IT.COM

question Domain got put on hold by Verisign without a single email

Spaceship Spaceship
Watch

PAKB

QDES.COMAccount Closed (Disallowed)
Impact
158
Hello , I hand regged a domain EXXEE.com on 2019-10-21 at dynadot , Same domain was approved on SH as premium listing , I changed NS to SH back then but today when my domain got delisted at Squadhelp (Due to changed nameservers) , I contacted dynadot immediately and asked how my NS were changed without my permission.
Dynadot let me know that domain got on hold by verisign , I didn't got any email from registery or dynadot before about this ...What could be issue and how can i get domain back ?

Here is reply from dynadot
exxee-dynadot.PNG
 
Last edited:
11
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Also , When i try to open my domain there appears some downloadable file which seems totally fishy and spam , How can my registered domain can be used for spreading spam ?
 
0
•••
Where you see this "hold"???
I don't see serverHold status in WHOIS and DNS works...
So nothing was blocked by Verisign.
 
1
•••
Where you see this "hold"???
I don't see serverHold status in WHOIS and DNS works...
So nothing was blocked by Verisign.
Hello , i contacted dynadot they told me this,,, kindly check attachment... Also strange thing is NS got changed without my approval , domain is pointing to something totally fishy, i think someone managed to find a loophole in dynadot system to change NS which they are not accepting...

exxee-dynadot.PNG
 
2
•••
Some mistake from Dynadot.
It is NOT blocked de jure.

When it is really blocked - serverHold is displayed in WHOIS and DNS is disabled.
 
2
•••
@Dynadot Can i get an answer how my domain is forwarding to something fishy without my approval , how can my domain be used to download some fishy file without my consent ?
 
2
•••
Try their LiveChat and point to this thread...
 
3
•••
Registry whois shows the following DNS:

Name Server: SC-A.SINKHOLE.SHADOWSERVER.ORG
Name Server: SC-B.SINKHOLE.SHADOWSERVER.ORG
Name Server: SC-C.SINKHOLE.SHADOWSERVER.ORG
Name Server: SC-D.SINKHOLE.SHADOWSERVER.ORG

Registrar whois shows the following DNS:

Name Server: ns1.squadhelp.com
Name Server: ns2.squadhelp.com

Accordingly, dns servers were indeed changed on registry level. It may or may not be possible to change them back and prevent this from repeating. The domain must have some questionable history.
 
Last edited:
2
•••
New informal methods of Verisign?
Nowadays they block by changing NS???
 
2
•••
Registry whois shows the following DNS:

Name Server: SC-A.SINKHOLE.SHADOWSERVER.ORG
Name Server: SC-B.SINKHOLE.SHADOWSERVER.ORG
Name Server: SC-C.SINKHOLE.SHADOWSERVER.ORG
Name Server: SC-D.SINKHOLE.SHADOWSERVER.ORG

Registrar whois shows the following DNS:

Name Server: ns1.squadhelp.com
Name Server: ns2.squadhelp.com

Accordingly, dns servers were indeed changed on registry level. It may or may not be possible to change them back and to prevent this from repeating. The domain must have some questionable history.

Live support person at verisign few seconds ago asked me to ask this from dynadot (n)
 
0
•••
New informal methods of Verisign?
Nowadays they block by changing NS???
And check Updated Date in WHOIS...
Dec'6... It happened a few weeks ago - in other words.
 
Last edited:
1
•••
Last edited:
5
•••
Yes, its a govt action, this has been happening to some domains, you are best to retain the services of J. Berryhill if you want to try to get your name back. I remember him mentioning something about this recently.
 
5
•••
I didn't got a single email from dynadot or verisign about it which makes me think bad about this now...(n)
 
1
•••
I didn't got a single email from dynadot or verisign about it which makes me think bad about this now..
Verisign was not ordered by the government to email anybody. So they did not sent any emails. Dynadot was also unaware of this change.
 
1
•••
So US courts are able to update/block any gTLD domains, right?
 
1
•••
So US courts are able to update/block any gTLD domains, right?

Not sure. I know they sinkhole domains when they spread malware all the time.

Don't know if there are other reasons why they do it.
 
3
•••
My domain was appointing to SH , I don't know how it was spreading malware after it was regged again after its expiration...
 
2
•••
Not sure. I know they sinkhole domains when they spread malware all the time.

Don't know if there are other reasons why they do it.
ANY gTLD or Verisign only?
 
0
•••
It's an unfortunate situation for OP as the domain may have been used to spread malware in the past.

It's quite a good defense against malware, DDOS attacks etc. Just sinkhole traffic and analyze it. Basically you can create one big Honeypot or in the event of a DDOS nullroute traffic.

ANY gTLD or Verisign only?

I think I have seen all of the original TLDs listed but not 100% sure.
 
2
•••
1
•••
So I just checked as it's been a while since I was actively involved in networking etc.

Any registry can sinkhole domains using shadowserver. Saw a lot of ccTLDs and newTLDs listed as well.
 
Last edited:
2
•••
Strangely...
I do tens of WHOIS reviews daily... for many years...
And never have seen those shadow NS.
 
4
•••
3
•••
Very strange, that Spamhaus has nothing against this domain
Maybe they (spamhaus) finally did something right - removed the domain from their db after it became pendingdelete.
 
1
•••
Back