the GitHub a year in advance. Domain Age doesn't catch that. The on-chain dev-wallet trace is more important for catching seasoned operators.
- Niche TLDs. RDAP coverage is excellent for the common ones (.com, .xyz, .io, .net, .org, country TLDs) but spotty for unusual extensions. Reports note when the lookup didn't succeed instead of guessing.
Available now for Pro
Both signals are live in every Token Analysis run as of today. No extra steps — paste a contract address and the new cards appear automatically when the data is available. They run in parallel with the existing fetches, so total report latency is unchanged.
If you've seen a "looks legit" token in your feed lately and felt off about it, that's exactly the kind of token these signals were built to catch.
Open Token Analysis →Nothing in this post is financial advice. Domain Age and GitHub Analyzer are observational tools — they surface patterns, not verdicts. Real research means using them together with on-chain checks, narrative analysis, and your own judgment. Markets are full of tokens that look great and lose, and tokens that look dangerous and pump. DYOR.