The issue
With the 2024 Summer Olympics set to begin in Paris on the 26th July, we have conducted a review of the current landscape of related domain names. Previous studies have noted that high-profile events of this nature tend to be associated with spikes in related infringements, where bad actors take advantage of increased levels of public interest to create scams and misdirect users to their own content.
Methodology
We have considered the set of registered domains (as of the 26th June 2024) with names containing ‘olympic’, ‘olympique’, or ‘paris(-)(2)(0)24’, which generated over 16,000 results. After filtering out official registrations and unrelated matches (e.g. those relating to previous competitions or generic use), we are left with a dataset of just under 1,000 third-party domain names of high potential relevance.
Findings
The domains feature a range of content types, with 550 of the domains (i.e. 57%) not returning any live website response, and several more resolving just to placeholder pages. It is not uncommon for newly registered domains to be left in a ‘dormant’ state by their registrants, prior to being subsequently ‘weaponised’ for scam or infringing use, highlighting the importance of monitoring inactive domains of concern for changes in content. Many more of the domains in the dataset resolve to pages explicitly offering the domain name for sale (Figure 1), highlighting also the popularity of domains being registered for monetisation and profit generation.
Figure 1: An example of a page offering the sale of the host domain name (second-level name ‘paris2024’) and other names relating to the subsequent games
The domains resolving to live content are associated with differing levels of risk. Several are relatively benign (including instances of news or informational sites, claims of affiliation, sites offering related products or services such as accommodation, and references to other events taking place in Paris in 2024). However, a significant number resolve to content which appears to be potentially infringing and are of concern (Figure 2).
Figure 2: Examples of potentially infringing websites hosted on domain names relating to Paris 2024 – top to bottom: potential phishing (in conjunction with references to travel visas); site offering ticket sales; e-commerce site (potential counterfeits); potential piracy (unauthorised streaming) website; site promoting a cryptocurrency scheme; boycott site
Another striking observation is the extent to which the levels of infringing activity ramp up as the event in question approaches, as shown by the registration profile of the high-relevance third-party domains (Figure 3).
Figure 3: Numbers of high-relevance, third-party Paris 2024 domains actively registered, by original month of registration (where available via automated look-up)
New-gTLD domain extensions – many of which have been previously noted as being popular with infringers – feature heavily amongst the dataset, with the top ten extensions in the overall dataset including .store (5th place; 28 instances), .shop (6th; 25), .online (8th; 24) and .site (10th; 16). An interesting observation is the inclusion of the city-specific new-gTLD .paris in the list (4th place; 30 instances). We also see that the most popular registrars in the dataset are retail-grade providers (Table 1) – again traditionally popular with infringers – and the extensive use of privacy protection in the domain whois records (Table 2).
|
Registrar |
No. domains |
|
GoDaddy.com, LLC |
169 |
|
OVH, SAS |
85 |
|
GANDI SAS |
63 |
|
IONOS SE |
55 |
|
NameCheap, Inc. |
33 |
Table 1: Top five registrars in the dataset
|
Registrant |
No. domains |
|
Domains By Proxy, LLC |
79 |
|
REDACTED FOR PRIVACY |
58 |
|
Privacy service provided by Withheld for Privacy ehf |
28 |
|
Super Privacy Service LTD c/o Dynadot |
19 |
|
Private by Design, LLC |
19 |
Table 2: Top five cited registrants in the dataset
Take-aways
The range of observed infringements highlights the importance of brand owners conducting proactive programmes of monitoring and enforcement, particularly at times when the brand profile is elevated. This simple study has considered just domain-related findings, but in the modern connected Internet, infringements tend to be manifested across a wide range of channels, and a holistic view is key to addressing the issues.
As with previous studies, new-gTLD extensions comprise a significant proportion of the results of interest. It is also noteworthy that, of the new-gTLDs appearing in the top ten extensions in this study’s dataset, only one (.shop) is included in the GlobalBlock scheme[1] (subject to a ‘premium domain pricing threshold’[2]). Furthermore, any domains featuring additional keywords would also not be covered (noting that the sites shown Figure 2 include examples featuring terms such as ‘tickets’, ‘visa’ and ‘schedule’), showing the importance of augmenting these types of blocking schemes with more comprehensive online brand protection programmes.
Finally, the prominence of the .paris domain extension within the dataset shows that city-specific TLDs – which are often overlooked – can be of key importance in relation to particular events.
[1] https://www.iamstobbs.com/opinion/key-facts-about-the-globalblock-scheme-a-consideration-for-domain-management-and-online-brand-protection-clients
Send us your thoughts:
