"Domain name management is core to IP protection": David Barnett, Brand Protection Strategist

by Ilona K., it.com

Preventing domain name infringement is a crucial part of any brand strategy. On the sidelines of the London Domain Summit^[1], we interviewed David Barnett, the author of the 'Brand Protection in the Online World' book and Brand Protection Strategist at Stobbs IP, about the interplay between domain and brand management.

it.com Domains: Can you explain the relationship between web domains and branding? How do domains contribute to a brand’s online identity?

David Barnett: Brand protection programmes need to holistically address a range of infringement types, across multiple online channels. Within this picture, domain names play a central role^[2], as branded domain names constitute a more explicit use (or abuse) of IP rights than other Internet content - thereby yielding greater enforcement options. They also carry the greatest potential for customer confusion or fraudulent use such as a convincing phishing site.

Brand protection, as the detection of, and enforcement against, infringing third-party domain names, as well as other content – sits alongside domain name management, as part of an organisation's wider IP management and business administration. 

Domain name management^[3] involves the maintenance of a portfolio of domains, including 'core' domains used in the day-to-day business (such as those used to host the client-facing websites and e-mail infrastructure) and 'tactical' domains. The latter include defensive registrations to avoid them being used by third parties, and the ones intended for future use, for example, for planned brand- or product launches.

In many cases, bad actors will deliberately make use of domain names which appear similar to those of a brand owner's official site in order to construct a deceptive site^[4] and misdirect users. This highlights the importance of domain name considerations in online branding and brand protection.

it.com Domains: Considering the intersection of brand protection and domains - could you share some key insights you gained from your participation in the London Domain Summit? How are these trends shaping the strategies brands use to secure their online presence?

DB: From a brand protection perspective, there were discussions on proposed legislation for dealing with DNS and website abuse, particularly the proposals to extend the definition of 'unfair use' to include 'just' cyber- and typosquatting. Some others were covering domain name disputes, especially the requirements for demonstration of bad faith / abusive registration.

Also of very significant relevance were the discussions on Web3 technologies^[5] (third iteration of the web, defined by open technologies like blockchain and immersive experiences like the metaverse) - particularly blockchain domains. It was great to see the consideration of how domain name collisions (that is, the same domain name being created on multiple blockchains / by multiple providers) can be avoided, and how brand protection might function in this developing ecosystem. 

Brand owners need the same types of defensive registration and brand protection strategies as in the classic Web2 in view of the continuing numbers of infringing domain registrations across Web3. This is particularly true due to Web3 domains allowing the construction of decentralised websites with associated live content and cryptocurrency wallet hosting for accepting and sending payments.

it.com Domains: When it comes to the recent developments in the domain name world, new top-level domains (TLDs) are still in the spotlight. How do these new generic top-level domains (gTLDs), third-level domains, and subdomains impact brand protection efforts? 

DB: Despite the intention of the new gTLD programme to "enhance innovation, competition and consumer choice" - and, by extension, to reduce infringements and build customer clarity - this has not really been the case. New gTLDs have seen relatively poor adoption by official entities, and the new domains have been more extensively seized on by infringers. We have seen a range of infringement types including cybersquatting, brand impersonation, phishing, and malware distribution. 

Many of the new gTLDs have been found to be more affected by infringements^[6] than their previous counterparts, despite the improved enforcement processes in place - in many cases, a reflection of low-cost registrations with lax requirements.

Accordingly, the new gTLD landscape brings increased requirements^[7] to utilise comprehensive brand protection solutions which are able to address the range of new extensions and the different contexts in which brand references can be present. 

it.com Domains: What risks should brands be mindful of when incorporating these domain variations?

DB: We are seeing significant numbers of cases where domain variations are being utilised by bad actors to drive visitors to non-legitimate content. Those range from 'fuzzy' matches to the brand name to exact matches to the official site name but on a different TLD. Subdomain abuse^[8] is a particularly effective way of constructing a deceptive URL, especially when combined with other techniques such as hyphenated brand variations^[9].

Brand infringements make use of a range of brand variations in domain names, including missing, additional or replaced characters (including non-Latin 'homoglyphs' which appear almost identical to their Latin equivalents), or transposed characters. Many of these appear visually similar to the legitimate brand domain names, leading to confusion, whilst others attract web traffic from mistyped web addresses. 

it.com Domains: Subdomains are a close topic to us, as we offer third-level domain names with a benefit of having a domain ending with .com. How do you see the role of it.com Domains and other providers in supporting businesses seeking better brand protection?

DB: Subdomain / third-level domain resellers such as it.com Domains provide a quick and easy opportunity for entities to register distinctive domain names on highly desirable TLDs. In many cases, such service providers can also offer a degree of privacy protection for the subdomain owners. 

For the same reasons, these types of service can also be attractive to infringers. So the service providers have a responsibility to operate robust know-your-customer (KYC) practices, be proactive in screening applications and hosted content for IP infringements, and to be receptive to enforcement requests from third-party brand protection service providers.

it.com Domains: Zooming out a bit - how do you foresee the intersection of artificial intelligence, machine learning, and brand protection evolving in the context of web domains? Are there any emerging technologies that could revolutionise how brands protect their online assets?

DB: Currently AI really presents more questions than answers in the brand protection arena, with open issues including: 

• the nature of content produced by AI (What if it is defamatory or inaccurate? How can dynamic content be monitored? Who owns the rights?); 

• the training datasets (Is IP infringed when tools are trained? What are the cybersecurity risks if tools are trained with company-sensitive information?); 

• the risk of tools being used to generate malware or phishing content.

When it comes to domain names, the question is whether automated tools to suggest suitable domains for registration should incorporate checks to ensure that the suggestions will not infringe protected IP.

However, there are opportunities for AI to be integrated into the next generation of brand monitoring and domain management tools. We can envisage monitoring systems which learn how to evolve their own settings to more accurately filter and prioritise content, and identify trends in infringement patterns.

it.com Domains: Finally, looking ahead, what advice do you have for businesses aiming to enhance their brand protection strategies in the dynamic landscape of web domains? 

DB: The interplay between brand protection (i.e. consideration of third-party content) and domain name management (i.e. consideration of officially owned domains) is likely to remain core to IP protection in the future.

For initiatives such as the launch of new gTLDs, it is necessary to employ a brand protection solution, and brand owners may wish to buy into the associated opportunities more fully, such as through applications for dot-brand TLDs.

Going forward, we should also expect to see AI capabilities increasingly being incorporated into brand monitoring technologies.

References

[1] https://www.summit.london/web/event?eventid=2138597763

[2] https://www.worldtrademarkreview.com/global-guide/anti-counterfeiting-and-online-brand-enforcement/2022/article/creating-cost-effective-domain-name-watching-programme

[3] https://www.linkedin.com/pulse/holistic-brand-fraud-cyber-protection-using-domain-threat-barnett/

[4] https://www.cscdbs.com/en/resources-news/threatening-domains-targeting-top-brands/

[5] https://www.iamstobbs.com/opinion/trends-in-web3-part-1-a-look-at-blockchain-domains

[6] https://op.europa.eu/en/publication-detail/-/publication/7d16c267-7f1f-11ec-8c40-01aa75ed71a1

[7] https://circleid.com/posts/20230117-the-highest-threat-tlds-part-2

[8] https://circleid.com/posts/20220504-the-world-of-the-subdomain

[9] https://www.linkedin.com/pulse/hyphenated-domain-infringements-david-barnett/

This article was first published on 28 September 2023 at:

https://get.it.com/blog/domain-name-management-is-core-to-ip-protection-david-barnett-brand-protection-strategist/

.music to brand owners' ears?

by David Barnett and Richard Ferguson

The .music ('dot-music') TLD (top-level domain, or domain extension) launched on 11-Sep-2023, the latest in a long line of newly-released domain suffixes forming part of the new-gTLD programme which originally commenced in 2012^[1]. Whilst there are now well over 1,000 active new extensions, this new release warrants particular consideration by brand owners operating in the media sector.

The sunrise period for .music, during which brand owners registered with the Trademark Clearing House (TMCH) can apply for new domains, will run from 11-Sep-2023 to 15-Nov-2023^[2]. The general availability phase, where registrations will be open to all entities with a 'music nexus', is scheduled to commence on 10-Apr-2024^[3], following an earlier community phase, open to organisations with registered trademarks.

The .music TLD - dedicated 'for the use of music dissemination and appreciation' - initially received eight applicants by potential registries, ultimately being granted to Registry.MUSIC ('DotMusic, Limited')^[4,5]. Their website states that it will be exclusive to members of the music industry and will offer 'verified domains [with] enhanced safeguards to protect intellectual property'^[6]. 

Other options include access for verified .music domain owners to a music services platform (the 'Music Hub'), for artists, brands and fans to explore opportunities for collaborations. When the Music Hub launches in 2024, services will include Search.MUSIC (a music search engine) and Channels.MUSIC (an automated listing service for targeted promotions).

The past year has seen a flurry of activity in the new-gTLD space, with around a dozen releases in 2023^[7]. With Google Registry launching many of these, and a number of potentially popular new-gTLDs comprising useful extensions like .kids^[8], .zip^[9], .case and .box coming onto the market, it is possible that new-gTLDs could have something of a renaissance. Brand owners are advised to check they are ready to take advantage of the evolving landscape.

For now, organisations with links to the music industry should consider their strategy for brand protection across the new extension, including ensuring that relevant IP is protected - and, where appropriate, registered with the TMCH - and policies are in place for defensive registrations and ongoing domain (and content) monitoring. We should particularly expect to see a ramp-up in registration activity once the general availability phase launches in the spring. 

References

[1] https://tld-list.com/launch-schedule

[2] https://newgtlds.icann.org/en/program-status/sunrise-claims-periods

[3] https://blog.101domain.com/domains/music-domain-launch

[4] https://icannwiki.org/.music

[5] https://www.iana.org/domains/root/db

[6] https://music.us/membership-benefits/

[7] https://newgtlds.icann.org/en/program-status/delegated-strings

[8] https://www.iamstobbs.com/opinion/heres-looking-at-you-.kids-a-new-generic-top-level-domain-not-to-kid-around-with

[9] https://www.iamstobbs.com/opinion/un-.zip-ping-and-un-.box-ing-the-risks-associated-with-new-tlds

This article was first published on 25 September 2023 at:

https://www.iamstobbs.com/opinion/music-to-brand-owners-ears

Wilko: a target for scams following administration

by David Barnett and Richard Ferguson

Introduction

In August 2023, the UK high-street retailer Wilko Limited (formerly Wilkinson) entered administration, ultimately leading to store closures and selloffs, and the acquisition by The Range of the IP rights to the Wilko brand and website^[1]. Shortly after the start of the administration period, reports began to emerge of a range of brand-related scams, including fake Wilko-branded websites offering branded products at heavily discounted prices^[2]. Similar or related scams were also observed on social media, particularly Facebook^[3], resulting in the requirement for the administrators to launch a campaign of enforcement actions.

These reports are perhaps unsurprising in view of previous studies which have found that high-profile news stories often serve as the trigger for spikes in related infringements and scams, particularly where specific brands are concerned and customers can be targeted^[4].

In this article, we present the results of some simple analyses to determine the scale of the issues relating to the Wilko brand immediately following the closure of its stores^[5].

Findings

1. Manual searches

As of mid-September 2023, a number of active Wilko-related scams were easily identifiable via simple searches. As shown in Figure 1, the domain wilkoclosing[.]com was found to resolve to a live, Wilko-branded e-commerce site. The site had been live for long enough to have been indexed by search engines, and was returned at position 3 in Google in response to a search for 'Wilko clearance sale', and at position 4 for 'Wilko clearance bargains'. The domain was registered with privacy-protected contact details, giving the registrant location as Henan, China.

Figure 1: An example of a live fake Wilko site (19-Sep-2023)

On Facebook, similar searches yielded multiple reports of Wilko-related scams (Figure 2).

Figure 2: Reported instances of Wilko-related scams on Facebook (19-Sep-2023)

In the first instance, the advertisement linked to a website at willkofficial[.]com [sic], which was no longer live, but generated a browser warning of deceptive content.

A number of similar scam-related pages were also found still to be active on Facebook on the same date, some of which included clearly unofficial contact details (e.g. using webmail e-mail addresses) and/or linked to fake external websites (Figures 3 and 4).

Figure 3: Examples of fake Wilko-related pages on Facebook (20-Sep-2023)

Figure 4: Examples of standalone websites linked-to from pages shown in Figure 3

 - (i) vuoriclothingo[.]com, a fake Wilko-branded site;

 - (ii) pneial[.]com, a generic e-commerce template website, possibly indicating that the scam site is no longer active, or representing a case of traffic misdirection

It was also possible to find instances of Wilko-related e-commerce mobile apps on standalone app-download ('APK') sites. Whilst some such examples may be instances of the distribution of official apps, sites of this type are worthy of close monitoring, since they tend to incorporate less quality-control than the mainstream app stores, meaning the downloaded content applications may be unofficial, out-of-date (and lacking appropriate security patches) or associated with malicious content.

Figure 5: Example of a Wilko-related app identified on a standalone app-download site (20-Sep-2023)

2. Deep-dive domain analysis

We next considered the set of all domains containing the string 'wilko' (or 'willko'), based on zone-file analysis. Following the removal of all obviously non-relevant domains (e.g. those containing strings such as 'willkommen', names such as 'wilkowiecki' or 'wilkosz', or where the string is otherwise clearly being used as a personal name), this yielded a dataset of 772 potentially relevant names. We then further removed any which appeared explicitly to be official (i.e. owned by Wilko, based on registrant or registrar information), leaving a remaining dataset of 672 third-party domain names.

Of these, 430 had domain registration dates identifiable via an automated whois look-up. By aggregating the monthly numbers of registrations, a large spike in activity beginning in August 2023 was readily apparent (noting that the analysis was carried out in mid-September, and the full number for September was likely to increase).

Figure 6: Monthly numbers of registrations of 'wilko' (or 'willko') domains, since the start of 2020

332 of the 672 domains were found to return some sort of live website response (i.e. an HTTP status code of 200) although, of the remaining 340, 131 (39%) were found to have active MX (mail exchange) records, indicating that they have been configured to be able to send and receive e-mails and could therefore potentially be being utilised for phishing activity. Many of the inactive domains had names featuring keywords (such as 'clearance', 'offers', 'official', 'outlet' or 'sale') indicating that they may have been registered with the intention of being used for scams.

Of the 127 domains explicitly identified as having been registered since the start of August 2023, 67 (53%) were found to resolve or re-direct to active fake Wilko sites, with a further 23 (18%) featuring browser warnings of deceptive content or resolving to pages stating that the domains have been suspended. A number of additional examples were found to resolve to alternative content, such as third-party e-commerce or gambling-related sites, thereby potentially comprising instances of misdirection. Across the full dataset, a total of 98 domains were found to feature indicators of current or past scam-related content (Figure 7).

Figure 7: Examples from the dataset of live fake Wilko websites (domain names: 
wilkossky[.]com; wilkobigsales[.]com; 

wilkooutletuk[.]com; wilkobestsale[.]com; 

bigsalebywilko[.]com; wilkosense[.]com)

Conclusions

The findings presented in this article illustrate that, where brands find themselves in the media, a spike in infringements and scams may not be far behind. The scale of the issue in this case - with almost 100 brand-related fraudulent domains identified for Wilko in mid-September - highlights the general importance to brand owners of a collaborative programme of domain name management and brand protection (monitoring plus enforcement) to avoid losses and protect customers.

In addition, some of the specific observations in this case raise some highly relevant general points about the way in which scams can be manifested:

• Scams can operate over multiple channels (domain names, general Internet content, social media, mobile apps, etc.) and are often interconnected, highlighting the importance of a holistic approach to monitoring.

• Fake websites can be hosted on brand-specific or general domain names, driving a requirement to combine domain-name monitoring (zone-file analysis, etc.) with alternative detection approaches.

• In many cases, the scam content may make use of brand variations or misspellings, so as to drive customer confusion and/or evade detection, so it is important to utilise a monitoring technology able to address this.

• Timely enforcement is key. If infringements are allowed to remain live long enough to be indexed by search engines, this can greatly increase their visibility and exposure.

• Often, infringing sites will deliberately be hosted in jurisdictions or through Internet service providers who are notoriously non-compliant to takedown requests, showing the importance of the use of a range of enforcement techniques.

The post-pandemic retail sector in the UK has seen several high-street brands enter administration, with the IP often carved out from any bricks-and-mortar or plant-and-machinery (e.g. Made.com, Paperchase and Joules). These deals can happen quickly and sometimes be a fire sale. Regardless, brand protection should not be the preserve of a company's long-standing brands, and brand protection enquiries and online threat analysis should form part of any due diligence process. After all, if a brand's IP is valuable enough to buy, it should be valuable enough to protect from the outset.

References

[1] https://en.wikipedia.org/wiki/Wilko

[2] https://www.bbc.co.uk/news/business-66580724

[3] https://malwaretips.com/blogs/wilko-clearance-sale-up-to-90-off/

[4] https://www.linkedin.com/pulse/four-new-case-studies-domain-registration-activity-spikes-barnett/

[5] All observations and statistics are correct as of w/b 18-Sep-2023

This article was first published on 21 September 2023 at:

https://www.iamstobbs.com/opinion/wilko-a-target-for-scams-following-administration

The randomest domain names: entropy as an indicator of TLD threat level

by David Barnett and Richard Ferguson

Introduction

Domain registrations and abuse have had something of a renaissance in recent years, with increases in the numbers of people working from home and shopping online giving rise to countless opportunities for scammers. However, with almost 1,600^[1] different top-level domains (TLDs, or domain extensions) to choose from, it can be difficult for brand owners to identify which TLDs to register across - indeed, the annual cost of owning a domain portfolio can soon spiral. Beyond the simple consideration of which TLDs are the 'best fit' for a brand's area of interest based on name alone (e.g. .shop for an online retailer), a statistical analysis of the most extensively abused TLDs can also provide further insights.

This post analyses a wide set of TLDs to assess whether patterns in the length and randomness of domain names shows any correlation with other independent estimates of the level of threat associated with different domain extensions.

Primer

The universe of registered domains includes large numbers in which the domain name consists just of long, apparently random strings of characters. Several previous studies have suggested that these types of domains are often associated with fraudulent or malicious activity, such as phishing (where the domains can be used in the generation of deceptive URLs) or the distribution of malware. In many cases, these domain names arise using automated domain name generation algorithms and associated automatic registrations, by bad actors^[2,3].

The existence of domains potentially set up for underhand purposes can be analysed through consideration of a parameter known as Shannon entropy, which provides a measure of the amount of information stored in a string of characters - broadly, long domain names, and/or those containing large numbers of distinct characters (such as the random domain names discussed here), will have high entropy^[4].

The entropy of domains differs between TLDs, with some showing a markedly greater frequency of long, random domain names than others. For example, in a previous blog post^[5], we discussed how the set of new .zip domains contains many more high-entropy (long, random) names than other TLDs. All other factors being equal, this might suggest that TLDs such as .zip are more prone to abuse by online bad actors.

Analysis

For the study, we consider the set of domain zone files published by ICANN^[6], which covers gTLDs (.com, .net, etc.) and new-gTLDs (.top, .xyz, .online, etc.). In total, the dataset covers approximately 1,050 TLDs. For each TLD, the mean domain name entropy value, across all domains registered with that extension, is calculated (noting that small TLDs - where fewer than 100 domains are registered - have been excluded from the analysis, as the results are deemed to be of lower significance; this leaves a dataset of 576 TLDs). The results are shown in Table 1 and Figures 1 and 2.

TLD	Mean entropy	N
bayern	3.578820	60,318
crs	3.556059	1,144
man	3.548192	361
nrw	3.543092	36,313
xn--mgbca7dzdo	3.533396	117
gov	3.524858	19,542
goog	3.470524	543
med	3.461878	69,735
page	3.461800	102,978
eus	3.444771	27,950
mov	3.419044	6,724
esq	3.417947	3,565
amsterdam	3.416103	41,989
rsvp	3.415646	4,572
channel	3.408561	631
swiss	3.404208	37,801
dev	3.396982	769,971
app	3.394302	1,274,223
abudhabi	3.390945	2,060
zip	3.389665	30,223
google	3.380865	318
top	3.362711	4,512,204
komatsu	3.359931	133
day	3.353672	20,345
kyoto	3.326108	2,042
nexus	3.323493	2,250
how	3.320968	7,987
radio	3.319183	5,793
soy	3.317902	3,467
phd	3.312976	2,793

Table 1: Top 30 TLDs with greatest mean domain name entropy (N = no. of domains in dataset)

Figure 1: Top 30 TLDs with greatest mean domain name entropy

Figure 2: Bottom 30 TLDs by mean domain name entropy

The highest-entropy TLDs can indeed be seen through visual inspection to contain disproportionately high numbers of long, random domain names, with significant numbers of 32-character examples (Figure 3). The reason for this exact number (compared with the absolute maximum possible number for a SLD^[7] of 63 characters) is not clear; however, it was the greatest length historically considered to be 'good practice'^[8] for a domain name and can (depending on usage and provider) be a value beyond which functionality limitations may apply. The value may also be related to the type of algorithm(s) used to automatically generate the domain names, or the functionality available through the registrars utilised.

The alphabetical list of .bayern domains (the highest-entropy TLD in the dataset), for example, begins:

000.bayern
0008cp8d8h7jgqmddh0kciot4gousac0.bayern
002s0ldfq8l8uo0qr63fbtnjirgc2058.bayern
003v242nno6b91ppgtfr54rc820dvkqu.bayern
0057tcga35h7en9cro4vtbqr2sual0ju.bayern
0070fq4boldtihbvangusggq5r4jc8u7.bayern
0077bcqmb64p5odoa0pfhedmuv8nrdo9.bayern
007dqkp5jvh8qn7b8m5i3tlrgcm3t5cl.bayern
007dv5edpr3rgpam4lnlq6v6147hdbub.bayern
0081mlfvlec3qj5m508633l9sjvbsiph.bayern
00846bmbh82ovq0n1kr78jc97c3dhh7e.bayern
009a705ptm7dfi1uk37kfmkp5dqec1lo.bayern
00a71os7ja4mrjcg32hvs4tcgephthpr.bayern
00amv24rasudpcoj4ddniqujf4qd00ha.bayern
00b8jv3gs972inad2cipm20gqvohmn0v.bayern
00bu3lvu54afr3egplojrpamqu4onhck.bayern
00clcm817v8sra5aqpcru0u8t5lrcjti.bayern
00dfkkjfmhpqll6ladjs3tqlpaqhuijc.bayern
00espnkvp4ohdq7dm35o7v4po4rpm4bp.bayern
00f2n0s19mqn3s34ij3rpnju85arfth8.bayern

Figure 3: Numbers of .bayern domains, by domain name (SLD) length

It is also instructive to compare the mean entropy for each TLD with previous estimates of the general level of risk associated with that TLD, considering factors such as the frequency of their use in phishing, spam, and malware. In one such study^[9], TLDs were allocated a normalised 'threat frequency' score (between 0 and 1), based on threat statistics taken from a range of independent datasets. Figure 4 shows a comparison between the mean entropy of the domains for each TLD, and the threat score from this previous study, for all TLDs present in both datasets.

Figure 4: Comparison between mean domain name entropy (this study) and normalised threat frequency score (previous study) for each TLD

Whilst there is no strong correlation between the two datasets (though there is a weak positive correlation, with a coefficient of +0.07), there is a suggestion that the highest-entropy TLDs (those with a mean entropy value of > 3.2) do tend to sit at the higher end of the risk spectrum (threat score > approx. 0.2). This is at least suggestive of some self-consistency in terms of the assertion that higher-entropy domain names (and the TLDs with which they are more frequently associated) tend to be more likely to be linked to a range of classes of fraudulent and malicious activity.

Conclusions

Previous research suggests that long, random (high entropy) domain names are more likely to associated with automated algorithmic registrations, and to be used for malicious activity. It is also noteworthy that many of the most suspicious domain names are (exactly) 32 characters in length.

Certain domain extensions are associated with greater proportions of high entropy domains, and the top 30 TLDs (by mean entropy) includes a number of popular extensions like .top (4.5m domains), .app (1.3m) and .page (103k). The additional finding that many of these same TLDs are generally found more frequently to be associated with phishing, spam, and malware is suggestive of a correspondence between mean domain entropy and overall level of risk for a particular TLD.

Quantitative studies such as this can help inform and validate brand protection strategies, especially when overlaid with qualitative analysis (such as consideration of what string the domain extension itself actually is, in terms of a keyword or description). This assessment provides guidance not just on which domains to register, but also which domain extensions warrant attention when monitoring, and prioritisation when enforcing.  The Internet isn’t getting any smaller, but combining metrics can help with zoning in on targets.

References

[1] https://www.iana.org/domains/root/db

[2] https://circleid.com/posts/20230703-an-overview-of-the-concept-and-use-of-domain-name-entropy

[3] https://www.splunk.com/en_us/blog/security/random-words-on-entropy-and-dns.html

[4] https://www.linkedin.com/pulse/investigating-use-domain-name-entropy-clustering-results-barnett/

[5] https://www.iamstobbs.com/opinion/un-.zip-ping-and-un-.box-ing-the-risks-associated-with-new-tlds

[6] https://czds.icann.org/home

[7] The SLD (second-level domain name) is the part of the domain name before the dot

[8] https://docs.oracle.com/cd/E19683-01/806-4077/6jd6blbdi/index.html

[9] https://circleid.com/posts/20230117-the-highest-threat-tlds-part-2

This article was first published on 11 September 2023 at:

https://www.iamstobbs.com/opinion/the-randomest-domain-names-entropy-as-an-indicator-of-tld-threat-level