Introduction
Following on from our previous analysis[1] on festive trends in infringement activity, this article looks at the registration of domain names relating to the new year specifically, i.e. those gTLD domain names beginning or ending with '2025' (further to a similar study[2,3] carried out for New Year 2023).
The new year can be a popular opportunity to launch new products and services but, like any high-profile event, can be exploited by fraudsters and infringers looking to take advantage of the increased levels of interest and search-engine traffic. Accordingly, whilst many legitimate businesses may make use of '2025' domains, they equally can be utilised by bad actors for a range of infringing activities.
Analysis
As of the date of analysis (18-Dec-2024), almost 34,000 '2025'-specific domain names were identified. As with the previous study looking at domain names relating to delivery service brands, the current dataset is dominated by registrations having taken place in the last year, though starting from a higher relative baseline of pre-existing registrations (with the oldest domain in the dataset, 2025.com, having been registered as far back as 23-Aug-1998) (Figure 1).
Figure 1: Growth over time (2020 - 2024) in the numbers of domains in the current dataset
Approximately 21,000 of the domains (62% of the total) resolve to some sort of live website.
Within the dataset, we focus on those domains deemed to be of greatest potential interest, by virtue of the additional inclusion in the domain names of any of the following categories of keywords:
- The names of any of the 20 most valuable global brands, according to the 2024 study by Kantar[4] (34 domains in total, excluding 'false postives' where the brand name appears as a sub-string of an unrelated term)
- The names of other high-profile brands - e.g. 'iphone' (4 domains) or 'gpt' (7 domains)
- The terms 'bitcoin' or 'crypto' (54 domains in total)
- High-threat terms potentially related to phishing - e.g. 'login' (2 domains)
- High-threat terms potentially related to malware distribution – e.g. 'download' (4 domains) or ' updat*' (13 domains)
- The terms 'shop' or 'store' (86 domains in total, excluding those where the reference appears in the TLD domain name extension)
It is noteworthy that the number of examples of domains making explicit reference to large brands in the domain name itself is relatively small, perhaps a reflection of the knowledge that many of these organisations will be proactively monitoring for these types of registrations.
However, within this focused dataset, a range of types of site content were identified. Many of the domains appear to have been registered for monetisation purposes - e.g. pages offering the domain name for sale (i.e. potential cybersquatting, in cases where a brand name is referenced), or sites featuring pay-per-click (PPC) links, but several examples of live sites featuring infringing or other content of concern were identified (Figure 2).
Figure 2: Examples of websites of potential concern (SLD[5] name given in each case) – top to bottom:
- Potential phishing - chatgpt2025
- Potential cryptocurrency scam site - bitcoin2025
- Sale of potential counterfeits:
- Sale of products using luxury brand names - getithk2025, getithkshop2025
- Site offering the sale of 'customised' products - nflshop2025
- Potential trademark infringement / misdirection:
- Third-party site displaying marketplace brand logo - 2025tk-shop
- Re-direction to litigation website - visareferral2025, visasettlement2025, visalawsuit2025 (×2), visalitigation2025, visapartner2025
- Gambling advertisement site - google2025
Additional patterns of activity are also apparent from the wider dataset, such as the registration of groups of domains whose names appear to be intended to denote specific dates, or other numerical patterns (e.g. 371 .com registrations where the SLD is an eight-digit string which could represent a date in UK- or US- format, and a batch of 63 names of the form NNN2025.xyz, all by the same Chinese registrant). The vast majority are inactive as of the time of analysis but, given the nature of the domain names, may have been registered with the intention of activation at a point in the forthcoming year. Furthermore, many appear to constitute one or more groups of coordinated registrations, showing elements (such as registration dates and use of particular registrars) in common.
Discussion
As in our previous article, the observations highlight how infringements can spike in response to real-world events of interest, such as the festive period, when online search activity and brand interest is heightened. At these times, brand owners who may be subject to related attacks are advised to be particularly mindful of the online risks, and to ramp up their attention to initiatives for the detection of harmful content and enforcement against the material in question.
References
[2] 'Patterns in Brand Monitoring' (D.N. Barnett, Business Expert Press, 2025), Chapter 8: 'Trends in infringement activity'
[3] https://www.linkedin.com/pulse/four-new-case-studies-domain-registration-activity-spikes-barnett/
[4] https://www.kantar.com/campaigns/brandz/global
[5] SLD is the second-level domain, i.e. the part of the domain name to the left of the dot
This article was first published on 9 January 2025 at:
No comments:
Post a Comment