Ukrainian domains slide as war becomes the new normal

Ukraine’s ccTLD is starting to see a decline in its total domains under management as emergency policies related to Russia’s full-scale invasion in February 2022 are relaxed.

According to local registry Hostmaster, .ua’s total was down 1.5% at the end of the first quarter at 612,778 domains, due to the fact that expiring domains that were frozen in 2022 have now started to drop.

Hostmaster said the effect will become more noticeable in coming quarters. Stats show a decline of about a thousand domains since the end of June.

When the war started, .ua had about 558,000 domains. It peaked at around 614,000 in early June.

Early in the conflict, Hostmaster had said that expired domains would be held in a redemption period status. Many registrants were assumed to have been drafted into the military or refugees.

Since then, the registry says a “significant number” of expired domains have been restored.

However, the policy was rolled back this June; expired domains now have the antebellum standard 30 days to be restored. Domains that were not renewed in 2022 still have a November deletion date, Hostmaster said.

Meanwhile, WIPO has recently restarted its UDRP services for Ukraine, having paused them in May 2022 in response to the war. Decisions that were paused in early 2022 have now been executed and published.

Registry launches Ukrainian domains for Russian-occupied region

A Ukrainian registry has started offering domains in a second-level Ukrainian transliteration of a Russia-occupied region.

Southern Ukrainian Network Information Center started offering residents of the Mykolaiv oblast domains at the third-level under mykolaiv.ua at the start of October, according to the registry’s web site.

Mykolaiv is the Ukrainian version of the original Cyrillic name. Previously, domains were only available under the Russian transliteration, .nikolaev.ua. SUNIC also offers the shorter .mk.ua domain.

Mykolaiv, in the battle-scarred south of the country, is also the name of the region’s capital city. While the city has resisted Russian capture, much of the region has been under the invading force’s control since early in the war.

SUNIC, which also offers odessa.ua (Russian) and odesa.ua (Ukrainian) names for the Odesa region and city, is encouraging .nikolaev.ua registrants to acquire their matching mykolaiv.ua names.

Adopting Ukrainian transliterations of Cyrillic place names has been seen as a symbolic act of defiance against Russian ambitions.

Ukrainians urged to “de-Russify” their domains

There’s reportedly a push in Ukraine to get registrants of Russian-transliterated TLDs to switch to their matching Ukrainian versions.

Ukraine’s .ua offers domains in dozens of second-level domains, many of which correspond to the names of cities, such as kyiv.ua and .kharkiv.ua.

But while pretty much everyone in the Anglophone world and elsewhere has started using the Ukrainian transliterations as standard in the six months since Russia invaded, Ukrainian domain registrants have been slow to follow.

According to local registry Hostmaster, today there are 38,564 names registered in the Russian .kiev.ua, but only 1,965 in the Ukrainian .kyiv.ua.

Now local hosting company and registrar HOSTiQ is now reportedly offering customers the chance to swap their Russian domains for the Ukrainian equivalents for free.

.ua as a whole has over 580,000 registered names.

ICANN reports shocking increase in pandemic scams

The number of gTLD domains being used for malware and phishing related to the Covid-19 pandemic has increased markedly in the last eight months, according to data released by ICANN this week.

The Org revealed that since it started tracking this kind of thing in May 2020 it has flagged 23,452 domains as “potentially active and malicious”.

The data is collected by checking zone files against a list of 579 keywords and running the results through third-party abuse blocklists. Blocked domains are referred to the corresponding registrars for action.

I’m not sure you could technically call these “takedown requests”, but there’s a pretty strong implication that registrars should do the right thing when they receive such a report.

The 23,452 notices is a sharp rise from both the 12,860 potentially abusive flagged names and 3,791 “high confidence” reports ICANN has previously said it found from the start of the project until August 2021.

It’s not clear whether the rise is primarily due to an increase in abusive practices or ICANN’s improved ability to detect scams as it adds additional keywords to its watch-list.

ICANN said in March that it is now also tracking keywords related to the Russian invasion of Ukraine.

It’s also asking organizations in frequently targeted sectors to supply keyword suggestions for languages or scripts that might be under-represented.

The data was processed by ICANN’s Domain Name Security Threat Information Collection and Reporting (DNSTICR or “DNS Ticker”), which Org management previously discussed at ICANN 73.

A sign of things to come? Verisign slashes outlook in post-pandemic slowdown

Verisign is warning that its business is going to grow slower than expected in 2022, due to the after-effects of the pandemic and general economic conditions.

The registry tonight reported first-quarter revenue of $347 million, up 7% on the comparable period a year ago, after raising its .com prices 7% last year.

But the company has slashed its sales estimates for the year.

CEO Jim Bidzos told analysts this evening that the company and its registrars have started to see a post-pandemic slowdown in sales, exacerbated by other unspecified “macro-economic factors”.

“Incremental demand for new registrations that grew during the pandemic is subsiding,” Bidzos said.

Many domain companies, including Verisign, saw growth spikes during the pre-vaccine pandemic, when many small businesses moved to online sales to stay afloat during recurring lockdown restrictions.

But that’s all over now, and the economic fallout most of us are feeling seems to also be affecting domain sales.

The company said its net income for the first quarter was $158 million, up from $150 a year ago. Its operating margin slipped a little, however, from an enormous 65% to an enormous 64.8%.

Verisign ended the quarter with 161.3 million .com domains and 13.4 million .net domains under management, up 4% combined at 174.7 million.

The renewal rate for .com and .net domains was estimated at 74.8%, up from 73.5% a year ago.

The company expects its domain base to grow between 1.75% and 3.5% this year. That’s down quite significantly from its February estimate of growth between 2.5% and 4.5%.

It added 10.1 million new names in the quarter, compared to 10.6 million in Q4 and 11.1 million in Q1 last year.

While Bidzos did not drill very deep into the other factors contributing to his pessimistic outlook, he did say that the war in Ukraine was not a factor. Sales in Ukraine, Russia and Belarus are “not material”, he said.

I suspect what we’re looking at here is probably related to what the media here in the UK is calling the “cost of living crisis”, which is seeing the price of staples such as food and energy skyrocket and many people cut back on luxuries as a result.

UPDATE: This article was updated July 28, 2022 to correct the number of .net registrations from 13.1 million to 13.4 million.

Ukraine won’t delete domains until war is over

Hostmaster, the Ukrainian ccTLD registry, has indefinitely paused domain deletions due to the ongoing war with Russian.

The company said its domain redemption period, which usually lasts 30 days after a registration expires, will now run until the end of martial law, which was brought in by the government shortly after the invasion.

The registry had previously, and perhaps optimistically, extended the window to 60 days. But the war continues, and many registrants are still unable to renew their names.

Since the first extension, registrars have already recovered over 300 names that were not renewed in time, Hostmaster said.

The price to restore an expired .ua name is the same as a renewal, the registry said.

ICANN picks recipient of $1 million Ukraine aid

ICANN has decided to donate $1 million to the Emergency Telecommunications Cluster, an international organization that helps people stay connected during times of crisis.

The donation was announced at ICANN 73 in early March, not long after Russia’s invasion of Ukraine, and ICANN has spent the last six weeks picking a recipient and doing its due diligence. For ICANN, that’s basically warp speed.

The ETC is one of 11 “clusters”, overseen by the UN’s Inter-Agency Standing Committee, which provide relief during humanitarian crises. Other clusters help with food, medicine, and so on.

Its partners include UN agencies, other governmental bodies, charities, and private companies such as Cisco and Iridium.

The ETC has been on the ground in Ukraine since March 3, preparing to provide emergency communications and strengthen infrastructure against cyber-attacks, though its latest report notes that Ukraine’s infrastructure is holding up pretty well so far.

ICANN CEO Göran Marby said in a statement:

This is an initiative for which we have no precedent; it is a first for ICANN. I am proud of the org for the drive and commitment to quickly identify the best path and organization to efficiently deliver meaningful support. The ETC’s vision of “a world where safe and local access to reliable communications is always available” is well aligned with our mission to ensure the stable and secure operation of the Internet’s unique identifier systems.

ICANN’s board has approved an ongoing program of similar donations, not just for Ukraine.

Domain sales exempt from US sanctions on Russia

A variety of internet technologies, including domain name registration services, have been declared exempt from US sanctions on Russia.

The Department of the Treasury’s Office of Foreign Assets Control has issued a notice (pdf) specifically authorizing the export to Russia for the following:

services, software, hardware, or technology incident to the exchange of communications over the internet, such as instant messaging, videoconferencing, chat and email, social networking, sharing of photos, movies, and documents, web browsing, blogging, web hosting, and domain name registration services

The move is reportedly meant to support independent media’s and activists’ fight against Russian government propaganda during the Ukrainian invasion.

Some US registrars, including Namecheap and GoDaddy, have chosen to restrict their Russian customer base on ethical grounds since the first week of the war in Ukraine.

Namecheap, which has many staff in Ukraine, has banned all Russian custom other than those actively opposing the Putin government.

Microsoft seizes domains Russia was using to attack Ukraine

Microsoft says it has taken control of some domain names that we being using by hackers connected to the Russian security services to launch cyber attacks against Ukrainian, US and EU targets.

Company VP Tom Burt wrote that seven domains used by a group called Strontium were seized via a US court order and redirected to a Microsoft sinkhole, disrupting these attacks.

Burt wrote that the targets were Ukrainian media organizations and US and EU foreign policy think tanks, adding:

We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information.

One wonders why Russia would use domains under US jurisdiction to conduct such attacks.

War fails to stop .ua domains selling

Ukraine’s ccTLD has maintained what appears to be a healthy level of new registrations, despite the Russian invasion.

The company today reported that between February 24 and March 25, it saw over 3,000 new .ua domain regs, over 2,000 of which were in .com.ua. The ccTLD offers names in a few dozen third-level spaces.

February 24 was the day Russia invaded, and the day Ukraine went into martial law.

“The com.ua domain is mostly used by commercial organizations. Therefore, the presence of registrations shows that Ukrainian business continues to operate under martial law,” Hostmaster wrote (via Google Translate).

.ua had a total of 534,162 domains under all 2LDs today, according to the registry’s web site.

While Hostmaster has not yet published its end-of-month stats for March, it appears that the new adds suggest an improvement on typical monthly performance, or at least business as usual.

The registry has come under denial-of-service attack dozens of times since the war started, but says it has so far continued to operate without interruption.