Decades-old US registrar gets a spanking
ICANN Compliance has filed a wide-ranging breach notice against an American registrar that’s been accredited for over 20 years.
Cincinnati-based Netdorm, which does business as DnsExit.com, has been handed a long list of alleged contract violations and an October 16 deadline to fix things or risk termination.
As we’ve seen regularly recently, the registrar’s apparent failures to carry out the technical migrations from Whois to RDAP and from NCC Group to DENIC for escrow services are the biggest of ICANN’s concerns.
Netdorm is also past-due on its fees and has a long checklist of administrative and transparency failures, according to the Compliance breach notice.
Despite being accredited since 2004, the company has been chugging along with fewer than 6,000 gTLD domains under management for many years. It gives away third-level subdomains for free and claims to run over a million of them.
Another registrar goes AWOL
ICANN has started takedown procedures against another registrar that appears to have disappeared from the face of the Earth.
The registrar is 0101 Internet, based in Hong Kong, not to be confused with 101 Domain, which is based in Ireland and California and a completely different company.
0101 has been around for 15 years and had a little over 1,000 domains under management at the last count, mostly .com. Its DUM peaked at over 10,000 over a decade ago but has been declining since.
Currently, its web site doesn’t reliably resolve, which may be the reason ICANN can’t find contractually required information there. Archives show the place on its site where you would usually expect to see a company name or logo, it has just said “Your Brand” for the last few years.
The main problem outlined in ICANN Compliance’s breach notice is that 0101 has not been escrowing its registrant data with DENIC, which could cause problems when its customers’ domains are migrated to a new registrar.
It also hasn’t been paying its ICANN fees, according to the notice.
0101 has until October 3 to come into compliance or risk losing its contract.
Registrar shamed for alleged crypto abuse neglect
ICANN has given a warning to Malaysian registrar WebNic, claiming that it has turned a blind eye to abuse reports in breach of new Registrar Accreditation Agreement rules.
ICANN Compliance says the company, a subsidiary of Kuala Lumpur-based Qinetics, failed to take action to resolve abuse reports made against several domains it manages.
Online reports and databases suggest the names in question were used in phishing attacks attempting to steal cryptocurrency wallet credentials.
Compliance said it “has observed a concerning pattern regarding DNS Abuse mitigation”, saying WebNic continually drags its feet on responding to abuse reports, often only taking action after ICANN gets involved.
The breach notice adds:
The Registrar frequently issued repeated requests for evidence to abuse reporters – even when the original reports appeared actionable – and failed to fully consider information or clarifications provided by the abuse reporter, ICANN or otherwise reasonably accessible to the Registrar. In other cases, the Registrar requested evidence from the abuse reporters that did not appear to be relevant to the reported activity, causing additional delays.
WebNic is not a young, fly-by-night registrar. It’s been around a quarter century and has over 800,000 domains under management just in the gTLDs. Its parent also offers registry back-end services.
The company has until August 19 to make Compliance happy or risk termination proceedings.
.TOP promises to play nice on DNS abuse
.TOP Registry is off the ICANN naughty step, almost a year after it became the first registry to be hit by a public contract-breach notice over ICANN’s latest rules on DNS abuse.
The Org took the highly unusual step yesterday of publishing a blog post drawing attention to what it clearly sees as a big Compliance win, ahead of its public meeting in Prague later this month, at which abuse will no doubt, as usual, be a key discussion topic.
ICANN said that it has been working with .TOP for months to put in systems aimed at reducing the abuse of .top domains. It posted:
.TOP Registry expressed its commitment to maintaining compliance with the DNS Abuse obligations and continuously strengthening its abuse detection and mitigation processes through newly established collaboration channels and a structured approach designed to drive ongoing enhancement. ICANN Compliance acknowledged that the remedial measures were sufficient to cure the Notice of Breach. We noted that future violations of these requirements will result in expedited compliance action, up to and including the issuance of additional Notices of Breach.
Compliance had hit .TOP with the breach notice last year over allegations that it repeatedly ignored abuse reports submitted by security researchers, and that it was ignoring Uniform Rapid Suspension notices.
Security outfit URLAbuse later revealed it was the party that had reported .TOP to ICANN.
.TOP is a Chinese registry that sells mainly via Chinese registrars, typically at under a couple bucks retail. A non-scientific perusal of its zone files reveals that the majority of the many thousands of domains it sells every day are nothing but disposable junk — random strings of characters with no meaning in any language.
While .top is far from alone in that regard, it is the most successful at the abuse-attractive low-price-high-volume business model. Its zone grew by almost 1.2 million domains in the last 12 months — the biggest growth spurt of any TLD — and it has just shy of four million domains today.
Despite this implausibly rapid growth, ICANN says that abuse reports for .top domains started falling in April and there has been a “noticeable decrease in reported abuse”.
The Org says it will “actively monitor the effectiveness of these new [.TOP] systems and processes, the Registry Operator’s abuse rankings and their compliance with the requirements.”
The registry has told ICANN it has already “mitigated” over 100,000 abusive domain names with its new systems and processes.
Big .gdn registrar at risk
A registrar that exclusively sells .gdn domain names seems to have gone AWOL, and ICANN Compliance is on its case.
Dubai-based Intracom Middle East has been slapped with a breach notice alleging failures to operate a compliant RDAP server, publish the names of its officers, pay its ICANN fees, and escrow its registrant data.
Some of these breaches seem to be due to the fact that the company’s web site is missing in action, today returning NXDOMAIN errors, and has quite possibly been repeatedly hacked.
Archived versions of its site from last year show it was at various times a Polish risotto recipes splog, an Indian burger joint, and a manga cosplay porn site.
It’s Intracom’s second brush with Compliance. Three years ago the case was escalated to a three-month accreditation suspension for pretty much the same infractions.
Unlike most recent Compliance actions, which have been against registrars with essentially no domains under management, this times some domains are actually at risk — over 10,000 of them in fact.
Intracom specializes/d in selling .gdn domains for under a buck apiece. Apart from a few dozen registrations in a few other gTLDs, all of its 10,000 domains were in .gdn. It was once .gdn’s biggest registrar, though that’s no longer the case.
The company has been given to the end of the month to comply or risk termination.
Registrar terminated after ignoring Whois transition
A registrar has lost its right to sell gTLD domains in part due to its failure to migrate from Whois to RDAP.
Spain-based Abansys & Hostytec has had its ICANN registrar contract terminated over a litany of alleged breaches dating back to 2023, and its meager collection of domains will now be given to another registrar.
ICANN said in its termination notice that the company had failed to implement the Registration Data Access Protocol, the successor to Whois that this week became the new industry standard for domain ownership lookups.
The registrar was also past due on its fees, hadn’t given ICANN evidence the was still in good standing, hadn’t had an employee attend compliance training and was not publishing masked contact addresses in Whois results, among other things.
While its accreditation dates back to the noughties, Abansys has never had more than 600 gTLD domains under management and it seems very unlikely that it was making enough money from those domains to cover the cost of compliance.
ICANN said the termination became effective January 26, but it still wants its past-due fees paid.
Separately, Compliance has also sent breach notices to four other registrars — US-based Zoo Hosting, UK-based Nerd Origins, and China-based Mixun and Mixun Network Technology — that cite RDAP failures as an area of non-compliance but appear to be primarily based on non-payment of fees.
All four registrars appear to have got accredited between 2019 and 2021 and stopped paying their fees not long afterwards. None of them has sold a single gTLD domain, ever, and two of their web sites suggest the companies are no longer around.
They’ve all got until February 12 to magically rectify their compliance problems or face execution.
ICANN gunning for Tencent over abuse claims
ICANN Compliance is taking on one of the world’s largest technology companies over claims that a registrar it owns turns a blind eye to DNS abuse and phishing.
The Org has published a breach of contract notice against a Singapore registrar called Aceville Pte Ltd, which does business as DNSPod and is owned by and shares its headquarters with $86-billion-a-year Chinese tech conglomerate Tencent.
ICANN says that DNSPod essentially has turned a blind eye to recent abuse reports, allowing phishing sites to stay online long after they were reported, and makes life difficult for people trying to report abuse.
It also has failed to upgrade from the Whois protocol to RDAP and failed to migrate its registration data escrow service provider from NCC to DENIC, according to the notice.
According to ICANN, DNSPod received abuse reports about several domains in July and August but failed to take action at all or until ICANN itself got in touch to investigate. Compliance wants to know why.
ICANN adds that the registrar seems to be requiring reporters to create user accounts and use a web form to submit their reports, even after they’ve already used the abuse@ email address.
Stricter rules on DNS abuse came into force on registrars this April. They’re now required to take action on abuse reports.
“Aceville does not appear to have a process in place to promptly, comprehensively, and reasonably investigate and act on reports of DNS Abuse,” the notice reads.
ICANN has given DNSPod until October 11 to answer its questions or risk escalation.
While DNSPod says it has been around for 17 years, it only received its ICANN accreditation in 2020. Since then, it’s grown to almost 200,000 domains under management in gTLDs.
It’s primarily a DNS resolution service provider, saying it hosts over 20 million domains, and does not appear to operate as a retail registrar in the usual sense.
Owner Tencent may not be a household name in the Anglophone world, but it’s the company behind some of China’s leading social media brands, including QQ and WeChat, as well as a formidable force in gaming and one of the world’s richest companies in any sector.
It’s the second huge Chinese tech firm to find itself publicly shamed by ICANN in recent months. Compliance went after Tencent’s primary competitor, Alibaba, on similar grounds in March. Alibaba has since resolved the complaints.
Chinese registrars back in trouble after porn UDRP suspension
A collection of six registrars in the XZ.com stable are back on the ICANN naughty step, facing more Compliance action just a couple of years after a sister company was suspended over UDRP failures.
ICANN has published breach notices against DotMedia and five other registrars under common ownership, claiming that they are failing to send their registration data to the correct escrow provider.
Since last year, registrars have been obliged to escrow their data to DENIC, which replaced NCC Group as ICANN’s sole provider. Escrow is important as it helps make sure registrants keep their domains if a registrar goes out of business.
The six DotMedia registrars have failed to make this transition despite months of hand-holding from ICANN, according to the breach notices. Compliance has been on their case since at least April.
The registrars are among 20 that appear to be under common management, almost all based in Hong Kong and using xz.com as their primary storefront, and it’s not clear why only six accreditations have been found in breach.
The whole group appears to be on the skids in terms of registration volume. The main accreditation, US-registered MAFF Inc, once had around 600,000 gTLD names under management, but that’s down to around 60,000 in the latest registry reports. The others have a few thousand each, having suffered similar percentage declines.
Another member of the group, ThreadAgent.com, was actually suspended for months in 2022 after it failed to transfer two domains lost in cybersquatting complaints under the UDRP to BMW and Lockheed Martin.
The six registrars have until September 25 to come back in compliance or face further action.
ICANN to terminate five new gTLDs
ICANN is set to terminate the registry contracts for five new gTLDs run by an apparent deadbeat registry.
Asia Green IT System’s agreements for .pars, .shia, .tci, .nowruz and .همراه (.xn--mgbt3dhd) have all been “Escalated to Termination Process” following a July breach notice, according to ICANN’s web site.
The first stage of the termination is mediation, which can be followed by arbitration before the contracts, which were all due to expire next month anyway, finally get torn up.
The escalation was not unexpected. All five gTLDs were migrated to the Emergency Back-End Registry Operator program last month after critical systems failed to function within the contractual requirements.
It is believed that the TLDs stopped functioning properly after AGIT failed to pay its back-end provider. It also allegedly failed to pay its ICANN fees.
The gTLDs in question for the most part were not used. The Iranian new-year-themed .nowruz had a handful of third-party registrations but the others never launched in the decade AGIT was contracted to run them.
.tci is an interesting case, a planned dot-brand that AGIT had intended to operate on behalf of the Telecommunication Company of Iran, the country’s incumbent telco.
First registry gets breach notice over new abuse rules
.TOP Registry allegedly ignored reports about phishing attacks and has become the first ICANN contracted party to get put on the naughty step over DNS abuse rules that came into effect a few months ago.
ICANN has issued a public breach notice claiming that the registry, which runs .top, has also been ignoring the results of Uniform Rapid Suspension cases, enabling cybersquatting to take place.
The notice says that .TOP breached new rules, which came into effect April 5, that require it to act on reports of DNS abuse (such as malware or phishing attacks) by suspending the domains or referring them to the responsible registrar.
The registry didn’t do this with respect to a report of April 18, concerning “multiple .top domain names allegedly used to conduct phishing attacks”. It didn’t even read the report until contacted by ICANN, according to the notice.
As of yesterday, only 33% of the phishing domains have been suspended by their registrars, some three months after the attacks were reported, ICANN says.
Compliance is also concerned that .TOP seems to be ignoring notices from Forum, the company that processes URS cases, requiring domains to be locked within 24 hours when they’ve been hit with a charge of cybersquatting.
The registry “blatantly and repeatedly violated” these rules, according to ICANN.
.TOP has been given until August 15 to get its act together or risk having its Registry Agreement suspended or terminated.
The registry has about three million .top domains under management, having long been one of the most successful new gTLDs of the 2012 round in volume terms. It typically sells domains very cheaply, which of course attracts bad actors.
Recent Comments