GitHub RadarDual-use project

WhoisFreaks/daily-expired-and-dropped-domains

A public, research-focused dataset of expired, and recently dropped domains curated for cybersecurity analysis, brand monitoring, threat intelligence, and market research. 7 stars.

7 stars1 forkspushed Jun 12, 2026

Project links:Open GitHub project Back to radar

README Preview

Fetched from GitHub

Daily Expired & Dropped Domains

A public daily feed of expired and dropped domain names for cyber analysts, threat intelligence teams, brand protection teams, and market researchers.

This repository publishes regularly updated domain lifecycle data to help researchers monitor domain churn, spot risky re-registration opportunities, study naming patterns, and analyze abandoned or recycled digital assets.

---

What This Repository Offers

This repository provides a free, public dataset of domains that have either:

Expired and entered a pending-delete or redemption-period state
Dropped and are no longer held by the previous registrant

It is designed for analysts who need structured, machine-readable domain lifecycle data for monitoring, enrichment, and research workflows.

Included Datasets

| Dataset | Description | Best For | | ------------------- | ------------------------------------------------------------------------------- | ----------------------------------------------------------------- | | Expired Domains | Domains that have expired, or entered an expiry-related lifecycle stage | Early monitoring, brand protection, churn analysis | | Dropped Domains | Domains that have fully dropped and may become available again | Threat hunting, re-registration monitoring, availability analysis |

---

Why Upgrade to Premium for Threat Intelligence and Security Operations

Our GitHub repository publishes 10,000 free expired and dropped domains every day. Please note that this is only a subset of our complete dataset. Our full WhoisFreaks Expired and Dropped Domains product contains nearly 400,000 domains on a daily basis, giving security teams much broader coverage for detection, enrichment, and automated blocking workflows.

👉 Explore the full product here: WhoisFreaks Expired and Dropped Domains

| Feature | Free GitHub Feed | Premium Subscription | Why Premium Is Better for Security Teams | |---|---:|---:|---| | Daily Domain Count | 10,000 domains/day | ~400,000 domains/day | Far broader coverage for threat hunting, phishing detection, enrichment, and blocklist generation | | Update Frequency | Once a day | Once a day | Frequent refreshes improve visibility into emerging threats | | Data Delay | 1-day delay | Same-day data | Lets analysts detect and respond to suspicious newly registered domains sooner | | gTLD Coverage | Partial gTLD coverage | All gTLDs (1215+ gTLDs) | Premium gives much wider visibility across the global gTLD space | | ccTLD Coverage | Not included | Included (372+ ccTLDs) | Critical for catching region-specific phishing, fraud, and brand abuse campaigns | | Historical Access | Included | Included | Both plans support historical lookups and retrospective investigations | | Support | Limited/self-serve | Priority support | Faster help for integrations, data access, and operational issues |

---

Why This Matters

Domain lifecycle changes are strong signals for both security and market analysis.

For Cyber Analysts

| Use Case | Why It Matters | | ------------------------------------- | ------------------------------------------------------------------------------------------------------- | | Phishing Monitoring | Dropped domains can be re-registered and repurposed for phishing, impersonation, or scam infrastructure | | Typosquatting Detection | Expired and dropped domains may resemble brands, products, or internal assets | | Threat Enrichment | Domain churn can support watchlists, scoring pipelines, and blocklist generation | | Infrastructure Recycling Analysis | Lapsed domains may later be reused in malicious campaigns |

For Market Researchers

| Use Case | Why It Matters | | ------------------------------- | ----------------------------------------------------------------------------- | | Category Trend Analysis | Domain churn can reveal contraction or turnover in specific niches | | Brand and Naming Research | Dropped domains help identify keyword demand, naming patterns, and saturation | | Competitive Tracking | Lapsed domains may indicate shutdowns, portfolio cleanup, or rebranding | | Geo and Sector Intelligence | Domain keywords can reveal regional and industry-specific activity shifts |

---

Key Features

Daily updated domain lifecycle data
Separate expired and dropped domain feeds
Publicly accessible and easy to consume
Machine-readable format for automation
Useful for security, OSINT, and market analysis
Historical snapshots for trend comparison

---

File Naming Convention

| Dataset | Example Filename | | --------------- | ------------------------------------------- | | Expired domains | 2026-03-02-free-expired-domains.csv | | Dropped domains | 2026-03-02-free-dropped-domains.csv |

---

Update Schedule

| Feed | Frequency | | --------------- | ---------------------- | | Expired domains | Daily | | Dropped domains | Daily |

Each snapshot is published as a date-stamped file so analysts can compare changes over time.