Malicious Domain Statement

Last updated: 1 May 2021

1. Introduction

The vast majority of domain name registrations are made for legitimate purposes, most often to provide an online home for a lawful business or organization. However, there are some domain names registered exclusively to cause consumer harm. This statement focuses on how Núna ehf. (“Núna”) defines malicious domain names, and provides a non-exhaustive list of possible actions that can be taken to address them once they have been found.

2. Illegal Activities That Warrant Designation of Domain Names as Malicious

Under Section 1.13 of ICANN’s Registrar Accreditation Agreement (RAA1), “illegal activity” is defined as “conduct involving the use of a Registered Name sponsored by Registrar that is prohibited by applicable law and/or exploitation of Registrar’s domain name resolution or registration services in furtherance of conduct involving the use of a Registered Name sponsored by Registrar that is prohibited by applicable law.” Depending on the jurisdiction, this definition would include domain names used for purposes such as the

  • Online child sexual exploitation materials.
  • Promotion or encouragement of terrorism, fundraising in support of terrorism, training and equipping terrorists, or sites encouraging the development, deployment, and use of weapons of mass destruction.
  • Sites involved in the illegal production, sale, or distribution of narcotics and dangerous drugs (“Scheduled Controlled Substances”), or the illegal production, sale, or distribution of listed precursor chemicals (aka “DEA List I or List II Chemicals”).
  • Money laundering or related financial offenses.
  • Hacking/cracking, or conducting or directing attacks against other sites, including so-called “denial of service” (DoS) attacks; unauthorized intrusions or attempted intrusions; unauthorized network scanning or reconnaissance; or the production, distribution, or operation of malware (malicious software) including the hosting of botnets or their “command and control” servers.
  • Carding, which is trading in stolen credit cards or similar financial credentials, or the sale or other disposition of private personally identifiable information (PII).
  • Fraudulent or deceptive schemes, including but not limited to, sale of mislabeled or misbranded products, including “knock-off” consumer goods such as illegally branded watches, jewelry, handbags, shoes, sports jerseys, etc., Ponzi schemes, advance fee fraud, auction fraud.
  • Sending unsolicited commercial communications (“spamming”) or facilitating the sending of such communications, including the compilation, marketing, and sale of compilations of addresses or phone numbers.
  • Illegal trafficking in copyrighted intellectual property, including pirated software (“warez”), pirated music and/or other audio, pirated movies and/or any other video, pirated books, or other pirated intellectual property, including links to other sites where such content exists.

3. Determination of Malicious Domains

Núna, in its sole and absolute discretion, shall determine which domains are considered malicious. Núna may consider, although it is not required to do so, nor disclose if it does so, the information provided by one or more entities in determining which domains are malicious.

4. Addressing Malicious Domain Names

Núna may take any or all of the following actions at any time without any requirement of notification to any party associated with any domain name which Núna determines to be malicious:

  • Details concerning the malicious domain shall be forwarded to the registrar (and possibly the registry, if needed) operator(s) to see if the domain name may be suspended per its policies and procedures. The appropriate law enforcement agency or CERT (Computer Emergency Response Team) within the corresponding jurisdiction might be contacted as well if needed.
  • If a malicious domain’s contact details are suppressed or obfuscated by a privacy or proxy service, that service might be contacted to evaluate if the domain’s service may be terminated under applicable terms.
  • If the registrar or registry operator does not respond, a complaint might be filed against the registrar or registry operator to the extent that such processes are available. For example, an ICANN Compliance complaint against the registrar may be in order for failure to investigate a report of abuse if the domain is a generic Top-Level Domain (“gTLD”). Núna might also consider using any administrative proceedings available, such as null-routing the domain, immediate suspension or termination of any hosting, and utilizing the Uniform Rapid Suspension (URS) system for a new gTLD domain.

Are you ready to start a project with Núna?

Núna can help regardless of where your project stands today.