Dynadot

question Domain got put on hold by Verisign without a single email

Spaceship Spaceship
Watch

PAKB

QDES.COMAccount Closed (Disallowed)
Impact
158
Hello , I hand regged a domain EXXEE.com on 2019-10-21 at dynadot , Same domain was approved on SH as premium listing , I changed NS to SH back then but today when my domain got delisted at Squadhelp (Due to changed nameservers) , I contacted dynadot immediately and asked how my NS were changed without my permission.
Dynadot let me know that domain got on hold by verisign , I didn't got any email from registery or dynadot before about this ...What could be issue and how can i get domain back ?

Here is reply from dynadot
exxee-dynadot.PNG
 
Last edited:
11
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Read the whole thread:

https://www.namepros.com/threads/domain-seized.1116091/

Or search NamePros for posts about ROLR:

Registrar of Last Resort.

I call it Digital Gitmo.

No due process. Just lockup without trial. The French call these "Oubliettes", as in "to be forgotten".

Fortunately we did not see more of such nonsense in 2019. The apparatus is in place though.
I read it a few hours ago...
Just 3 domains from 290K+ .PRO domains - looks really exotic for me.

Regarding "nonsense"...
Afilias put on serverHold at least X,XXX domains in 2019.
 
2
•••
We had a similar issue with a 8-figure domain. Yes that's right, 8-figure. I'm not ready to talk about it just yet, but will say this - best solution is accredit your own registrar if you have the money. That's one of our next steps.

A retail registrar can never be fully trusted. It can ruin your day, your business, your life, over night with an issue similar to this.
 
7
•••
Will only say this - we also had the domain at Dynadot.
 
6
•••
We had a similar issue with a 8-figure domain. Yes that's right, 8-figure. I'm not ready to talk about it just yet, but will say this - best solution is accredit your own registrar if you have the money. That's one of our next steps.

A retail registrar can never be fully trusted. It can ruin your day, your business, your life, over night with an issue similar to this.

This actually has nothing to do with the registrar.

The sinkhole operation is an action by the REGISTRY without due process and effectively without recourse.

Where I think registrars could help is to flag a domain prior to buying it that there is a risk factor. That is a topic being explored here:

https://www.namepros.com/threads/what-are-the-must-have-features-for-dnprotect-com.1156889/

It should be live before NamesCon. We are looking to add a feature for detecting whether the domain was previously sinkholed as a risk signal.

As for most people becoming an ICANN-accredited registrar, I would say that is actually not great advice. It might make sense for someone with a really large portfolio and an engineering team.

For most people, the compliance issue alone would be make that a terrible idea, setting aside the fixed cost. Been there, done that.

If someone is going to go this route and has the funds, do what Anthos and I did which is buy an existing registrar with an existing accreditation and engineering team and tune it up.
 
13
•••
We didn't have issue with registry, was something else. But was at same registrar.

Would you trust holding Epik.com at a third party registrar? Probably not.
 
4
•••
3
•••
We didn't have issue with registry, was something else. But was at same registrar.

Would you trust holding Epik.com at a third party registrar? Probably not.

Non sequitur.

I was commenting on the non-trivial and not-cheap task of running an ICANN-compliant registrar.

I was also clarifying that being your own registrar does not insulate you from Interpol / DOJ actions.

That is why I described a Sinkhole action as a "Kiss of death" as it is a raw deal when it happens to you.

Happy to share DOJ contacts if you still need them.
 
4
•••
@Rob Monster

Ofcourse not. However, places you one step closer to the source and gives you more time to mitigate an issue (in certain circumstances).

I believe OP mentioned 0 communication from registry + registrar. At least you'd have some info, and if not, you'd easily rule out yourself (the registrar) and receive quicker communication from the registry.

There's quite a few out of the box registrar solutions especially if it's for your own names.
 
3
•••
I believe OP mentioned 0 communication from registry + registrar. At least you'd have some info, and if not, you'd easily rule out yourself (the registrar) and receive quicker communication from the registry.
.

check the history of a domain and gameplay behind ... you’ll have to keep the honeypots names in the silence mode. There’s x (why) reasons.

Regards
 
0
•••
It was already checked by me above.
OP's domain was in HugeDomains portfolio, it was just redirected to their standard sales lander, and nothing more.
 
2
•••
It was already checked by me above.
OP's domain was in HugeDomains portfolio, it was just redirected to their standard sales lander, and nothing more.

You’ll be very surprised, ... what’s underground
 
0
•••
What exactly is wrong with HugeDomains?
I don't like surprises.
 
2
•••
And usually all this malware is produced by those organizations, which provide antimalware solutions...
One more business niche - in other words.
 
Last edited:
4
•••
What exactly is wrong with HugeDomains?
I don't like surprises.

prior HD ... HD just grabbed cos out there was 1 good (and 6 honeypot) potential buyer. No comment.

Regards
 
0
•••
Few years back prior HD - nothing in Archive.org
Few empty years.
 
Last edited:
0
•••
Few years back prior HD - nothing in Archive.org
Few empty years.

Archive / wayback does not include every website* / domain name snapshots
 
2
•••
So OP is responsible for "surprises" many years ago?
If, for example, the domain was hosted on the hacked webserver 5 years ago...
I uderstand correctly your logics?
 
1
•••
It has nothing to do with OP (personally) , the name is shadowed / in honeypot cos tracking activity can’t be done differently. OP should ask for refunds or wait for outcome. Sometimes the system is just sloppy and didn’t handle information correctly (f.e. reset, .. false alarm if DNS changes often, etc) . No further comments.

Regards
 
1
•••
Then why it wasn't shadowed when it was in HD hands?
Why the domain usage is allowed for HD but it is prohibited for OP???
 
0
•••
HD is a company, OP reg. as a natural person not acting in a professional or commercial capacity. HD dropped name quickly (usually HD hold up re-reg names longer)
 
0
•••
Verisign doesn't know who is registrant... company or natural person - they don't know.
Because they don't store any contact data at root level.
Only registrar knows and keeps it in its local DB.

+ Privacy was activated on this domain.
So other parties also don't see the actual owner.
 
0
•••
And to be a company is a some kind of indulgence in relations with malware???
Really strange argument.
 
3
•••
https://www.namepros.com/threads/what-are-the-must-have-features-for-dnprotect-com.1156889/

It should be live before NamesCon. We are looking to add a feature for detecting whether the domain was previously sinkholed as a risk signal.
It looks very much like a manual/user-side approach to quantifying risk. The problem is that only a few signals indicate potential problems with a domain name. Have a few ideas on this that could be implemented quickly but they area not manual/user-side. Some of the ground work was already done for chapter 9 in the Domnomics book. It would just require some tweaking.

Sinkholing, when it is not done on the basis of detected activity, is done on the basis of reverse-engineering Domain Generation Algorithms or seizure. There are different types of sinkhole operations and some registrars such as Godaddy even have their own. If the DGA is successfully reverse-engineered then the list of domain names that the malware will attempt to use for propagation can be pre-emptively registered to stop its propagation. The problem is that pre-emptively registering all unregistered domain names generated by the DGA would result in large numbers of registrations. An approach similar to this was used with the Conficker worm ( https://en.wikipedia.org/wiki/Conficker ). It targeted the command and control aspect. Using a sinkhole on detection approach seems to be what happened with exxee.com though it had some problematic activity in the past (as did many 5Ls).

Regards...jmcc
 
4
•••
I had a similar problem with OnlineNIC, never with DynaDot though.
 
1
•••
Working with friendly registrars we have been registering previously and future malicious domain names and pointing those records to our sinkhole servers.

So @Dynadot is among friendly registrars?
Or they improperly used this word - and actually it should be corrected to REGISTRIES.

@jmcc
According to your stats - where are most victims, can you post TOP5 registrars?
 
2
•••
Back