Home / Blogs

A New Analysis of the Newest New-GTLDs

As the new-gTLD programme—the ICANN initiative to add a large number of new domain extensions (top-level domains, or TLDs) to the Internet—continues to see ongoing launches of new TLDs, we conduct a new retrospective of the activity landscape of the most recent extensions to have been launched. This new study focuses on all new-gTLDs to have entered their Sunrise or General Available periods since the start of 2023, following a previous overview by Stobbs of the full new-gTLD landscape1.

As of 01-May-2024, there are 20 new such extensions, listed in Table 1, which also shows the total number of domains (N) currently registered across each extension, and the mean entropy of these sets of domains. Domain entropy (measured using the second-level domain name (SLD)—i.e. the part of the domain name to the left of the dot—in each case) provides a measure of the amount of information, or randomness, in the domain name string. Previous studies looking at this parameter have shown that high-entropy domain names (i.e. those typically featuring long, random strings or characters) are often associated with automated domain registrations and fraudulent or malicious use2.

Table 1: Overview of the 20 new-gTLD extensions to have entered Sunrise or General Availability since the start of 20234, 5
TLDSunrise start dateGeneral Availability start dateNMean SLD entropy

Overall, there is no meaningful correlation between the time since launch and the numbers of registered domains (Figure 1), suggesting that the rate of uptake of new registrations varies significantly between the extensions (presumably depending on factors such as availability, cost, and use-case).

Figure 1: Comparison between numbers of registered domains and number of days since start of Sunrise period, for the 20 newest new-gTLDs

The dataset includes a number of extensions previously highlighted as providing significant potential for fraudulent use—specifically .zip, .mov and .box6, which present the possibility for confusion with filename suffixes or brand names. Of these, it may be of concern that .zip has shown such a high rate of uptake. .ing is also noteworthy as the extension with the greatest overall number of registrations. This particular new-gTLD has a number of potential use-cases, given its generic nature as a word suffix, but also due to the fact that it presents the potential for fraudulent or deliberately deceptive use (including as an attack vector for bitsquatting7). Some of the extensions have seen very limited levels of activity to date, including .music8, which has specific application requirements for potential registrants.

No obvious overall trends are apparent from the analysis of domain-name entropy; .box shows the lowest average entropy of all of these extensions, but all of the remainder show mean values in a relatively consistent range between 2.4 and 3.5.

An analysis of the distribution of (SLD) lengths of the registered domain names across these new extensions (Figure 2) also reveals some interesting trends.

Figure 2: Distribution of SLD lengths of registered domain names across the 20 newest new-gTLDs

The most striking feature is the very large peak in numbers of registrations at a SLD length of 32 characters (58,759 domains in total). This same feature has been noted previously in analyses of specific extensions9, and appears often to be associated with visually apparently random SLD strings, comprising probable automated registrations (and potentially concerning use). Indeed, the majority of these 32-character domain names occupy a range of high entropy values (Figure 3) (potentially unsurprisingly, given the string length, but consistent with the SLDs featuring large numbers of distinct characters, rather than comprising more ‘ordered’ domain names).

Figure 3: Distribution of entropy values amongst the set of 32-character SLD domain names

Overall, new-gTLDs have previously been noted as being disproportionately favoured by infringers and showing high levels of abuse of various types10. As a proxy for the overall brand infringement landscape, it is informative to consider the subset of domains across these new extensions with names containing the names of any of the top ten most popular global brands11. In total, there are 427 such domains within the dataset. Many of these do not currently resolve to any significant content (but would warrant further monitoring), or resolve to pages indicating that the sites have been monetised through the inclusion of pay-per-click links or offers of sale of the domain name. A small number also re-direct to the official sites of the brands in question. However, there are instances of active potential brand infringements (Figure 4).

Figure 4: Examples of potential infringements targeting any of the top ten global brands, from the overall dataset (top to bottom: betvisa[.]meme; mcdonalds[.]ing; appleferretai[.]meme)

It is also noteworthy (as referenced in a recent Stobbs article on Web2/Web3 ‘crossover’12) that various brand terms have already been registered on the .box extension, a TLD which offers dual Web2/Web3 functionality. Indeed, tencent.box, cocacola.box. coca-cola.box and mcdonalds.box all resolve to similar live websites displaying content relating to cryptocurrency and NFTs.

Amongst the longest domains in the overall dataset (115 examples with SLD names longer than 32 characters), there is a large group of domains with SLDs of the form ‘qastaff-kw-autotestAAA-170XXXXXXXXXX’ (18 on the .diy TLD, 16 .food, 11 .ing, 16 .lifestyle, 16 .living, 5 .meme). Whilst none currently resolves to any significant content (with the majority displaying Namecheap ‘whois verification pending’ pages), they clearly represent a coordinated set of registrations with potential for subsequent fraudulent or malicious use. There are also a number of domains which seem to serve no obvious purpose other than domain-name ‘collectability’ (as has also been observed in the blockchain domain ecosystem13), with examples including daddaddaddaddaddaddaddaddaddaddaddaddaddaddaddaddaddaddaddaddad.dad, foofoofoofoofoofoofoofoofoofoofoofoofoofoofoofoofoofoofoofoofoo.foo, 000000000000000000000000000000000000000000000000000000000000000.zip, and nothingelsematters-enter-sandman-metallicagirlsjustwannahavefun.zip (all 63 characters in length).

From this overall analysis we see that newly-launched gTLD extensions continue to attract significant volumes of activity, and should be a serious area of focus for brand owners. The relevant considerations cover two main areas: the first is the importance of a proactive brand-protection programme, incorporating the ability to monitor for third-party activity across the new range of extensions and to carry out timely enforcement against identified infringements; the second consideration is the opportunity to register official domains on these new-gTLDs, encompassing both core and tactical domains (for use in association with current or planned future business operations), and defensive registrations held to prevent third-party abuse. In light of the ever-decreasing availability of short memorable domain names across the popular legacy extensions14, new brand owners may wish to explore these new TLDs for their primary website presence. This is particularly relevant given the new round of applications scheduled to launch in 202615—for which a dedicated website (https://newgtldprogram.icann.org/en) has recently been launched by ICANN16. During this new phase, brand owners may even wish to consider to apply to run their own dot-brand extension17, giving them full control over all domains on that TLD, and making the creation of effective infringements by bad actors a much more difficult prospect.

By David Barnett, Brand Protection Strategist at Stobbs

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com