Ancient registrar gets ICANN breach notice over UDRP
A thirty-year-old registrar — practically prehistoric by internet standards — has been hit with an ICANN breach notice after apparently failing to transfer a domain lost in a UDRP and not paying its fees.
ICANN has told Texas-based GKG.net that it failed to implement a July UDRP decision (pdf) over the domain top-rx-market.com, which was won by generic pharmaceuticals firm TopRX.
That domain is using GKG’s Whois privacy service and suspended-domains.net as its name servers but still resolves to an active pharma storefront from where I’m sitting. The UDRP says the domain was registered to a Russian, who did not respond to the UDRP.
While the UDRP-related alleged breach is pretty recent, it looks like ICANN has been chasing GKG for a couple of years.
Compliance first notified the registrar that it was past due on its quarterly fees back in February 2022.
Since March, it also has been looking at alleged failures to handle abuse reports for pharma-related domains including canadianpharmstore.net, usapharmacymall.com, good-pills.com, and 1-pharm.com, which all resolve to the same discount medicines site.
ICANN says all of its attempts to call, email and fax GKG have fallen on deaf ears.
GKG isn’t tiny. It had over 83,000 gTLD domains under management in May, though it appears to have been shrinking by hundreds of domains per month for over a decade.
The company was accredited by ICANN with IANA number 93, which means it’s among the first wave of registrars accredited over two decades ago — it’s older than GoDaddy.
GKG has until October 13 to clean up its act or face suspension and termination.
Freenom hit by FIFTH ICANN action after litany of screw-ups
Is time up for Freenom? After being sued by Facebook and losing its contracts to operate ccTLDs for at least two countries, now it also has ICANN Compliance to deal with.
Its registrar arm, Netherlands-based OpenTLD, has been hit with a lengthy ICANN breach notice that alleges the company failed to allow its customers to renew and/or transfer their domains, in violation of the registrar contract.
It’s the fifth time OpenTLD has been targeted by Compliance, following breach notices in 2020, 2017 and 2015 and a notice of suspension later in 2015. ICANN says this notice is for the same sorts of failures as in 2020 and 2017.
The latest notice covers a dozen separate cases, probably the largest number in a single breach notice to date. Some of them ICANN has been investigating as far back as January 2022.
The notice says that OpenTLD failed to allow some registrants of expired domains to recover their names under the Expired Registration Recovery Policy and that some registrants were not provided with the AuthInfo codes they need to transfer their domains to other registrars upon request, which registrars have to do under the Transfer Policy.
It goes on to describe a situation where the registrar habitually did not respond to Compliance’s calls, emails or faxes.
OpenTLD apparently has not filed its 2022 Compliance Certificate with ICANN either, which it was supposed to do before January 20 this year.
The company had almost 19,000 gTLD domain names under management at the end of May, down from a 2019 peak of almost 45,000, but it’s probably better known for being Freenom, the registry behind .ml, .ga, .cf, .gq and .tk.
Domains in these five ccTLDs — mostly representing West African nations suffering under military dictatorships or civil war — were offered for free and monetized by the registry upon expiration or suspension.
But Freenom has not offered new regs in these TLD since the start of the year. Its web site blames technical problems, but it’s widely believed to be a result of the cyberquatting lawsuit filed by Facebook owner Meta in late 2022.
Mali and Gabon, of .ml and .ga, have since severed ties with Freenom. It turned out .ga had seven million domains in its zone, most of which presumably belonged to the registry.
OpenTLD has until October 11 to give ICANN evidence that it followed policy with the renewals or transfers of dozens of names domains or risk losing its accreditation.
New gTLD registry gets second ICANN breach notice
A new gTLD registry has become the second to receive a second ICANN breach notice from ICANN.
Asia Green IT System, based in Turkey, hasn’t been paying its fees on four of its TLDs, ICANN says in its notice, and isn’t displaying Whois data in the required format.
The gTLDs concerned are .nowruz (Iranian New Year), .pars (refers to Persia/Iran), .shia (a branch of Islam), and .همراه (.xn--mgbt3dhd, appears to mean something like “comrade” in Persian).
ICANN has given the company until July 5 to pay up or risk having its contracts terminated.
No domains would be at risk if that were to happen — none of the four TLDs has launched. Each has a single domain in its zone file, despite being in the root for several years.
Asia Green was hit with a similar notice in 2019, which it ultimately resolved.
Another registrar seemingly vanishes
An accredited registrar appears to have gone bust after its parent company failed.
ICANN has sent a breach notice to Nimzo 98, which while registered as an LLC in the US appears to be Indian-operated, saying the company has not paid its fees and the Compliance folk haven’t been able to reach management since December.
The notice also complains that the company isn’t providing a Whois service as required, which may be a polite way of saying that the entire web site is down — it’s not resolving properly for me.
Digging into the data a little, it seems Nimzo was the in-house registrar of a company called Houm that, according to its press releases, was operating some kind of privacy-oriented social network slash cloud storage service.
Part of Houm’s offering was a personal domain name, which came bundled as part of the monthly service fee.
When Houm seriously started promoting its service last year, it appears to have led to a spike in registrations via Nimzo. Most of its domains were concentrated in new gTLDs such as .live, .xyz, .earth, .world and .space.
Having consistently registered no more than a couple hundred gTLD names per month for years, there was a sudden spike to over 5,000 in July and 12,000 in August, peaking Nimzo’s total domains at 21,000 that month.
But then, in October, the registrar deleted almost all of its names. It went from 21,000 domains under management in August to 190 at the end of October. These were not grace-period deletes, so fees would have been applicable.
Houm’s web site at houm.me also appears inoperable today, showing a server error when I access it, and its Twitter account has been silent since last August.
ICANN has given Nimzo until May 22 to pay up or lose its accrediation.
Dynadot takes down its own web site after apparent breach
Dynadot took the drastic move of turning off its own web site last week after noticing an apparent security breach.
The registrar also reset all of its customers’ passwords, acknowledging the pair of moves were “extremely inconvenient”.
It’s not clear from the company’s statement whether there really had been an attack or whether it overreacted
It said “our system noticed irregular activity” but later brought its site back up after staff “investigated and determined there was not a threat”.
The company said it has engaged “cyber security experts” to help it out in future.
Russian registry hit with second breach notice after downtime
ICANN has issued another breach notice against the registry for .gdn, which seems to be suffering technical problems and isn’t up-to-date on its bills.
Navigation-Information Systems seems to have experienced about 36 hours of Whois/RDDS downtime starting from April 22, and is past due with its quarterly ICANN fees, according to the notice.
Contractually, if ICANN’s probes detect downtime of Whois more than 24 hours per week, that’s enough to trigger emergency measures, allowing ICANN to migrate the TLD to an Emergency Back-End Registry Operator.
Today, the registry’s web site hasn’t resolved for me in several hours, timing out instead, suggesting serious technical problems. Other non-registry .gdn web sites seem to work just fine.
NIS seems to be a Russian company — although most ICANN records give addresses in Dubai and Toronto — so it might be tempting to speculate that its troubles might be a result of some kind of cyber-war related to the Ukraine invasion.
But it’s not the first time this has happened by a long shot.
The company experienced a pretty much identical problem twice a year earlier, and it seems to have happened in 2018 and 2019 also.
NIS just can’t seem to keep its Whois up.
According to the breach notice, whenever Compliance manages to reach the registry’s 24/7 emergency contact they’re told he/she can’t help.
ICANN has given the registry until May 29 to fix its systems and pay up, or risk termination.
.gdn was originally applied for as something related to satellites, but it launched as an open generic that attracted over 300,000 registrations, mostly via disgraced registrar AlpNames, earning it a leading position in spam blocklists. Today, it has around 11,000 names under management, mostly via a Dubai registrar that seems to deal purely in .gdn names.
Two countries could lose registrar competition after breach notices
ICANN has issued breach-of-contract notices to two small registrars, potentially reducing the number of accredited registrars in two countries to just one.
It’s sent notices to Tecnologia, Desarrollo Y Mercado S de RL de CV, one of two accredited registrars based in Honduras, and to Innovadeus, one of only two in Bangladesh.
In the former case, ICANN claims TDM has failed to respond to abuse reports and has been generally sluggish and reluctant to cooperate with Compliance requests.
In the case of Innovadeus, it claims the registrar — which records show has lost almost all of its domains under management in the last couple of years — has failed to pay its accreditation fees.
TDM has been told to shape up by May 27. Innovadeus has been given until May 26 to pay up. Failure in either case could mean termination.
Registrar hit with second porn UDRP breach notice this year
A Chinese registrar group has been accused by ICANN of shirking its UDRP obligations for the second time this year.
ICANN has put Hong Kong-based DomainName Highway on notice that is in breach of its contract for failing to transfer the domain 1ockheedmartin.com to defense contractor Lockheed Martin.
The domain is a straightforward case of typosquatting, with the initial L replaced with a numeral 1. At time of writing, it still resolves to a page of pornographic thumbnail links, despite being lost in a UDRP case January 4.
Under UDRP rules, registrars have 10 days to transfer a UDRP-losing domain to the trademark owner, unless a lawsuit prevents it.
The circumstances are very similar to a breach notice ICANN issued against ThreadAgent.com over a case of BMW’s brand being cybersquatted with porn last month.
Both ThreadAgent and DomainName Highway appear to be part of the XZ.com, aka Xiamen DianMedia Network Technology Co, which is based in China but has about 20 accredited registrars based in Hong Kong.
DomainName Highway has about 30,000 gTLD domains under management.
Alice’s Registry disappears down the rabbit hole
One of the oldest domain registrars appears to be on its way out.
San Francisco-based Alice’s Registry has been hit with a breach notice and termination warning by ICANN after apparently being incommunicado for over a year.
According to ICANN, they last spoke in August 2020, when AR indicated that it was thinking about “shutting down the registrar business”.
Since then, the web site has stopped working and ICANN can’t get through on the telephone.
The breach notice claims past-due fees and a failure to operate a working Whois service, and gives the registrar until November 1 to pay up or get its contract terminated.
Alice’s Registry is one of the oldest registrars, founded in 1999, but it’s never had more than a few thousand names under management. Its founder, Rick Wesson, has been involved in the ICANN community since pretty much the beginning.
Formerly massive drop-catcher faces ICANN probe
Pheenix, which used to operate a network of hundreds of accredited registrars, now faces potentially losing its last remaining accreditation, due to an ICANN probe.
ICANN told the US-based company in a breach notice last week that it faces additional action unless it fixes a bunch of problems related to domain transfers and Whois before May 14.
According to ICANN, for over a year Pheenix has been declining to provide data showing it is in compliance with the Expired Registration Recovery Policy and the Transfer Policy, related to dozens of domains.
Pheenix was told about at least one such disputed domain as far back as February last year, but ICANN says it’s been unresponsive to its outreach.
It’s also failed to implement an RDAP server, which ICANN has been nagging it about since October 2019. RDAP, the Registration Data Access Protocol, is the successor protocol to Whois.
A quick spot-check reveals that the disputed names are traffic domains once belonging to legitimate organizations, usually with inbound Wikipedia links, that were captured after the organization in question folded and its domains expired. Most were repurposed with low-quality content and advertising.
That fits in with Pheenix’s registrar business model. It was until a few years ago a huge drop-catching player, with over 500 shell accreditations it used to gain speedy access to dropping domains.
But it dumped almost 450 of these in November 2017, and another 50 the following April.
Since then, Pheenix’s primary IANA number (the coveted “888”) has been associated with fewer and fewer domains.
It had 6,930 domains under management at the end of 2020, down from a November 2017 peak of 71,592.
It hasn’t recorded any new domain adds in any gTLDs since April 2020.
According ICANN’s chronology of events, it’s sent dozens of emails, faxes and voicemails over the last year, related to multiple domain names, and it’s only received a single email in response. And that was in May 2020.
Recent Comments