NameSilo

Domain got put on hold by Verisign without a single email

Labeled as question in General Domain Discussion started by PAKB, Dec 24, 2019.

Replies:
107
Views:
6,705

  1. PAKB

    PAKB QDES.COM

    Posts:
    695
    Likes Received:
    159
    Hello , I hand regged a domain EXXEE.com on 2019-10-21 at dynadot , Same domain was approved on SH as premium listing , I changed NS to SH back then but today when my domain got delisted at Squadhelp (Due to changed nameservers) , I contacted dynadot immediately and asked how my NS were changed without my permission.
    Dynadot let me know that domain got on hold by verisign , I didn't got any email from registery or dynadot before about this ...What could be issue and how can i get domain back ?

    Here is reply from dynadot
    exxee-dynadot.PNG
     
    Last edited: Dec 24, 2019
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. PAKB

    PAKB QDES.COM

    Posts:
    695
    Likes Received:
    159
    Also , When i try to open my domain there appears some downloadable file which seems totally fishy and spam , How can my registered domain can be used for spreading spam ?
     
  3. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    10,256
    Likes Received:
    8,380
    Where you see this "hold"???
    I don't see serverHold status in WHOIS and DNS works...
    So nothing was blocked by Verisign.
     
  4. PAKB

    PAKB QDES.COM

    Posts:
    695
    Likes Received:
    159
    Hello , i contacted dynadot they told me this,,, kindly check attachment... Also strange thing is NS got changed without my approval , domain is pointing to something totally fishy, i think someone managed to find a loophole in dynadot system to change NS which they are not accepting...

    exxee-dynadot.PNG
     
  5. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    10,256
    Likes Received:
    8,380
    Some mistake from Dynadot.
    It is NOT blocked de jure.

    When it is really blocked - serverHold is displayed in WHOIS and DNS is disabled.
     
  6. PAKB

    PAKB QDES.COM

    Posts:
    695
    Likes Received:
    159
    @Dynadot Can i get an answer how my domain is forwarding to something fishy without my approval , how can my domain be used to download some fishy file without my consent ?
     
  7. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    10,256
    Likes Received:
    8,380
    Try their LiveChat and point to this thread...
     
  8. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    1,721
    Likes Received:
    2,516
    Registry whois shows the following DNS:

    Name Server: SC-A.SINKHOLE.SHADOWSERVER.ORG
    Name Server: SC-B.SINKHOLE.SHADOWSERVER.ORG
    Name Server: SC-C.SINKHOLE.SHADOWSERVER.ORG
    Name Server: SC-D.SINKHOLE.SHADOWSERVER.ORG

    Registrar whois shows the following DNS:

    Name Server: ns1.squadhelp.com
    Name Server: ns2.squadhelp.com

    Accordingly, dns servers were indeed changed on registry level. It may or may not be possible to change them back and prevent this from repeating. The domain must have some questionable history.
     
    Last edited: Dec 24, 2019
  9. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    10,256
    Likes Received:
    8,380
    New informal methods of Verisign?
    Nowadays they block by changing NS???
     
  10. PAKB

    PAKB QDES.COM

    Posts:
    695
    Likes Received:
    159
    Live support person at verisign few seconds ago asked me to ask this from dynadot (n)
     
  11. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    10,256
    Likes Received:
    8,380
    And check Updated Date in WHOIS...
    Dec'6... It happened a few weeks ago - in other words.
     
    Last edited: Dec 24, 2019
  12. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    1,721
    Likes Received:
    2,516
    Not they. It is U.S. legal system ordered them to do so. Like this - a court order to change dns for a number of bad domains, to these sinkhole shadow dns exactly, page No 5:
    https://www.justice.gov/opa/page/file/915226/download

    If a domain was re-registered, but there is a court order - then they still must comply.
     
    Last edited: Dec 24, 2019
  13. wwwweb

    wwwweb Top Contributor VIP ★★★★★★★★★★

    Posts:
    10,571
    Likes Received:
    10,374
    Yes, its a govt action, this has been happening to some domains, you are best to retain the services of J. Berryhill if you want to try to get your name back. I remember him mentioning something about this recently.
     
  14. PAKB

    PAKB QDES.COM

    Posts:
    695
    Likes Received:
    159
    I didn't got a single email from dynadot or verisign about it which makes me think bad about this now...(n)
     
  15. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    1,721
    Likes Received:
    2,516
    Verisign was not ordered by the government to email anybody. So they did not sent any emails. Dynadot was also unaware of this change.
     
  16. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    10,256
    Likes Received:
    8,380
    So US courts are able to update/block any gTLD domains, right?
     
  17. NameDeck

    NameDeck SaveDotOrg.org VIP

    Posts:
    3,553
    Likes Received:
    2,297
    Not sure. I know they sinkhole domains when they spread malware all the time.

    Don't know if there are other reasons why they do it.
     
  18. PAKB

    PAKB QDES.COM

    Posts:
    695
    Likes Received:
    159
    My domain was appointing to SH , I don't know how it was spreading malware after it was regged again after its expiration...
     
  19. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    10,256
    Likes Received:
    8,380
    ANY gTLD or Verisign only?
     
  20. NameDeck

    NameDeck SaveDotOrg.org VIP

    Posts:
    3,553
    Likes Received:
    2,297
    It's an unfortunate situation for OP as the domain may have been used to spread malware in the past.

    It's quite a good defense against malware, DDOS attacks etc. Just sinkhole traffic and analyze it. Basically you can create one big Honeypot or in the event of a DDOS nullroute traffic.

    I think I have seen all of the original TLDs listed but not 100% sure.
     
  21. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    1,721
    Likes Received:
    2,516
    If the registry is in U.S. Which is the case here (.com - Verisign)
     
  22. NameDeck

    NameDeck SaveDotOrg.org VIP

    Posts:
    3,553
    Likes Received:
    2,297
    So I just checked as it's been a while since I was actively involved in networking etc.

    Any registry can sinkhole domains using shadowserver. Saw a lot of ccTLDs and newTLDs listed as well.
     
    Last edited: Dec 24, 2019
  23. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    10,256
    Likes Received:
    8,380
    Strangely...
    I do tens of WHOIS reviews daily... for many years...
    And never have seen those shadow NS.
     
  24. Jurgen Wolf

    Jurgen Wolf Top Contributor VIP ★★★★★★★★★★

    Posts:
    10,256
    Likes Received:
    8,380
  25. tonyk2000

    tonyk2000 Top Contributor VIP ★★★★★★★★★★

    Posts:
    1,721
    Likes Received:
    2,516
    Maybe they (spamhaus) finally did something right - removed the domain from their db after it became pendingdelete.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...