Afilias’ .kim has become the latest victim (beneficiary?) of adware, as robo-registrations boost the gTLD’s zone file and apparent popularity.
It’s the latest new gTLD, after .xyz and .country, to see its rankings soar after hundreds of gibberish, bulk-registered domains started being used to serve ads by potentially unwanted software.
.kim is today the 4th most-popular new gTLD, with 85 domains in the top 100,000 on the internet and 264 in the top one million.
A month ago, it had a rank of 223, with just 16 domains in the top one million.
The domain names involved — gems such as oatmealsmoke.kim, vegetableladybug.kim and tubhaircut.kim — have seen a boat-load of traffic and rocketing Alexa rank.
The reason for the boost seems to be a one-off bulk registration of about 1,000 meaningless .kim domain names in early February, which now appear to be being used to serve ads via adware.
In this chart (click to enlarge), we see .kim’s zone file growth since the start of 2015.
The spike on February 5, which represents over 1,000 names, is the date almost all of the .kim names with Alexa rank were first registered.
They all appear to be using Uniregistry as the registrar and its free privacy service to mask their Whois details.
These domains often do not resolve if you type them into your browser. They’re also using robots.txt to hide themselves from search engines.
But they’ve been leaving traces of their activity elsewhere on the web, strongly suggesting their involvement in adware campaigns.
It seems that the current (ab?)use of .kim domains is merely the latest in a series of possibly linked campaigns.
I noted in January that gibberish .country domains — at the time priced at just $1 at Uniregistry — were suddenly taking over from .xyz in the popularity charts.
The following three charts, captured from DI PRO’s TLD Health Check, show how the three TLDs’ Alexa popularity rose and fell during what I suspect were related adware campaigns..
First, .xyz, which was the first new gTLD to show evidence of having robo-registrations used in adware campaigns, saw its popularity spike at the end of 2014 and start of 2015:
Next, Minds + Machines’ .country, which saw its zone file spike by 1,500 names around January 6, starts to see its Alexa-ranked total rocket almost immediately.
.country peaks around February 9, just a few days after the .kim robo-registrations were made.
Finally, as .country’s use declines, .kim takes over. Its popularity has been growing day by day since around February 13.
I think what we’re looking at here is one shadowy outfit cycling through bulk-registered, throwaway domain names to serve ads via unwanted adware programs.
It seems possible that domains are retired when they become sufficiently blocked by security countermeasures, and other domains in other TLDs are then brought online to take over.
None of this necessarily reflects badly on any of the new gTLDs in question, or even new gTLDs as a whole, of course.
For starters, I’ve reason to believe that TLDs such as .eu and .biz have previously been targeted by the same people.
The “attacks”, for want of a better word, are only really noticeable because the new gTLDs being targeted are young and still quite small.
It takes much longer to build up genuine popularity for a newly launched web site than it does to merely redirect exist captive traffic to a newly registered domain.
What it may mean, however, is that .kim and .country are going to be in for statistically significant junk drops about a year from now, when the first-year registrations expire.
For .kim, 1,000 names is about 14% of its current zone file. For .country, it’s more like a quarter.
.porn and .adult have taken the crown of the most-subscribed new gTLD sunrise periods to date.
The two ICM Registry spaces opened up for registrations from users of the Trademark Clearinghouse on March 2.
A little over a week later, the company tells DI that both gTLDs have individually exceeded the previous sunrise record holder.
My understanding is that .london was the new gTLD with the most sunrise registrations, selling just over 800 names to TMCH customers during its combined sunrise/landrush, which ended last July.
ICM revealed in a webinar last week that it expected its new gTLDs to have to biggest sunrise numbers to date.
“Both .porn and .adult will have exceeded that [.london] number comfortably,” ICM president Stuart Lawley confirmed to DI today.
.adult is “almost neck and neck” with .porn, Lawley said.
The numbers are still pretty small compared to ICM’s 2003-round gTLD, .xxx, which had over 80,000 sunrise applications in October 2011.
They’re also pretty small compared to the TMCH’s overall number of registrations, which at the last public disclosure was a little under 35,000.
But ICM has another couple opportunities for trademark owners to defensively register that may work out cheaper.
First, from April 6 to April 30 companies that bought non-resolving “blocked” names in the .xxx Sunrise B will be able to block the same strings in .porn and .adult.
ICM says registrars are offering discounts for five-year blocks.
Then, from May 6 to May 31 the Domain Matching program starts. That’s open to any .xxx registrant, defensive or otherwise, but not to those with .xxx Sunrise B blocks.
ICM Registry is to offer .xxx domain names at dramatically reduced prices, which could be in line with .com pricing at some registrars, for the month of April.
At least one registrar plans to offer .xxx names at about $13 for the duration of the offer.
.porn and .adult are set to go to general availability June 4. Before then, there will be a series of launch phases aimed at giving trademark owners and .xxx registrants plenty of opportunity to defensively register.
One phase, Domain Matching, will run from May 6 to May 31.
During DM, owners of .xxx names will be able to get their matching .porn and .adult domains (assuming they haven’t been claimed in the prior sunrise periods) at a reduced fee.
The discount period in April will enable registrants to pre-qualify for .porn’s Domain Matching by buying .xxx names at a much reduced price.
.porn and .adult prices during general availability are expected to be the same as in .xxx, which retails for around $100 ($62 going to ICM).
I don’t know what ICM’s registry fee during the discount period is, but the registrar EnCirca said it plans to sell a bundle of .xxx, .porn and .adult for $39 during April, which works out to $13 each.
EnCirca and 101domain appear to be pricing DM for a registration in a single TLD at about $19.
ICM’s gesture follows its admission in November that .xxx registrants would not get the free, perpetual block of matching .porn and .adult names that the registry had originally planned to offer.
The company has run a deep-discount program once before, in May 2013, when it sold .xxx at .com prices and saw 13,136 adds, compared to 1,131 in the previous month.
Are European registrants more likely to register new gTLD domain names than those in the US and elsewhere?
That’s the view of Tucows, which sees more new gTLD action from its European OpenSRS resellers than it does from others.
In a blog post last week, OpenSRS blogger Gustavo Arruda noted that Americans are still stuck in a .com mindset:
Our European resellers are leading the charge. We expected the European market to be more open to new gTLDs and that prediction proved correct. It’s a market used to ccTLDs so having a couple hundred more new gTLDs was not a big deal.
North American resellers are lagging behind. It continues to be a very .COM-centric market that is still skeptical about too much choice.
South American and Asian resellers complain about the English-centric nature of new gTLDs. A lot of the new gTLDs we have launched do not make sense in these markets so adoption has been slow.
The post came as OpenSRS recorded its 100,000th new gTLD domain sale.
One reason for the Euro-slant in the market could be the relatively good performance of city gTLDs, most of which are European, and which are easily grasped concepts for buyers familiar with ccTLDs.
Hover, Tucows’ retail registrar, is geo-targeting which TLDs it offers visitors. As DI is based in London, I get offered .london domains prominently when searching for domains there.
The only US geo-gTLDs available to date are .vegas and .nyc.
Donuts has been confirmed by a German news site as the new owner of .reise, which was auctioned by its previous owner last week.
It was the first time a live gTLD had been sold at auction.
The deal, which is believed to have cost Donuts at least $400,000, means the company now owns .reise and .reisen.
Both mean “.travel”. According to my GCSE German skillz, last exercised 22 years ago, .reisen is a verb and .reise is a noun, but .reisen is also the plural of the noun .reise.
I believe this means that Donuts is the first company to own both the plural and singular forms of a new gTLD string.
Heise Online reports that former registry Dotreise was forced to sell up due to competition from Donuts.
Donuts’ .reisen has over 4,000 names in its zone file, compared to .reise’s 1,300. It’s a small market so far, but Donuts has the lion’s share.
The article notes that Donuts got a better position in ICANN’s prioritization draw in late 2012, meaning it got to market slightly earlier. Donuts also sells for a much lower price.
I doubt time to market was as much of a factor as price.
But it might be interesting to note that while Donuts’ advantage was just six days in terms of contract-signing, that lead had been extended to six weeks by the time .reise was delegated.
Donuts, which has more experience than any other company when it comes to the transition to delegation process, managed to hit general availability two weeks sooner than .reise, even though Donuts’ sunrise period was twice as long.