Tag Archives: .se

So Good, Swedish Customer Buys Stake in Norwegian IQ Global

Norwegian-based cybersecurity company IQ Global AS must be good. This week they announced one of their long-term customers, the Swedish Internet Foundation, operator of the Swedish ccTLD .se, has bought a stake in the company, believed to be around 20%.

Continue reading So Good, Swedish Customer Buys Stake in Norwegian IQ Global

TLD/Registrar Updates: Detecting Fake .BE Web Shops; Afnic Reappointed .FR Registry; .NL COVID Bump Stays; .PY Turns 30; .РФ Photo Contest and Swedish Regulator Ends .SE Supervision plus Tucows Buys UNR

DNS Belgium have published an interview with a student whose Master’s thesis was on detecting fake web shops in the .be domain with machine learning.

Continue reading TLD/Registrar Updates: Detecting Fake .BE Web Shops; Afnic Reappointed .FR Registry; .NL COVID Bump Stays; .PY Turns 30; .РФ Photo Contest and Swedish Regulator Ends .SE Supervision plus Tucows Buys UNR

TLD Updates: Nordic Domain Days 2022 Registration Opens; More .TH SLDs; COVID Surge For .SK; .PT Adds Webcheck; First Governing Board for .GH; .DK Changes and CIRA Commits To A Greener Internet

Registration for the 2022 Nordic Domain Days to be held in Stockholm in May 2022 has opened. The conference that focusses on the domain name industry in the five Nordic countries – Denmark, Norway, Sweden, Finland and Iceland, and let’s not forget the Faroe Islands, Greenland and Åland as well, is aimed as a means of discussing domain name issues for the Nordic region, and is aimed at registries, registrars, resellers, service providers and investors.

Continue reading TLD Updates: Nordic Domain Days 2022 Registration Opens; More .TH SLDs; COVID Surge For .SK; .PT Adds Webcheck; First Governing Board for .GH; .DK Changes and CIRA Commits To A Greener Internet

CIRA Explains Why Registering ccTLD Domains Benefits the Local Internet Community

Registering domain names in a country code top level domain often has benefits to that country’s local internet community. In the case of Canada’s ccTLD, Byron Holland, President and CEO of CIRA who manages .ca, recently explained how in a post on the company blog. Continue reading CIRA Explains Why Registering ccTLD Domains Benefits the Local Internet Community

IIS To Offload Their Registrar Business, .SE Direkt

The Swedish ccTLD manager IIS has decided to offload its registrar business, .SE Direkt.

.SE Direkt, which has almost 122,000 .se domain names under management with 87,000 customers (almost 67,000 corporate and 21,000 private individual customers), sells domain names but doesn’t offer additional services such as webhosting, which most registrars offer these days as a means of making money. The domain name registration business isn’t particularly lucrative when it comes to profitability.

Domain names registered through .SE Direkt currently cost SEK270 (€26) (SEK216 excl. VAT). The price increased from SEK255 to 270 as of 1 October 2017. .SE Direkt’s market share is 7%, which has increased from 6.8% in 2016. There are currently 1,768,495 domain names for the Swedish country code top level domain.

.SE Direkt commenced operations in 2009 when the business model with registrars was established. The idea was that it would act as a stopgap and that domain name registrants would gradually switch to other registrars. The number of customers has not since declined at the expected rate, but is now after ten years down at a level that makes IIS believe the timing is right to no longer continue with the registrar business.

The transfer includes domain names and customer agreements with .SE Direkt and the possibility of a license to use .SE Direkt’s trademark and/or domain name for up to two years.

To ensure that the buyer has the necessary experience and skills required, IIS places, among other things, the requirement that the purchaser should be, or will become, a registrar. Indicative bids with responses to the “Information for stakeholders” [pdf, Swedish only] must be submitted by 17 October 2018.


E-Shops Selling Counterfeit Goods Often Use Re-Registered Brand Domains, European Study Finds

Companies letting their domain names expire are often finding e-shops are re-registering their domain names and using them to market trademark infringing, or counterfeit, goods. But there’s no correlation between the use of the domain name prior to the e-shop and what the e-shop sells.

The study by the European Union Intellectual Property Office (EUIPO) [pdf], through the European Observatory on Infringements of Intellectual Property Rights, was on online business models used to infringe intellectual property rights. The study found when domain names were available for re-registration the entities operating the e-shops would systematically re-register the domain names and shortly after set up e-shops marketing goods suspected of infringing upon the trademarks of others. It was a characteristic that the prior use of the domain names was completely unrelated to the goods being marketed on the suspected e-shops. There were examples of domain names previously used by politicians, foreign embassies, commercial businesses and many other domain name registrants.

The study was conducted in 2 phases. Phase one looked at .dk (Denmark) from October 2014 to October 2015. During this period 566 .dk domains were re-registered by suspected infringers of trademarks immediately after the domain names had been given up by their previous registrants and became available for re-registration. Phase 2 looked at Sweden, which as a Scandinavian country would be assumed comparable with Denmark, Germany and the United Kingdom, which have very well-developed and large e-commerce sectors, and a country with a large e-commerce sector in southern Europe, Spain.

Phase 2 found the same phenomenon previously documented in Denmark also occurs in the Swedish, German, British and Spanish ccTLDs.

According to the study, the “total number of detected e-shops suspected of infringing the trade marks of others using a domain name under the ccTLD” ranged from 2.9% in .de (Germany) to 9.5% in .se (Sweden) while the “total number of detected e-shops suspected of infringing the trade marks of others using a domain name under the ccTLD where the domain name had been previously used by another registrant” ranged from 71.1 % of suspected e-shops in .uk (United Kingdom) to 81.0% in .es (Spain). The average was 5.41% across all ccTLDs in the study and 75.35% respectively.

Based on the research, the researchers believe it must be considered likely that the same also occurs in other European countries with well-developed e-commerce sectors.

An analysis of the 27,970 e-shops in the study identified a number of patterns including shoes were the product category most affected, accounting for two-thirds (67.5%) of the suspected e-shops and then clothes, accounting for 20.6%, while 94.6% of the detected suspected e-shops used the same specific e-commerce software.

Additionally, 40.78 % of the detected suspected e-shops in Sweden and the United Kingdom were registered through the same registrar, 21.3 % of all the e-shops used the same name server and a quarter (25.9%) of the suspected e-shops had the hosting provider located in Turkey, 19.3 % in the Netherlands and 18.3 % in the United States.

Even if the domain name was previously used for the marketing of goods, the study found the current e-shops were marketing a different type of product at the time of analysis. The study examined 40 case studies that indicated the sole reason for re-registration of the domain names is to benefit from the popularity of the website that was previously identified by the domain name. The benefits would include search engine indexing, published reviews of services and/or products and links from other websites that have not yet taken the current use into consideration. The case studies used also indicate a high degree of affiliation between the e-shops is likely. The research seems to indicate that what on the surface seems like thousands of unrelated e-shops are likely to be one or a few businesses marketing trade mark infringing goods to European consumers.

The 140 page study is available for download from:

UK Child Protection Agency Finds 5 TLDs Account For 80% of Child Porn

Five top level domains accounted for 80% of all webpages identified as containing child sexual abuse images and videos, according to the 2016 annual report from the UK’s online reporting hotline for child sexual abuse, the Internet Watch Foundation, released today, with 57,335 URLs containing child sexual abuse imagery and these were hosted on 2,416 domains worldwide.

The 5 TLDs are .com, .net, .se (Sweden), .io (British Indian Ocean Territory) and .cc (Cocos (Keeling) Islands). Verisign is the registry operator for .com and .net, the largest and fifth largest TLDs globally, with 126.9 and 15.3 million registrations respectively, according to their latest quarterly Domain Name Industry Brief, as well as the backend registry operator for .cc. On a per domain basis, it’s clear the operators of .se, .io and cc need to do much more.

Criminals are increasingly using masking techniques to hide child sexual abuse images and videos on the internet and leaving clues to paedophiles so they can find it. IWF has identified commercial child sexual abuse websites which only display the criminal imagery when accessed by a “digital pathway” of links from other websites. The pathway is like a trail of breadcrumbs; when the pathway is not followed or the website is accessed directly through a browser, legal content is displayed. This means it’s more difficult to find and investigate the illegal imagery. It also means that criminal enterprises online are receiving legitimate banking services, as checking their website won’t automatically reveal the criminal content.

When IWF first identified this technique, they developed a way of revealing the illegal imagery, meaning they could remove it, and the websites could be investigated. But the criminals continually change how they hide the illegal imagery, so IWF’s expert analysts adapt in response.

Europe now hosts the majority of child sexual abuse webpages (60%), with North America moving to second place (37%). In contrast, UK now hosts less than 0.1% of child sexual abuse imagery globally, and this is due to the zero tolerance approach the internet industry in the UK takes. Breaking this down further, 92% of all child sexual abuse URLs identified globally in 2016 were hosted in five countries: Netherlands (37%), USA (22%), Canada (15%), France (11%), and Russia (7%).

Unsurprisingly, the criminals behind child sexual abuse online have also taken to the new gTLDs. Registration numbers in the new generic top level domains have jumped almost 8-fold to 29.034 million today from 3.722 million on 1 January 2015 and 2.6-fold from 11.230 million on 1 January 2016. And so has the child abuse that has used new gTLDs. In 2015, the IWF took action against 436 URLs on 117 websites using new gTLDs. In 2016 they took action against 1,559 URLs on 272 websites using new gTLDs – an increase of 258% from the year before, or 2.3-fold. Of these 272 websites, 226 were websites dedicated to distributing child sexual abuse content.

Recognising that new gTLDs are also used for hosting child sexual abuse, the IWF has partnered with leading registries to help prevent the use of gTLDs being used to show children being sexually abused. They utilise Domain Alerts to help their members in the domain registration sector to prevent abuse of their services by criminals attempting to use domains for websites dedicated to the distribution of child sexual abuse imagery. Several registries and registrars are members of IWF, including Rightside and Nominet.

Rightside has been particularly active and playing their part, becoming an IWF Member in September 2015. The IWF annual report gives as a case study the work Rightside, registry operator for .ninja, in attempting to take down domain names that host child abuse content. In 2016 Rightside received Domain Alerts relating to two .ninja domains. These domain names were found to be associated with 138 items of content depicting child sexual abuse material.

Rightside considers the IWF as a trusted third party notifier; this simply means that given the IWF’s unique mandate from the UK authorities, to actively seek and take action on criminal online content worldwide, any Domain Alert report received from the IWF, is taken at face value. Rightside’s Abuse Team can proceed, confident in the knowledge that the IWF’s trained analysts, have investigated, evidenced, and reported all findings to the relevant law enforcement authorities.

Rightside has implemented rapid internal processes for best managing IWF Domain Alerts. They are especially sensitive to the possibility of hacked websites, or situations where their domains are being used by legitimate businesses who may have thousands of users, with any one of these users being potentially responsible for the illegal content. As a registry, Rightside wants to ensure their actions don’t cause further harm, working quickly and decisively to identify the best way to remove illegal content, with the least impact to those not responsible.

“We believe that the IWF partnership provides an important protection, not only for all of Rightside’s registrants, and the general internet user, but protects the well-being of Rightside’s own Abuse Team in processing such reports,” said Alan Woods, Rightside’s Registry Compliance Manager.

“Rightside, as one of the first new gTLD registries to partner with the IWF, sees the benefit of membership in establishing gTLD best practices to protect all web users worldwide from malicious actors. Working with the IWF has been a great partnership in notifying us immediately when a site, using one of our domains, is being abused so we can take action to disable the domain in question.”

“Criminals will attempt to abuse new technologies for their own gain – in this case it’s using new domain names,” said Susie Hargreaves OBE, IWF CEO.

“As a Member of IWF, and the registry for .NINJA, we’ve seen first-hand how Rightside shares our zero-tolerance of child sexual abuse material. We appreciate their commitment and hope the rest of the industry steps up to ensure that criminals distributing child sexual abuse material can find no refuge in gTLDs, only swift and immediate action to stamp out these channels.”

The IWF Annual Report 2016 is available here:

DNS Belgium: Can A Judge Seize A .BE Domain Name?

The Swedish government has long been waging a struggle against “The Pirate Bay,” an online platform for the illegal downloading of music, films, games and software. On 12 May 2016, the Swedish Court of Appeal ruled in a case against Punt SE, the Swedish registry, about the domain names of “The Pirate Bay”. It upheld an early decision by a judge who had confiscated two domain names of “The Pirate Bay” (thepiratebay.se and piratebay.se). Punt SE was required to transfer the ownership of the domain names to the Swedish state.

DNS Belgium logoCould that happen in Belgium as well?

Whether that can happen in Belgium depends on the specific context and on whether there are legal grounds for it: is there infringement on intellectual property rights? Economic fraud or misleading practices? A criminal offence, e.g. child pornography?  A judge will investigate each time whether there is a possibility pursuant to the underlying legislation.

A second important difference between Belgium and Sweden is that confiscation can be carried out on the holder of a domain name, and not the registry. The registry is responsible for the technical and administrative management only.

When the crown prosecution service issues a requisition to get a domain name offline, the domain name in question is withdrawn. The 2 leading registries in Belgium, DNS Belgium and EURid, comply with the requisitions of the crown prosecution service in each case.

BAF vs. Telenet & Belgacom

A court has already ordered the withdrawal of a domain name in the past. In 2011, BAF, the Belgian Anti-piracy Federation, won a case against Telenet and Belgacom concerning some domain names of “The Pirate Bay”. Belgacom and Telenet had to make surfing to those websites impossible by either blocking the IP addresses or by blocking traffic to the domain name.

Alas, this measure is not the most efficient. Just a few days after the ruling, the company behind “The Pirate Bay” registered the domain name “depiraatbaai.be” and started using it. In Sweden “The Pirate Bay” can be reached “thepiratebay.org”, the domain name with which it all began for them all those years ago.

To be continued

The saga of the Swedish domain names of “The Pirate Bay” has not run its course yet with the ruling of the court of appeal. One of the co-founders of “The Pirate Bay”, Fredrik Neij, did not agree with the ruling and has appealed the decision to the highest judicial body of Sweden, the “Högsta domstolen”. The essence of the case:  should the confiscation be directed against Fredrik Neij or Punkt SE? To be continued without any doubt.

This DNS Belgium post was sourced from:

IIS Releases .SE & .NU Zone Files

IIS .SE Sweden logo[news release] As of today (16 May), IIS will be providing information about .se and .nu domain names that are visible to the internet public. This means that the registered and delegated domains in the Domain Name System (DNS) will now be visible as the zone files for the IIS top-level domains are being released to the public and made available for download for the first time.

The underlying reason for making the zone files for .se and .nu available is our endeavor at IIS to promote transparency and openness. IIS has made the assessment that the zone files do not contain any confidential information and, therefore, there is no reason not to make this information available.

“Our hopes are that services will be built that enable laymen to use the information and that disclosure will positively impact research into the Swedish internet infrastructure,” says Patrik Wallström, IT security expert at IIS.

What is a zone file?

A zone file is a text file that contains all of the delegated domain names for a top-level domain and the related information. Domain names require the information in the zone file to be able to function at a technical level. In addition to the domain names that IIS administers, a zone file also contains its associated name servers and all the DNSSEC information.

What does this mean for domain name registrants?

In practical terms, this has no practical implications for existing owners of .se or .nu domains. The information in the zone file has never been considered confidential, even if zone files have never previously been published in full.

However, this could have an impact on parties that, for various reasons, do not wish to publish a domain name that is not in use. New brands and temporary campaigns are typical examples of names that many wish to keep under wraps before their launch. If the owner of a .se or .nu domain wishes to keep the domain name secret, no delegation should be written to the zone file. The registrar (reseller of .se domains) that the domain name is registered with can assist with this.

  • More information regarding the zonefiles can be found here.
  • The zonefiles can be downloaded here.


IWF Finds Child Abuse On 2,000 Domains Including Over 400 New gTLDs In 2015

The UK’s Internet Watch Foundation found 68,092 URLs containing child sexual abuse imagery and hosted on 1,991 domains worldwide according to their latest annual report published Thursday.The IWF, the UK online child sexual abuse charity, found these 68,092 URLs hosting child sexual abuse content were traced to 48 countries, which is an increase from 45 in 2014. And five top level domains (.com, .net, .ru, .org and .se) accounted for 91 percent of all webpages identified as containing child sexual abuse images and videos.And for the first time the IWF saw these new gTLDs being used to share child sexual abuse imagery. The IWF believes many of these domains in new gTLDs have been registered specifically for that purpose.The IWF took action on 436 websites in 2015 using new gTLD domains to share child sexual abuse material. 138 of these were disguised websites.To assist registries and registrars that are members of IWF in taking down domain names that are used to host child sexual abuse content, the IWF has a Domain Alerts service to prevent abuse of their services by criminals attempting to share child sexual abuse imagery. This service appears to have commenced last year.The service works through IWF analysts identifying new child sexual abuse images and videos. Domain registries or registrars are sent immediate alerts if any child sexual abuse material is discovered on any domains registered through or by them.In the domain name business, members include Nominet, who provide registry services for .uk, .wales and .cymru, ICM Registry who operates .xxx, .adult and .porn, Afilias, GoDaddy, Rightside, names.co.uk and DotLondon.The main finding of the report reveals a staggering increase in the number of reports of illegal child sexual abuse images and videos that the IWF removed from the internet last year.68,092 reports were positively identified as containing illegal child sexual abuse imagery and taken down. This is a 417 percent increase in online confirmed reports over two years and an 118 percent increase in illegal child abuse imagery over the previous year.Data from IWF’s 2015 Annual Report, show their analysts have seen a dramatic increase in reports. This is since Prime Minister David Cameron gave his approval for the IWF to start proactively searching for online child sexual abuse imagery in April 2014.The IWF’s annual report is available for download from: