Questions answered.

An open research platform for measuring the lifecycle of domain names at internet scale. We capture every registered domain under every accessible generic TLD, look up registration, hosting, and link-graph data, and use the result to study patterns, especially domains that get re-registered after expiring.

Academic researchers studying DNS, DNS security, and registry policy; security practitioners who want open data to correlate with their own signals; and open-source contributors who want to improve the pipeline.

No. It's a research platform. Data access is request-based for bona fide research collaboration.

Zone files come from ICANN CZDS (Centralized Zone Data Service). Registration data comes from the per-TLD registry RDAP endpoints via the IANA RDAP bootstrap. Hosting / ASN data comes from ip-api batch lookups for domains whose zones publish A records. Web content is collected on targeted samples.

TLD zone files publish NS records, delegations, not A records. Only a small fraction of domains resolve directly in-zone, and only those yield hosting data through ip-api. Broadening hosting coverage would require live DNS resolution, which is outside the current pipeline.

Stratified random sample of min(5,000, TLD_size). That gives a ±1.4% margin of error for any within-TLD proportion estimate, and small TLDs get fully covered. We can go wider later, the architecture supports it.

Generally no. ccTLDs (.us, .uk, .de, .cn, ...) are managed by national registries and are not part of ICANN CZDS. For those, Certificate Transparency logs, passive-DNS feeds, and public domain lists give partial coverage. Noted as a limitation.

Yes, for bona-fide research collaboration. Contact via the Contact page with your institutional affiliation and a short description of the proposed use. Access terms are consistent with ICANN CZDS.

Not yet. Aggregate analytics surface through the Dashboard page, which refreshes at build time.

The collection and lookup pipeline code is available to collaborators on request. A public release is on the roadmap once the measurement paper lands.

When a domain expires and someone else re-registers it, legitimate sites that still link to that domain now route their users to the new (potentially malicious) owner. The new owner inherits whatever trust the original domain had accumulated, and that inherited trust becomes the attack surface.

By comparing consecutive zone-file snapshots we identify domains that expired and then re-appeared. For those domains we re-collect RDAP + content and compare against their pre-expiration record. Nameserver, registrar, or content-hash changes are strong signals of ownership handover.