Latest news of the domain name industry

Recent Posts

Cybercrime link as t.me gets taken down

Kevin Murphy, July 14, 2026, 06:52:27 (UTC), Domain Registries

Speculation is rampant online right now after t.me, the domain used for short links by the messaging service Telegram, was apparently taken down by the .me registry, affecting as many as a billion users.

t.me seems to have gone dark shortly before 2000 UTC on Monday evening, with Whois/RDAP records showing it is now placed on serverHold status, which usually indicates a registry-level suspension and removal from the .me zone.

The suspension means that millions of short links using t.me are no longer functioning when clicked, leading instead to NXDOMAIN errors. Substituting t.me for telegram.me can be used as a workaround; the longer domain remains unsuspended.

.me is the ccTLD for Montenegro and is managed by local firm doMEN, which is mostly a partnership between US-based domain giants GoDaddy and Identity Digital.

Telegram and doMEn’s partners have yet to publicly address the outage, leading to a great deal of speculation online.

The most plausible explanation put forward so far but not yet confirmed is that the takedown relates to an order issued Monday by the US government’s Office of Foreign Assets Control, which has broad powers to sanction organizations and individuals it believes are linked to crime and terrorism.

OFAC, in an advisory that otherwise largely targets Cuban-linked entities, sanctioned domains and cryptocurrency wallets linked to First VPN Service (1VPNS), which it said was a Ukraine-based cybercrime group selling anonymity services to ransomware attackers and others.

OFAC said: “Numerous ransomware groups have purchased infrastructure from 1VPNS, which they have leveraged in attacks on U.S. companies and institutions—including to hide the origins of their attacks, deploy malware, and manage exfiltrated data.”

The July 13 order sanctioned three 1VPNS domain names — 1vpns.com, 1vpns.net, and 1vpns.org — that had in fact already been taken down by a Europol-led law enforcement operation in May.

But also on the list is the URL t.me/FirstVPNService. The equivalent telegram.me URL was not listed.

This has led to the suspicion that the t.me suspension is a classic case of government using a jurisdictional sledgehammer to crack an overseas nut — ordering doMEN’s US-based registry partners to take down the whole of t.me rather than asking Dubai-based Telegram to take down the specific offending URL or group.

Identity Digital, which holds the pen on .me domain edits, would have been powerless to resist an order from its own government.

While the takedown will doubtless be raised in ongoing policy discussions about when it is appropriate for a registry or registrar to suspend a domain over DNS abuse concerns, it’s less clear whether it will play into the Montenegro government’s nascent efforts to exert more local control over .me.


Domain Incite relies on support from readers like you to survive. Please consider making a one-off or recurring donation via PayPal. Please support Domain Incite, the independent source of news, analysis and opinion for the domain name industry and ICANN community.

Tagged: , , , , , , ,

Add Your Comment