David Barnett's Brand Protection Articles: 2024

Thursday, 26 December 2024

Brand Protection Data is (Still) Beautiful - Part 1: 'Year' domains

Introduction

My recent study of new-year-related domain names^[1] highlighted the case of 2025[.]com, registered on 23-Aug-1998 (the oldest '2025'-specific .com domain currently registered). The domain is also an example of a numeric name, the subject of another recent study^[2]. 'Year' domain names - that is, where the SLD (or second-level domain, i.e. the part of the domain name to the left of the dot) string is simply a four-digit number in the form of a year in the modern era, can be highly attractive from the point of view of memorability, use-cases, search-engine prominence and tradability, with (for example) 2025[.]org resolving to a Sedo domain marketplace page offering the sale of the domain name for $1M.

In this study, I consider the sets of 200 domain names with SLDs between '1900' and '2099', across popular domain extensions (top-level domains, or TLDs), to identify any trends and patterns in the registrations.

Analysis

The analysis considers the 'big five' legacy TLDs (that is, .com, .net, .biz, .org and .info), for which comprehensive information is available, both from the point of view of zone-file data (though this is not strictly necessary in this study, due to the fact that the SLDs are defined in advance) and domain registration data from automated whois look-ups. It is worth noting that all 1,000 possible domain names within the dataset are already taken, with none available for registration.

Figure 1 shows the registration dates for each of the 200 .com examples, as a function of the SLD (i.e. the year string). The domains were registered over a period between 13-Jan-1995 (2020[.]com) and 28-Jul-2010 (2038[.]com) - noting that these are the most recent registration dates, and some of the names may have been registered previously and subsequently allowed to lapse. 2038[.]com, for example, actually has a registration history (based on cached historical records) dating back to 22-May-1998.

Figure 1: (Most recent) registration (i.e. creation) dates for the 200 .com 'year' domains in the dataset

The next point to note is that groups of potentially related registrations appear on the graph as horizontal 'clusters' (i.e. similarly named domains appearing at identical or similar dates). For example, two obvious such groups are:

2081[.]com, 2082[.]com, 2083[.]com, 2085[.]com, 2086[.]com, 2087[.]com, 2089[.]com, 2093[.]com, 2094[.]com, 2098[.]com, 2096[.]com - all registered on 17 and 18-Nov-1999

2034[.]com, 2037[.]com, 2041[.]com, 2043[.]com, 2044[.]com, 2046[.]com, 2047[.]com, 2049[.]com, 2051[.]com, 2052[.]com, 2053[.]com, 2054[.]com, 2055[.]com, 2056[.]com, 2057[.]com, 2065[.]com, 2066[.]com - all registered between 09 and 11-Dec-1999

Like many domains in the post-GDPR world (and as remarked in my recent article on 'dark' whois records^[3]), the whois details for these domains are almost all essentially entirely redacted, meaning other factors such as commonalities in registration dates (as discussed here) and other factors, such as the registrar - and historical records, as discussed below - are necessary in identifying probable clusters of associated registrations. Nevertheless, in cases of potential brand infringements or other fraudulent use (for example), this exercise can be key in identifying serial infringers, demonstrating bad-faith activity and allowing bulk takedowns.

The analysis can then be widened out by adding in the data for the other five TLDs, as shown in Figure 2.

Figure 2: (Most recent) registration (i.e. creation) dates for the 1,000 'year' domains in the dataset (covering all five TLDs considered)

Apart from the high-level trends (that the .com and .net names have, in general, been (most recently) registered considerably longer ago than (say) the .biz and .info names), other groups of registrations which are likely linked to each other become apparent. With the data plotted in this format, registrations covering similar SLDs at similar or identical dates, even when registered across different TLDs, appear as physical clusters on the plot.

What is perhaps less straightforward to see in this format is the (arguably most significant) case where the same SLD is registered across different TLDs on the same date (in which case the data points will overlay each other). These cases can be explicitly identified by visualising the data in a different way: for each SLD, there are five TLDs (or distinct domain names) (.com, .net, .biz, .org, .info) being considered, and therefore ten pairs of domains (net/com, biz/com, org/com, info/com, biz/net, org/net, info/net, org/biz, info/biz, info/org) for which the registration dates are to be compared. Appendix A shows the intervals (in days) between the registrations of the same SLD for each of the ten pairs of TLDs. The simplest way of drawing insights from the data is by highlighting all cases where the interval is less than a certain threshold (in this case, 7 days) - i.e. where the domains SLD.TLD1 and SLD.TLD2 were registered less than a week apart.

From this analysis, we can widen out the second of the two potential clusters listed above (for example) to include non-.com examples (Table 1).

* Those domains least likely to be connected to the remainder of the cluster

Table 1: Registration details for a potential cluster of associated registrations

If the associated sites represented some sort of infringement requiring enforcement, in many cases it may be helpful to uncover 'real-world' contact details for the actual domain owner(s). Possible ways of achieving this objective may be to launch some sort of domain dispute (though this can be slow and costly) or through an unmasking request to (say) the registrar (though this typically requires proof of a breach of terms and conditions, and registrars differ markedly in their levels of compliance). It is often more efficient to use an open-source intelligence (OSINT) investigation approach, which can include analysis of the current or cached historical content of the websites in question, or analysis of cached whois records. In many cases, whois records yielded richer information prior to the introduction of GDPR in 2018 and - given in these cases that the domains have been continuously registered since December 1999 - contact details from any point subsequent to this date may be associated with the current owner. For 2034[.]com (for example), the following historical details are given:

By following these threads across the other domains, a deeper view of the cluster can be ascertained. For example, the earliest of the three e-mail addresses listed above appears in the historical whois records of 80 domains in total - including a number of additional numeric domains - giving an overview of the owner's portfolio (Appendix B). One of these appears to be the owner's personal website; it is not currently active, but a cached view from 2002 from archive.org^[4] includes a range of pieces of personal information (Figure 3).

Figure 3: A historical view of the website at kylecrothers[.]com

Appendix A: Intervals (in days) between the registration of the same SLD across different TLDs (for each of the ten TLD pairs under consideration)

Instances where this value is less than 7 days are highlighted in red.

Appendix B: Domains where kyle_crothers[at]bigfoot.com appears in the historical whois record

Domain	Created	Registrar
1087[.]com	08-Dec-1999	GoDaddy.com, LLC
1096[.]com	11-Jan-2009	GoDaddy.com, LLC
1125[.]com	09-Dec-1999	Name.com, Inc.
1224[.]com	09-Dec-1999	Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn)
1650[.]com	13-Dec-1999	eName Technology Co.,Ltd.
1772[.]com	13-Dec-1999	eName Technology Co.,Ltd.
1889[.]com	09-Dec-1999	GoDaddy.com, LLC
1908[.]com	08-Dec-1999	GoDaddy.com, LLC
1914[.]com	09-Dec-1999	Name.com, Inc.
1924[.]com	09-Dec-1999	eName Technology Co.,Ltd.
2026[.]net	13-Dec-1999	GoDaddy.com, LLC
2032[.]net	13-Dec-1999	GoDaddy.com, LLC
2034[.]com	08-Dec-1999	GoDaddy.com, LLC
2034[.]net	10-Dec-1999	GoDaddy.com, LLC
2037[.]com	09-Dec-1999	GoDaddy.com, LLC
2041[.]com	08-Dec-1999	GoDaddy.com, LLC
2043[.]com	08-Dec-1999	GoDaddy.com, LLC
2044[.]com	08-Dec-1999	GoDaddy.com, LLC
2044[.]net	10-Dec-1999	GoDaddy.com, LLC
2046[.]com	09-Dec-1999	Name.com, Inc.
2047[.]com	08-Dec-1999	GoDaddy.com, LLC
2049[.]com	10-Dec-1999	GoDaddy.com, LLC
2051[.]com	10-Dec-1999	GoDaddy.com, LLC
2052[.]com	10-Dec-1999	GoDaddy.com, LLC
2052[.]net	14-Dec-1999	GoDaddy.com, LLC
2053[.]com	10-Dec-1999	GoDaddy.com, LLC
2054[.]com	10-Dec-1999	GoDaddy.com, LLC
2054[.]net	10-Dec-1999	GoDaddy.com, LLC
2055[.]com	10-Dec-1999	GoDaddy.com, LLC
2055[.]net	10-Dec-1999	GoDaddy.com, LLC
2056[.]com	10-Dec-1999	GoDaddy.com, LLC
2056[.]net	10-Dec-1999	GoDaddy.com, LLC
2057[.]com	10-Dec-1999	GoDaddy.com, LLC
24-7admin[.]com	18-Oct-2018	NameSilo, LLC
2772[.]com	10-Dec-1999	Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn)
30000[.]com	14-Dec-1999	eName Technology Co.,Ltd.
3773[.]com	09-Dec-1999	GoDaddy.com, LLC
40000[.]com	14-Dec-1999	eName Technology Co.,Ltd.
4010[.]com	08-Dec-1999	Deutsche Telekom AG
4020[.]com	13-Dec-1999	Squarespace Domains II LLC
5010[.]com	01-Sep-1999	GoDaddy.com, LLC
5025[.]com	11-Dec-1999	Name.com, Inc.
6010[.]com	08-Dec-1999	GoDaddy.com, LLC
6050[.]com	13-Dec-1999	GoDaddy.com, LLC
7010[.]com	08-Dec-1999	GoDaddy.com, LLC
8010[.]com	08-Dec-1999	eName Technology Co.,Ltd.
8050[.]com	13-Dec-1999	GoDaddy.com, LLC
barfface[.]com	08-Dec-1999	GoDaddy.com, LLC
bigjoke[.]com	16-Dec-1999	GoDaddy.com, LLC
crothers[.]org	24-Feb-2015	GoDaddy.com, LLC
e2011[.]com	14-Jan-2000	NameSilo, LLC
e2012[.]com	14-Jan-2000	GoDaddy.com, LLC
e2015[.]com	14-Jan-2000	GoDaddy.com, LLC
geekslacker[.]com	18-Dec-1999	GoDaddy.com, LLC
greenlobster[.]com	08-Jun-2000	GoDaddy.com, LLC
i2011[.]com	14-Jan-2000	NameSilo, LLC
i2012[.]com	14-Jan-2000	GoDaddy.com, LLC
i2014[.]com	10-Mar-2000	GoDaddy.com, LLC
i2015[.]com	14-Jan-2000	GoDaddy.com, LLC
kyle-crothers[.]com	08-Dec-1999	godaddy.com, llc
kylecrothers[.]com	09-Dec-1999	GoDaddy.com, LLC
lawson-techs[.]com	24-Aug-1999	godaddy.com, llc
lawsonadmin[.]com	15-Aug-2000	GoDaddy.com, LLC
lawsonadmin[.]net	28-Sep-2000	GO DADDY SOFTWARE INC
lawsonadmin[.]org	28-Sep-2000	GO DADDY SOFTWARE INC
lawsonexperts[.]com	03-Jan-2001	GoDaddy.com, LLC
lawsonexperts[.]net	23-Mar-2017	RJG VENTURES, L.L.C
lawsonpeople[.]com	16-Mar-2001	GoDaddy.com, LLC
lawsonpeople[.]net	16-Mar-2001	GoDaddy.com, LLC
lawsonrecruiting[.]com	16-Mar-2001	GoDaddy.com, LLC
lawsonrecruiting[.]net	16-Mar-2001	GoDaddy.com, LLC
powermodem[.]com	14-Dec-1999	GoDaddy.com, LLC
powermodems[.]com	14-Dec-1999	GoDaddy.com, LLC
quickwires[.]com	16-Dec-1999	GoDaddy.com, LLC
realtx[.]net	10-Dec-1999	GoDaddy.com, LLC
stefco[.]com	06-Dec-1995	Squarespace Domains II LLC
streetyacht[.]com	29-Nov-2013	TurnCommerce, Inc. DBA NameBright.com
streetyachts[.]com	29-Nov-2019	TurnCommerce, Inc. DBA NameBright.com
tourneyrank[.]com	03-Apr-2021	Gname.com Pte. Ltd.
tournyrank[.]com	30-Aug-2006	godaddy.com, llc

References

[1] https://www.iamstobbs.com/opinion/christmas-and-new-year-brand-protection-trends-new-year-domain-names

[2] https://www.iamstobbs.com/opinion/the-universe-of-numeric-domain-names

[3] 'It's a dark whois world' (link TBC)

[4] https://web.archive.org/web/20020604060934/http://kylecrothers.com/

This article was first published on 26 December 2024 at:

https://www.linkedin.com/pulse/brand-protection-data-still-beautiful-part-1-year-domains-barnett-juwhe/

Tuesday, 24 December 2024

Brand Protection Data is Beautiful

Introduction

In the run-up to the forthcoming publication of my new book, 'Patterns in Brand Monitoring: A Scientific Approach to Brand Protection Analysis', I conduct a retrospective overview of a series of brand protection analysis case studies involving visualisations of a range of types of data.

Data analysis and visualisation can have a number of applications in brand protection, including: the identification of trends and patterns of activity and information relating to new or emerging areas of concern; providing insights into serial or high-activity bad actors or the associated focuses of infringing activity, thereby allowing prioritised monitoring or enforcement initiatives with greater efficiency; clustering together related findings and collating evidence of bad-faith activity; determining the financial impacts of intellectual property crime and allowing return-on-investment analyses; and benchmarking brands against their peers.

Data visualisation case studies

1. Profiling a scam package-tracking website^[1,2]

This case study involves the profiling of a single central scam website associated with a large, coordinated brand impersonation attack targeting large numbers of well-known brands, using many thousands of lookalike sites. The scam website solicited for payments, purportedly to authorise the delivery of items ordered through the lookalike sites, utilising a range of personalised, recipient-specific pages, with URLs differing from each other only by the numeric string (the 'ID-number') at the end of each link.

Figure 1.1: Heat map showing the total numbers of active scam pages in each 'sub-block' of 50 adjacent ID-numbers (with darker shades indicating greater utilisation of the available set of ID-numbers), for the first block of 100,000 possible ID-numbers

Figure 1.2: Daily mean payment requested per individual scam page, during the full duration of the period of use of the scam site

Figure 1.3: 'Timeline' view showing the number of pages on which each of the top 80 overall most frequently used e-mail addresses (obfuscated) was utilised, within each calendar month

2. The GameStop saga^[3]

This case study provides an illustration of how high-profile real-world events can trigger associated spikes in related infringements, by bad actors looking to take advantage of increased levels of interest and search volumes. The event in question was the Reddit campaign to boost the share price of US retailer GameStop in January 2021, with the study focusing on the daily numbers of brand-related domain registration in the period surrounding the campaign. The resulting analysis showed how the numbers of registrations tracked the company's share price extremely closely.

Figure 2.1: Daily numbers of registrations of domain names containing 'gamestop', compared with the daily high share price for the organisation

3. Domain-name availability^[4,5]

This case study looks to quantify the observation that the availability of short, memorable, unregistered domain names across popular extensions (TLDs) is increasingly running low, a trend which is pushing brand owners towards the use of novel or invented brand names, alternative TLDs, dot-brands, or other technologies such as blockchain domains. The study uses zone-file analysis to determine the proportion of all possible domain names of each length (up to 6 characters) which are already registered, across the top 40 extensions.

Figure 3.1: Proportion of the set of all possible domain names which are already registered, for each of the top 40 gTLDs (by total number of registered one- to six-character domains), as a function of SLD length (n characters)

4. Subdomain discovery^[6]

This case study involves the test of a series of methods intended to identify as many existing subdomains as possible across arbitrary third-party domains (websites), using the top 50 most popular sites as an example. Discovery of subdomains on arbitrary websites is a key component of brand monitoring programmes because of the potential for brand abuse, but is traditionally a difficult problem to solve because of the lack of publicly-accessible data sources akin to domain name zone files. It is therefore instructive to test and develop discovery algorithms and seek insights into keyword, length and naming patterns in subdomain usage.

Figure 4.1: Distribution of subdomain lengths (in characters) and numbers of levels across the dataset, by number of instances

5. The relationship between brand value and brand prominence^[7,8]

This case study involves the calculation of online prominence for each of the top 100 most valuable global brands, using a proprietary algorithm considering the number and prominence of the mentions of each of the brands, based on analysis of a generically-sampled set of webpages. A comparison of the prominence scores for each of the brands with their brand values shows no straightforward relation between the two, though some trends (such as the disproportionate high prominence of social media, search and technology brands, and the low prominence of luxury brands) are evident.

Figure 5.1: Comparison of overall prominence score with brand value for the top 100 brands, split by industry area (showing low ends of prominence / value axes only)

6. Real-world distribution of infringing goods^[9,10]

This case study looks to tie together online and offline activity relating to the trade in infringing goods. It considers the locations of interception in the UK of incoming goods from three countries identified as the top points of origin, based on a case study of partnerships with customs and law enforcement for three key brands in different industry areas (clothing, food, and physical goods manufacturing).

Figure 6.1: Heat map showing the frequency with which locations in the UK have been associated with the physical interception of infringing goods originating from China (for three brands in the clothing, food, and physical goods manufacturing industries)

7. Colour similarity measurement^[11]

This case study looks at a set of protected colour marks (or colours featured as components of more complex marks) and considers a framework for quantifiably measuring the difference between each pair of colours, based on the geometric distance between them in RGB (red-green-blue) space^[12]. Such metrics could form the basis of a more robust approach to quantifying the difference between marks, as may be relevant to the decision-making process for disputes^[13].

Figure 7.1: Matrix showing the separation (in RGB units) between each pair of colours in the set of marks

References

[1] 'Patterns in Brand Monitoring' (D.N. Barnett, Business Expert Press, 2025), Case Study 8.6: 'Profiling a scam package-tracking website'

[2] https://www.iamstobbs.com/tracking-the-tracker-ebook

[3] 'Patterns in Brand Monitoring' (D.N. Barnett, Business Expert Press, 2025), Case Study 8.1: 'The GameStop Saga'

[4] 'Patterns in Brand Monitoring' (D.N. Barnett, Business Expert Press, 2025), Section 9.3.2: 'Availability of short domains across the gTLD landscape'

[5] https://www.iamstobbs.com/availability-of-domains-ebook

[6] https://circleid.com/posts/20240528-exploring-the-domain-of-subdomain-discovery

[7] 'Patterns in Brand Monitoring' (D.N. Barnett, Business Expert Press, 2025), Case Study 10.1: 'Online prominence and sentiment of the top 100 most valuable global brands'

[8] https://www.iamstobbs.com/online-brand-prominence-and-sentiment-ebook

[9] 'Patterns in Brand Monitoring' (D.N. Barnett, Business Expert Press, 2025), Chapter 15: 'Links to offline data'

[10] https://www.iamstobbs.com/opinion/tracking-the-uk-trade-in-fakes-counterfeit-hotspots

[11] https://circleid.com/posts/further-developing-a-colour-mark-similarity-measurement-framework-building-a-database

[12] https://circleid.com/pdf/similarity_measurement_of_marks_part_1.pdf

[13] https://www.linkedin.com/pulse/measuring-similarity-marks-overview-suggested-ideas-david-barnett-zo7fe/

This article was first published on 24 December 2024 (amended 25 December 2024) at:

https://www.linkedin.com/pulse/brand-protection-data-beautiful-david-barnett-c66be/

Thursday, 12 December 2024

The universe of numeric domain names

Introduction

As has been remarked in a number of previous overviews, the availability of short, memorable, unregistered domain names across popular domain-name extensions (top-level domains, or TLDs) has increasingly been running low over recent years. This issue presents potential difficulties for entities looking to launch new brand names, and is likely to drive a push towards other approaches, such as the use of novel or invented brand names and/or alternative TLDs (including 'dot-brands')^[1,2]. One additional possible alternative is the use of numeric domain names (i.e. those consisting only of the characters 0 to 9), which are already popular in certain markets such as China, where their use can circumvent language barriers and particular numbers may have specific cultural significance.

In this article, I consider the universe of numeric domain names which are already registered, using the ever-popular .com TLD as a case study, giving insights into registration and usage patterns.

Overview

As of 21-Nov-2024, domain name zone file analysis shows that there are 1,008,834 unique registered .com domains with second-level domain (SLD) names (i.e. the part to the left of the dot) consisting of numeric digits only^[3]. These range in length from 1 character (one instance in the zone file, 1.com, a domain reserved by IANA) to 63 characters (32 instances) (Figure 1).

Figure 1: Numbers of registered numeric .com domain names, by SLD length (logarithmic scale)

Next, it is informative to exclude any domains beginning with a leading '0' (i.e. concentrating only on those where the SLD is a 'natural' or 'counting' number - of which there are 928,086 such examples). Considering all numeric domains from 10.com upwards (i.e. those with a length of two or more characters), we find that (for example) all numbers under 1,000 except 215.com, 968.com and 992.com appear in the .com zone file as the SLDs of registered domains - and even these have active whois records and appear unavailable for registration.

Furthermore, in total, there are only 93 numeric domains with SLDs under 10,000 which are absent from the zone file but, similarly, all of these also have active whois entries. Accordingly, there are no numeric domains of four characters (i.e. digits) in length or shorter which are available for registration.

In fact, there appear to be only ten numeric .com domains with SLDs under 100,000 which appear not to have valid whois records and may therefore be unregistered. However, even these appear to be unavailable for standard purchase - seven of them are listed as 'taken' and three of them (36923.com, 65879.com, 81632.com) are deemed 'premium' (according to GoDaddy), with purchase prices in excess of £1,000.

Usage trends and patterns

As an indication of the typical nature of usage of numeric domains, it is instructive firstly to consider the set of 988 domains in the .com zone file with SLDs which are numeric strings below 1,000. Of these, 331 (34%) generate some sort of live website response (i.e. an HTTP status code of 200). It is noteworthy that, of the 224 homepages configured with a webpage title, 99 (44%) are in far-eastern Scripts (mostly Chinese), highlighting the popularity of numeric domains in this region. Also of particular interest is the number of examples where the numeric domain name itself is very closely associated with the brand identity, with notable examples including '76 Gas Stations' (76.com), 'TheNumber118118' (118.com), '311' (music artist; 311.com), '555 International' (555.com), 'Six Eight Six' (apparel; 686.com), and a significant number of casino websites, including '444.com' (444.com), '777 casino' (777.com) and '888' (888.com). Other domains in the dataset also use names of particular relevance, such as 107.com, which re-directs to a prime-number calculator. The dataset also includes examples of what could be considered brand infringements, such as 168.com, which resolves to an e-commerce website (Figure 2), perhaps trading off the popularity of the well-known Chinese marketplace 1688.com. Many of the other domains analysed resolve to pages offering the domain name for sale.

Figure 2: The e-commerce website at 168.com

Several of the longer domain names in the wider dataset appear to have been registered purely for their collectability or tradability (cf. trends seen in blockchain domain names^[4] and Web2 domain 'clubs'^[5]). Many examples feature repetitions of the same character or group of characters, whilst others feature alternative significance, such as lists of counting numbers, the Fibonacci sequence, or the digits of mathematical constants such as pi (π) or e.

Additionally, there are 818 domains with SLDs consisting only of the digits 0 and 1, and which may be intended to be significance in the context of binary notation. This is particularly noticeable given the peaks in numbers of domains with SLD lengths of multiples of eight characters (Figure 3), given that blocks of eight binary digits (one byte) are a standard way of encoding regular ASCII characters^[6].

Figure 3: Numbers of registered numeric .com domain names with SLDs consisting only of the digits 0 and 1, by SLD length (logarithmic scale)

Indeed, if we consider examples where the length is 32, 40, 48 or 56 characters, we find that the SLD names are, in many cases, in fact binary representations of other terms, including brand names (see Appendix A). The exact purpose of these domains - beyond collectability and attempts at monetisation through their sale - is not clear, though some do feature content relevant to the brand referenced in their name, or other material where the binary encoding appears to be a way of 'hiding' the name of the site (Figure 4).

(a)

(b)

(c)

(d)

Figure 4: Examples of live website content on 'binary' numeric domain names - SLDs are:

(a) 010001110110111101101111011001110110110001100101 ('Google')^[7] and 011001110110111101101111011001110110110001100101 ('google')
(b) 01111001011011110111010101110100011101010110001001100101 ('youtube')
(c) 01101000011000010110001101101011 ('hack')
(d) 0100000101010111010100110110001101100010 ('AWScb' - apparently in reference to 'AWS Community Builders')

Amongst the remainder of the domains, there is doubtless a range of other use-cases. For example, there are 1,162 domains in the dataset with SLDs 11 characters in length and beginning with a '0' - i.e. potentially consistent with the format of a telephone number in various countries (Figure 5).

Figure 5: Examples of 'telephone number' domain names: (top to bottom) 07077777777.com; 07178888888.com; 07712361119.com; 07759158517.com^[8]

Discussion

The universe of numeric domain names sits alongside the more familiar text-based options, and provides an interesting alternative in terms of branding options and use-cases, particularly in view of the continuing lack of availability of brandable names. Currently, over one million numeric domain names have been registered just on the .com extension.

Numerics are particularly popular in the Chinese-speaking world, where particular numbers can have special cultural significance (e.g. the association of '8' with wealth and fortune, due to the similarity in pronunciation to the character of the same meaning), or where other similarities in pronunciation can convey implied meanings. For example, three highly-priced domain sales in 2021 (2698.com, 8499.com, 9599.com) were for domains ending with '98' or '99', similar to the Chinese terms for 'being rich for a long time' and 'for a long long time'^[9]. Moreover, in view of the universal understanding and appeal of numbers, two of the ten most popular Chinese websites are 163.com and 360.cn.

More generally, numeric domain names can be extremely versatile and can convey specific brand messaging, with some very expensive sales reported - these include 360.com ($17M), 123.com ($3.2M), 114.com ($2.1M), 520.com ($1.6M) and 999.com ($1.2M)^[10].

Numerics may also be amenable to familiar types of brand abuse, such as the use of popular, common or other strings which may be similar to (numeric) brand terms to drive traffic to third-party, potentially infringing content.

Moreover, there have been instances of UDRP disputes involving numeric domains, such as the 2016 case brought by Cube Limited, the owner of a number of gambling-related marks named '188', against the registrant of a group of eight six-digit numeric .com domains all beginning with 188 (and displaying advertisements relating to betting) and resulting in the transfer of the domains^[11]. A year earlier, the owner of 11315.com - trading as '11315 Credit Services' - had won the transfer of 11315.so^[12]. The list of UDRP cases from 2024^[13] includes a dispute regarding the domain name 100101.art^[14,15]. The domain formerly resolved to an NFT marketplace and now displays a parking page following successful transfer to the complainant, the owner of the EU word mark '10101'.

Other attractive characteristics of numeric domains are also apparent from the dataset. It is clear, for example, that collectable and tradable domain names are of appeal to some users, as is the use of binary encoding to 'hide' brand names or other terms within the domain name for sites which - in some cases - may also be of concern or infringing for other reasons.

Appendix A: List of binary numeric .com domain names

Domain name	SLD length (characters)	Decoding of SLD name
00110001001100110011001100110111.com	32	1337
01000011010010000100000101010100.com	32	CHAT
01000100011001010100011001101001.com	32	DeFi
01001100011011110111011001100101.com	32	Love
01001101010001010101010001000001.com	32	META
01001101011000010111001001110011.com	32	Mars
01001101011001010111010001100001.com	32	Meta
01100010011010010110111001100111.com	32	bing
01100010011011000110111101100111.com	32	blog
01100011011010000110000101110100.com	32	chat
01100011011011110110010001100101.com	32	code
01100011011011110110110001100101.com	32	cole
01100011011011110111001001110000.com	32	corp
01100100011000010111010001100001.com	32	data
01101000011000010110001101101011.com	32	hack
01101101011011110110111101101110.com	32	moon
01110000011010000110100101101100.com	32	phil
01110000011100110111001001100111.com	32	psrg
01110010011000010110110001100110.com	32	ralf
01110010011011110110111101110100.com	32	root
01110011011010000110111101110000.com	32	shop
01110100011000010111100101100001.com	32	taya
01110101011001100110111100001010.com	32	ufo
01111000011011110111001001011111.com	32	xor_
0011010000110010001100000000110100001010.com	40	420
0100000101010011010000110100100101001001.com	40	ASCII
0100000101010111010100110110001101100010.com	40	AWScb
0100000101110000011100000110110001100101.com	40	Apple
0110111001101111011011000111010001100101.com	40	nolte
0111010001100101011100110110110001100001.com	40	tesla
010000010110110001101001011000110110100101100001.com	48	Alicia
010000010110110101100001011110100110111101101110.com	48	Amazon
010001110100111101001111010001110100110001000101.com	48	GOOGLE
010001110110111101101111011001110110110001100101.com	48	Google
010010100100000101010010010101100100100101010011.com	48	JARVIS
010100110110100101110010011010010111010101110011.com	48	Sirius
011000100110100101101110011000010111001001111001.com	48	binary
011000110110111101101110011011000110000101101110.com	48	conlan
011001110110111101101111011001110110110001100101.com	48	google
011100000110000101111001011100000110000101101100.com	48	paypal
011100110110010101110010011001110110100101101111.com	48	sergio
011101000110100001110010011001010110010100100000.com	48	three
011101110110010101100010001101000110000101101001.com	48	web4ai
01000001011100100110110101100001011011100110010001101111.com	56	Armando
01011010010001010101001001001111010011110100111001000101.com	56	ZEROONE
01100010011001010110001101101000011101000110110001100101.com	56	bechtle
01100010011010010111010001100011011011110110100101101110.com	56	bitcoin
01100010011010010111010001100110011011000110100101110000.com	56	bitflip
01100010011010010111010001100110011011000110100101110001.com	56	bitfliq
01100011011010000110000101110100010001110101000001010100.com	56	chatGPT
01111001011011110111010101110100011101010110001001100101.com	56	youtube

References

[1] 'Patterns in Brand Monitoring' (D.N. Barnett, Business Expert Press, 2025), Chapter 9: 'Domain landscape analysis'

[2] https://circleid.com/posts/a-review-of-the-2024-threat-landscape-and-implications-for-domain-security

[3] Note that this overview is based on the list of domains present in the .com zone file as of the date of analysis. However, the absence of a domain from the zone file does not necessarily mean that the name is unregistered and available, as other factors (such as the domain having being put 'on hold', or having no associated nameservers) may result in the domain being absent from the file. For example, the majority of one-letter names have been explicitly reserved by IANA (the Internet Assigned Numbers Authority) since the early 1990s.

[4] 'Patterns in Brand Monitoring' (D.N. Barnett, Business Expert Press, 2025), Chapter 13: 'Analysing trends in Web3'

[5] https://vision.io/ (formerly https://ens.vision/market)

[6] https://www.rapidtables.com/convert/number/binary-to-ascii.html

[7] Note that a .eth blockchain domain with the same SLD is offered for sale at https://vision.io/name/ens/010001110100111101001111010001110100110001000101.eth

[8] Screenshot courtesy of Wayback Machine (https://web.archive.org/web/20240913005719/http://07759158517.com/); telephone code consistent with that given at https://pitchbook.com/profiles/person/233703-37P

[9] https://domainnamewire.com/2021/09/16/three-recent-numeric-domain-sales-and-possible-chinese-meanings/

[10] https://www-bak.gname.com/news/20231101123113.html

[11] https://domaingang.com/domain-law/udrp-for-188-domains-puts-owners-of-short-numerics-in-danger/

[12] https://www.thedomains.com/2015/11/10/five-number-domain-lost-in-udrp/

[13] https://www.wipo.int/amc/en/domains/casesx/all.html

[14] D2024-1039, onezeroonezeroone d.o.o. vs. Gleb Martynov

[15] https://www.wipo.int/amc/en/domains/decisions/pdf/2024/d2024-1039.pdf