Domain takedowns can be complex. Let's simplify it here.
Removing it from the Domain Name Server
A domain is officially taken down when it is deactivated or removed from the Domain Name System (DNS). The Domain Name System is essentially a global directory that translates human-friendly domain names, such as, www.example[.]com, into IP addresses that computers use to locate websites on the internet. When a domain is removed from the DNS, it means that the associated domain name no longer points to a specific web server or destination.
The Domain Status
A domain status refers to the current condition or state of a website domain name in the context of its registration and functionality. It indicates whether the domain is active, suspended, expired, or undergoing other specific changes. Domain statuses are typically managed by domain registrars and can vary slightly depending on the domain extension (e.g., .com, .org, .net). A domain's status can be checked in its Whois info. Here are common domain status codes:
-
Active: The domain is registered and functioning as intended. The domain can be modified, renewed, and included in the DNS zone if pointed to a nameserver.
-
Registry-Lock: Registrar can't modify or delete, but it can be renewed. Registry must remove this lock for changes.
-
Registrar-Lock: Similar to Registry-Lock but set by the registrar.
-
Registry-Hold: Registrar can't modify but can renew. Registry must remove this hold for changes.
-
Registrar-Hold: Similar to Registry-Hold but set by the registrar.
-
Redemption Period: Domain can't be modified or deleted, only restored within 30 days.
-
Pending Restore: Set when restoring a domain from Redemption Period. Domain can't be modified during this process.
-
Pending Delete: After Redemption Period, the domain is purged from the registry in 5 days. No modifications allowed.
-
Expired: The domain registration has lapsed, and it may become available for registration by others.
-
Suspended: The domain is temporarily inactive, often due to a violation of the registrar's terms of service.
-
Pending Deletion: The domain is in the process of being removed from the DNS, and it may become available for registration again.
-
Client Transfer Prohibited: Restrictions are placed on transferring the domain to another registrar.
-
Server Transfer Prohibited: Restrictions are placed on changing the domain's DNS server settings.
Successful takedown codes
The following codes represent potential outcomes resulting from a successful takedown executed by our dedicated team.
| Domain on clientHold | The registrar has taken action to cause the domain not to resolve in the DNS. Any websites or emails associated with the domain will be offline. |
| Domain on serverHold | The registry has taken action to stop the domain from resolving in the DNS. |
| Content Deactivation | The registrar, ISP or registrant has taken action to remove the content |
| Account Suspension | The registrar or ISP has suspended the account of their customer (the threat actor) |
|
Domain Parked/ Repossessed |
The registrar has parked the domain and taken possession from the threat actor |
| Domain Purged | The registry has deleted the domain, the domain will not be available for registration for 60 days. |
Frequently Asked Questions