question Domain got put on hold by Verisign without a single email

[PAKB]

Hello , I hand regged a domain EXXEE.com on 2019-10-21 at dynadot , Same domain was approved on SH as premium listing , I changed NS to SH back then but today when my domain got delisted at Squadhelp (Due to changed nameservers) , I contacted dynadot immediately and asked how my NS were changed without my permission.
Dynadot let me know that domain got on hold by verisign , I didn't got any email from registery or dynadot before about this ...What could be issue and how can i get domain back ?

Here is reply from dynadot

 

[Lox]

Info/Edu link Shadowserver Foundation

 

[Rob Monster]

We didn't have issue with registry, was something else. But was at same registrar.

Would you trust holding Epik.com at a third party registrar? Probably not.

Non sequitur.

I was commenting on the non-trivial and not-cheap task of running an ICANN-compliant registrar.

I was also clarifying that being your own registrar does not insulate you from Interpol / DOJ actions.

That is why I described a Sinkhole action as a "Kiss of death" as it is a raw deal when it happens to you.

Happy to share DOJ contacts if you still need them.

 

[matt_bodis]

@Rob Monster

Ofcourse not. However, places you one step closer to the source and gives you more time to mitigate an issue (in certain circumstances).

I believe OP mentioned 0 communication from registry + registrar. At least you'd have some info, and if not, you'd easily rule out yourself (the registrar) and receive quicker communication from the registry.

There's quite a few out of the box registrar solutions especially if it's for your own names.

 

[Lox]

I believe OP mentioned 0 communication from registry + registrar. At least you'd have some info, and if not, you'd easily rule out yourself (the registrar) and receive quicker communication from the registry.
.

check the history of a domain and gameplay behind ... you’ll have to keep the honeypots names in the silence mode. There’s x (why) reasons.

Regards

 

[Jurgen Wolf]

It was already checked by me above.
OP's domain was in HugeDomains portfolio, it was just redirected to their standard sales lander, and nothing more.

 

[Lox]

It was already checked by me above.
OP's domain was in HugeDomains portfolio, it was just redirected to their standard sales lander, and nothing more.

You’ll be very surprised, ... what’s underground

 

[Jurgen Wolf]

What exactly is wrong with HugeDomains?
I don't like surprises.

 

[Jurgen Wolf]

And usually all this malware is produced by those organizations, which provide antimalware solutions...
One more business niche - in other words.

 

[Lox]

What exactly is wrong with HugeDomains?
I don't like surprises.

prior HD ... HD just grabbed cos out there was 1 good (and 6 honeypot) potential buyer. No comment.

Regards

 

[Jurgen Wolf]

Few years back prior HD - nothing in Archive.org
Few empty years.

 

[Lox]

Few years back prior HD - nothing in Archive.org
Few empty years.

Archive / wayback does not include every website* / domain name snapshots

 

[Jurgen Wolf]

So OP is responsible for "surprises" many years ago?
If, for example, the domain was hosted on the hacked webserver 5 years ago...
I uderstand correctly your logics?

 

[Lox]

It has nothing to do with OP (personally) , the name is shadowed / in honeypot cos tracking activity can’t be done differently. OP should ask for refunds or wait for outcome. Sometimes the system is just sloppy and didn’t handle information correctly (f.e. reset, .. false alarm if DNS changes often, etc) . No further comments.

Regards

 

[Jurgen Wolf]

Then why it wasn't shadowed when it was in HD hands?
Why the domain usage is allowed for HD but it is prohibited for OP???

 

[Lox]

HD is a company, OP reg. as a natural person not acting in a professional or commercial capacity. HD dropped name quickly (usually HD hold up re-reg names longer)

 

[Jurgen Wolf]

Verisign doesn't know who is registrant... company or natural person - they don't know.
Because they don't store any contact data at root level.
Only registrar knows and keeps it in its local DB.

+ Privacy was activated on this domain.
So other parties also don't see the actual owner.

 

[Jurgen Wolf]

And to be a company is a some kind of indulgence in relations with malware???
Really strange argument.

 

[jmcc]

https://www.namepros.com/threads/what-are-the-must-have-features-for-dnprotect-com.1156889/

It should be live before NamesCon. We are looking to add a feature for detecting whether the domain was previously sinkholed as a risk signal.

It looks very much like a manual/user-side approach to quantifying risk. The problem is that only a few signals indicate potential problems with a domain name. Have a few ideas on this that could be implemented quickly but they area not manual/user-side. Some of the ground work was already done for chapter 9 in the Domnomics book. It would just require some tweaking.

Sinkholing, when it is not done on the basis of detected activity, is done on the basis of reverse-engineering Domain Generation Algorithms or seizure. There are different types of sinkhole operations and some registrars such as Godaddy even have their own. If the DGA is successfully reverse-engineered then the list of domain names that the malware will attempt to use for propagation can be pre-emptively registered to stop its propagation. The problem is that pre-emptively registering all unregistered domain names generated by the DGA would result in large numbers of registrations. An approach similar to this was used with the Conficker worm ( https://en.wikipedia.org/wiki/Conficker ). It targeted the command and control aspect. Using a sinkhole on detection approach seems to be what happened with exxee.com though it had some problematic activity in the past (as did many 5Ls).

Regards...jmcc

 

[manpreet]

I had a similar problem with OnlineNIC, never with DynaDot though.

 

[Jurgen Wolf]

Info/Edu link Shadowserver Foundation

Working with friendly registrars we have been registering previously and future malicious domain names and pointing those records to our sinkhole servers.

So @Dynadot is among friendly registrars?
Or they improperly used this word - and actually it should be corrected to REGISTRIES.

@jmcc
According to your stats - where are most victims, can you post TOP5 registrars?