Have you ever recieved an email from this address? Here’s why it might not actually be a scam.
It’s mid-afternoon on January 5th, 2026. As I’m finishing work for the day I notice that lzon.ca is down. I immediately go into debug mode and I begin stepping through the problem.
| I Think | I Do | I See |
|---|---|---|
| 1. Random network hiccup | Refresh Page | Not working |
| 2. Firefox being weird | Try Brave | Nope, not working either |
| 3. Computer hates me? | Check Phone | Still nothing |
| 4. Internet hates me? | Turn WiFi OFF, Data ON | I have a problem |
Fuck. This is real, and I’m just coming off my caffiene high Why couldn’t this have happened this morning?
OK. time to log in to Netlify and figure out Why I now have to hate them.
Literally everything is fine, your website is online. BTW, we pushed that update you made this morning to production for you.
I see, thank you Netlify…
Alighty, on to Cloudflare to check on the domain.
Business as usual, Lzon. While you’re here wanna pay for our fancy Cloudflare (TM) AI thingy?
No thanks, I’m good.
Now I’m running out of ideas. I need to get my bearings, I need a sanity check. It’s time for a WHOIS lookup.
Nameservers:
ns1.emailverification.info
ns2.emailverification.infoYay! I found something wrong, that means I’m not going completely insane!
AFAIK, Cloudflare manages their own DNS servers and any domain bought from them will always be associated with that infrastructure. For that reason alone, this has to be wrong.
I’m now also remembering some scam emails I got soon after registering the domain. I didn’t bother to read them closely. As soon as they started asking me to click on shit I yeeted them into the Trash. They were all sent from this address.
noreply@emailverification.info Fuck, I’ve been scammed. Or maybe not…
I immediately fire off a support email. I bought the domain from Cloudflare but they got it from a Registrar I’ve never heard of. I try to contact them but they won’t respond to my message until the next day, after I figure out how to fix this myself. They’ll tell me to pound sand and take my issue to Cloudflare. Thanks for nothing, Hexonet.
Next I start researching. I also double-check my thinking, to see that I haven’t missed anything. I eventually find this article.
OK… Fullhost.com says that maybe those emails weren’t a scam, and that you actually need to follow the written instructions or else your domain gets suspended. I’ve never heard of Fullhost.com but they look legit, they pass my sniff test at least.
Time to pluck that email out of the Trash and re-read it.
Dear registrant or prospective registrant,
due to the requirements under the ICANN Registrar Accreditation Agreement we are required to confirm the validity of the email address provided for the domain name registration application or contact creation.
The domain(s) listed below were registered/updated with your e-mail address in the domain owner contact. It is now mandatory that you confirm the accessibility of your email address. Verification required until / Domain Name
2026-01-04 14:35:16 lzon.ca
You will only have to do this once for each email address used.
Please click on the following link to confirm that you have received this email and to validate your email address:
[ REDACTED, A SKETCHY AS FUCK URL ]
If the above shown link should be broken please proceed to
http://emailverification.info
and enter your personal validation token into the form field:
trigger = [ REDACTED, SOME BASE-64 LOOKING NON-SENSE ]
Please note that in case you do not validate your email address, we are required to suspend your domain name registration(s) using these contact details no later than:
Sunday January 04. 2026 14:35:16 UTC
After the suspension date you can always re-activate your domain name(s) by confirming the address as described above.
IMPORTANT NOTE: If you do not carry out this confirmation, the domain registration guidelines prescribe that the status of your domain (s) mentioned above is changed to “on hold”. In consequence your domain(s) can not be reached anymore.
Thank you very much for your cooperation!
Best regards, Your ICANN Accredited Registrar
Ugh… This might be real. They said a month in advance that they’ll suspend the domain on a specific day, at a specific time, which is exactly what happened. I have zero evidence that any accounts were compromised, so that means they had the power to do this without access to my hosting or domain services.
But this looks sooooo sketchy. I like to believe that I’m good at spotting scams, and this looks SCAMMY AS FUCK. I’ve been having a blast building Lzon, and I really want it back. I’m not certain this will work, and there’s a small chance I’m about to pwn myself, but I go ahead and do as the email says. I manually type out the address into my browser, submit the code, and proceed to sweat bullets. Then I get confirmation.
Response for trigger
[ REDACTED, SAME BASE-64 STRING FROM THE EMAIL ]
[RESPONSE]
code = 200
description = Command completed successfully
queuetime = 0
runtime = 0.058
EOFI do another WHOIS lookup and the nameservers are now as they should be, pointing to Cloudflare’s infrastructure. Over the next day things will slowly return to normal, as DNS begins to settle.
A part of me still feels like this is somehow a scam, but I have every reason to believe that this was real. I hope I’m right.
I still have a lot of un-answered questions.
I’ve bought domains before but this never happened. Maybe this has something to do with the ‘.ca’ TLD?
I want answers, and I’m going to continue researching. I’ll either update this post or make a new one when I have more information. It took me a while to find that article from Fullhost.com and I’d like to contribute to the knowledge-base on this issue. If anyone gets caught by this, and I’m sure many more will, then I want to be able to help if I can.
If you are reading this and have any information, please reach out to me at mail@lzon.ca.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。