question Domain got put on hold by Verisign without a single email

[PAKB]

Hello , I hand regged a domain EXXEE.com on 2019-10-21 at dynadot , Same domain was approved on SH as premium listing , I changed NS to SH back then but today when my domain got delisted at Squadhelp (Due to changed nameservers) , I contacted dynadot immediately and asked how my NS were changed without my permission.
Dynadot let me know that domain got on hold by verisign , I didn't got any email from registery or dynadot before about this ...What could be issue and how can i get domain back ?

Here is reply from dynadot

 

[PAKB]

Spend 4 figures on a hand reg domain? better to try, and get dynadot to do something, and spend your money on a nice category defining name for 4 figures.

Agree ...

 

[Rob Monster]

That really sucks. I think your best bet is to get an attorney who knows what they are doing. Perhaps they can file something to get a new court order to release the domain?

I would not waste the money of hiring counsel for this case. The legal spade work was already done:

https://www.namepros.com/threads/domain-seized.1116091/page-3#post-7048725

The domain will eventually be released. In the meantime, Shadowserver is the Sinkhole used for "national security" and other DOJ actions.

Within 1-2 years you will have a domain that works.

@Gube should produce a lookup tool to tell you if your domain is DOJ Sinkholed so that folks don't accidentally buy one of these.

We'll also add that to DNProtect.com since it could be claimable impairment event, i.e. where a domain becomes impaired to the point that it is unusable.

@bhartzer

 

[7363824]

Spend 4 figures on a hand reg domain? better to try, and get dynadot to do something, and spend your money on a nice category defining name for 4 figures.

Being under a court order the only option I know of would be to get the court order overturned. Dynadot and verisign hands are tied. They cant go against a court order, not without significant legal risk.

 

[Internet.Domains]

If you contact them, they will give you some date, probably more than 1 year old, when the Sinkhole expires.

Do you know if any domains have been returned after being sinkholed by ShadowServer?

 

[Jurgen Wolf]

OP, HugeDomains was the last owner prior you.
According to Archive.org

 

[wwwweb]

AlarmNetworking.com is another one that is one that still has not.

 

[7363824]

I would not waste the money of hiring counsel for this case...The domain will eventually be released. In the meantime, Shadowserver is the Sinkhole used for "national security" and other DOJ actions.

Within 1-2 years you will have a domain that works...

That is different if it will self release. I was assuming it would not and a new court order would be the only option...

Still a horrible way for the DOJ to deal with such issues. They should just have the court order verisign to delete the name, or transfer it to government control. Seems like someone didnt consider the unintended consequences of this process.

 

[Internet.Domains]

Seems like someone didnt consider the unintended consequences of this process.

The process is not intended to save a domain and give clarity. The process is to save the stability of the globe by mitigating malware that can cripple all societies.

 

[7363824]

The process is not intended to save a domain and give clarity. The process is to save the stability of the globe by mitigating malware that can cripple all societies.

And deleting the domain or transferring it to the government accomplishes that without allowing an unrelated person such as the OP to later obtain the domain which is now effectively unusable. Or at least have the registry mark the name as reserved so no new unsuspecting user buys it.

 

[sharfab]

I would not waste the money of hiring counsel for this case. The legal spade work was already done:

https://www.namepros.com/threads/domain-seized.1116091/page-3#post-7048725

The domain will eventually be released. In the meantime, Shadowserver is the Sinkhole used for "national security" and other DOJ actions.

Within 1-2 years you will have a domain that works.

@Gube should produce a lookup tool to tell you if your domain is DOJ Sinkholed so that folks don't accidentally buy one of these.

We'll also add that to DNProtect.com since it could be claimable impairment event, i.e. where a domain becomes impaired to the point that it is unusable.

@bhartzer

So sinkhole names have a time frame when they are released and usable? What if there was a sinkhole name that expired could it be purchased or transferred to an unsuspecting buyer?

 

[7363824]

So sinkhole names have a time frame when they are released and usable? What if there was a sinkhole name that expired could it be purchased or transferred to an unsuspecting buyer?

That is precisely what happened the the OP from what I can see. The domain dropped. Was hand reged by the OP but the sinkhole still applies. Just seems it took verisign a little time after it was reged to reapply the sinkhole ns.

 

[Internet.Domains]

And deleting the domain or transferring it to the government accomplishes that without allowing an unrelated person such as the OP to later obtain the domain which is now effectively unusable. Or at least have the registry mark the name as reserved so no new unsuspecting user buys it.

The cybersecurity researchers on this case have a reason for mitigating the threat in the fashion we are witnessing.

I have a suspicion the current process is to trace through a reverse engineering of fast flux DNS.....But I am a cybersecurity hobbyist and this is above most experts pay grade.

 

[sharfab]

That is precisely what happened the the OP from what I can see. The domain dropped. Was hand reged by the OP but the sinkhole still applies.

Oh okay. Thanks for the clarification. It's good to see Rob is on point with trying to put a plan together to catch this type of situation before it enters into a buyer's hand. Thanks

 

[jmcc]

From the 01 December 2019 zones:
COM: 26,951
NET: 10,994
ORG: 20,200
BIZ: 263
INFO: 14,955
MOBI: 10
ASIA: 7
New gTLDs: 9,564
UK: 2,306
EU: 6

Regards...jmcc

 

[sharfab]

This current situation with PAKB validates the camaraderie here in the Name Pros community to help out and assist a fellow member with a dilemma. Just take a look at the information that was offered here and how knowledgeable members came together to give PAKB input towards his issue. This is Christmas Eve, and I doubt if information like this would have been readily available until the next business working day.....

 

[Internet.Domains]

This current situation with PAKB validates the camaraderie here in the Name Pros community to help out and assist a fellow member with a dilemma. Just take a look at the information that was offered here and how knowledgeable members came together to give PAKB input towards his issue. This is Christmas Eve, and I doubt if information like this would have been readily available until the next business working day.....

Passion has no limits.

 

[jmcc]

Could probably put a list of sinkholed domain names with links to their history. The SHADOWSERVER.ORG is only one of the sinkholes. Some of the malware uses what are known as Domain Generation Algorithms to register domain names and once the researchers reverse-engineer the algorithm, it is possible to pre-emptively block domain names.Most of those kinds of domain names tend to be fixed length. The domain names on the SHADOWSERVER.ORG seem to be mixed keyword and random combinations.

Regards...jmcc

 

[Jurgen Wolf]

From the 01 December 2019 zones:
COM: 26,951
NET: 10,994
ORG: 20,200
BIZ: 263
INFO: 14,955
MOBI: 10
ASIA: 7
New gTLDs: 9,564
UK: 2,306
EU: 6

Regards...jmcc

0 for .PRO, right?

 

[jmcc]

0 for .PRO, right?

Hang on - will check.
MEINSTUCHALKA.PRO | SHADOWSERVER.ORG
SHADOWSERVER.PRO | SHADOWSERVER.ORG
STUCHALKA.PRO | SHADOWSERVER.ORG
VLKVERIF.PRO | SHADOWSERVER.ORG

The shadowserver.pro domain is registered to the Shadowserver Foundation.

Regards...jmcc

 

[7363824]

The cybersecurity researchers on this case have a reason for mitigating the threat in the fashion we are witnessing.

I have a suspicion the current process is to trace through a reverse engineering of fast flux DNS.....But I am a cybersecurity hobbyist and this is above most experts pay grade.

That would be a reason to not just delete the domain for sure. But they still could transfer the domain to the control of the government so some unsuspecting user dosent aquire it. In fact I'd argue that would be more ideal because theres no way the domain will get renewed by the person spreading malware especially once it gets sinkholed.

I suspect it was good intentions for sure but as with most beauraracy nobody thought through the unintended consequences like what would happen should the domain expire then gets reged by some new unrelated, unsuspecting user...at least it sounds like there is some expiration to the sinkhole so it could be worse.

 

[Jurgen Wolf]

MEINSTUCHALKA.PRO | SHADOWSERVER.ORG
STUCHALKA.PRO | SHADOWSERVER.ORG
VLKVERIF.PRO | SHADOWSERVER.ORG

All 3 at the same exotic registrar: Stichting Registrar of Last Resort Foundation
So looks like some experiments...

 

[Jurgen Wolf]

Or transfer was forced to the mentioned registrar.

 

[jmcc]

All 3 at the same exotic registrar: Stichting Registrar of Last Resort Foundation
So looks like some experiments...

A last resort registrar is a special one in that it is not a retail or public registrar. Basically it is a kind of graveyard registrar or a registrar for domain names that cannot be registered via other registrars or the registry..

Regards...jmcc

 

[branding]

Rolr.eu, based in The Netherlands.

 

[Rob Monster]

All 3 at the same exotic registrar: Stichting Registrar of Last Resort Foundation
So looks like some experiments...

Read the whole thread:

https://www.namepros.com/threads/domain-seized.1116091/

Or search NamePros for posts about ROLR:

Registrar of Last Resort.

I call it Digital Gitmo.

No due process. Just lockup without trial. The French call these "Oubliettes", as in "to be forgotten".

Fortunately we did not see more of such nonsense in 2019. The apparatus is in place though.