As the new-gTLD programme—the ICANN initiative to add a large number of new domain extensions (top-level domains, or TLDs) to the Internet—continues to see ongoing launches of new TLDs, we conduct a new retrospective of the activity landscape of the most recent extensions to have been launched. This new study focuses on all new-gTLDs to have entered their Sunrise or General Available periods since the start of 2023, following a previous overview by Stobbs of the full new-gTLD landscape¹.

As of 01-May-2024, there are 20 new such extensions, listed in Table 1, which also shows the total number of domains (N) currently registered across each extension, and the mean entropy of these sets of domains. Domain entropy (measured using the second-level domain name (SLD)—i.e. the part of the domain name to the left of the dot—in each case) provides a measure of the amount of information, or randomness, in the domain name string. Previous studies looking at this parameter have shown that high-entropy domain names (i.e. those typically featuring long, random strings or characters) are often associated with automated domain registrations and fraudulent or malicious use².

Overall, there is no meaningful correlation between the time since launch and the numbers of registered domains (Figure 1), suggesting that the rate of uptake of new registrations varies significantly between the extensions (presumably depending on factors such as availability, cost, and use-case).

The dataset includes a number of extensions previously highlighted as providing significant potential for fraudulent use—specifically .zip, .mov and .box⁶, which present the possibility for confusion with filename suffixes or brand names. Of these, it may be of concern that .zip has shown such a high rate of uptake. .ing is also noteworthy as the extension with the greatest overall number of registrations. This particular new-gTLD has a number of potential use-cases, given its generic nature as a word suffix, but also due to the fact that it presents the potential for fraudulent or deliberately deceptive use (including as an attack vector for bitsquatting⁷). Some of the extensions have seen very limited levels of activity to date, including .music⁸, which has specific application requirements for potential registrants.

No obvious overall trends are apparent from the analysis of domain-name entropy; .box shows the lowest average entropy of all of these extensions, but all of the remainder show mean values in a relatively consistent range between 2.4 and 3.5.

An analysis of the distribution of (SLD) lengths of the registered domain names across these new extensions (Figure 2) also reveals some interesting trends.

The most striking feature is the very large peak in numbers of registrations at a SLD length of 32 characters (58,759 domains in total). This same feature has been noted previously in analyses of specific extensions⁹, and appears often to be associated with visually apparently random SLD strings, comprising probable automated registrations (and potentially concerning use). Indeed, the majority of these 32-character domain names occupy a range of high entropy values (Figure 3) (potentially unsurprisingly, given the string length, but consistent with the SLDs featuring large numbers of distinct characters, rather than comprising more ‘ordered’ domain names).

Overall, new-gTLDs have previously been noted as being disproportionately favoured by infringers and showing high levels of abuse of various types¹⁰. As a proxy for the overall brand infringement landscape, it is informative to consider the subset of domains across these new extensions with names containing the names of any of the top ten most popular global brands¹¹. In total, there are 427 such domains within the dataset. Many of these do not currently resolve to any significant content (but would warrant further monitoring), or resolve to pages indicating that the sites have been monetised through the inclusion of pay-per-click links or offers of sale of the domain name. A small number also re-direct to the official sites of the brands in question. However, there are instances of active potential brand infringements (Figure 4).

It is also noteworthy (as referenced in a recent Stobbs article on Web2/Web3 ‘crossover’¹²) that various brand terms have already been registered on the .box extension, a TLD which offers dual Web2/Web3 functionality. Indeed, tencent.box, cocacola.box. coca-cola.box and mcdonalds.box all resolve to similar live websites displaying content relating to cryptocurrency and NFTs.

Amongst the longest domains in the overall dataset (115 examples with SLD names longer than 32 characters), there is a large group of domains with SLDs of the form ‘qastaff-kw-autotestAAA-170XXXXXXXXXX’ (18 on the .diy TLD, 16 .food, 11 .ing, 16 .lifestyle, 16 .living, 5 .meme). Whilst none currently resolves to any significant content (with the majority displaying Namecheap ‘whois verification pending’ pages), they clearly represent a coordinated set of registrations with potential for subsequent fraudulent or malicious use. There are also a number of domains which seem to serve no obvious purpose other than domain-name ‘collectability’ (as has also been observed in the blockchain domain ecosystem¹³), with examples including daddaddaddaddaddaddaddaddaddaddaddaddaddaddaddaddaddaddaddaddad.dad, foofoofoofoofoofoofoofoofoofoofoofoofoofoofoofoofoofoofoofoofoo.foo, 000000000000000000000000000000000000000000000000000000000000000.zip, and nothingelsematters-enter-sandman-metallicagirlsjustwannahavefun.zip (all 63 characters in length).

From this overall analysis we see that newly-launched gTLD extensions continue to attract significant volumes of activity, and should be a serious area of focus for brand owners. The relevant considerations cover two main areas: the first is the importance of a proactive brand-protection programme, incorporating the ability to monitor for third-party activity across the new range of extensions and to carry out timely enforcement against identified infringements; the second consideration is the opportunity to register official domains on these new-gTLDs, encompassing both core and tactical domains (for use in association with current or planned future business operations), and defensive registrations held to prevent third-party abuse. In light of the ever-decreasing availability of short memorable domain names across the popular legacy extensions¹⁴, new brand owners may wish to explore these new TLDs for their primary website presence. This is particularly relevant given the new round of applications scheduled to launch in 2026¹⁵—for which a dedicated website (https://newgtldprogram.icann.org/en) has recently been launched by ICANN¹⁶. During this new phase, brand owners may even wish to consider to apply to run their own dot-brand extension¹⁷, giving them full control over all domains on that TLD, and making the creation of effective infringements by bad actors a much more difficult prospect.