Commenters have speculated that the domain was seized by law enforcement due to participation in a malware campaign. The domain in question may have been used by malware that was phoning home, perhaps because the Linode server hosting it was compromised. This stems from the fact that the domain's new nameservers are Shadowserver's sinkholes:
Name Server: sc-c.sinkhole.shadowserver.org
Name Server: sc-d.sinkhole.shadowserver.org
Name Server: sc-a.sinkhole.shadowserver.org
Name Server: sc-b.sinkhole.shadowserver.org
Edit: When querying the domain in RiskIQ, one of the Linode IP addresses formerly associated is tagged with `emerging_threats` and `kaspersky`. Other domains/subdomains associated with the same IP address have similar tags.
One such domain is MathB.in, which is a public pastebin. It's conceivable that malware was phoning home by creating pastes on that site.
Susam, I don't have much experience recovering domains in this state, but it's conceivable that Namecheap will be able to put you in contact with someone who can help resolve the matter. However, if there's something like a sealed court order involved, you may find that you're stonewalled at first. I don't know if there's any available recourse for this, especially since this appears to be an international effort.
At least as of a couple of years ago, Shadowserver could accuse you of botnet participation on such flimsy evidence that it was way too easy to frame someone else as being a botnet participant. I don't want to give ideas how, but it happened to me. Since then, I've configured my firewalls to block traffic to Shadowserver IPv4 space. I'm more worried about getting framed again than actually getting a botnet infection and not getting notified.
Yeah, unfortunately, domain squatters have poisoned the well for .com domains. There are many, many domains which should be available for use, but are being squatted indefinitely for speculative purposes. This has caused pretty much every new company to migrate to TLDs like .co, .ly, .me, .ai, .in, and .io. Since these are almost all ccTLDs run by countries, governance is not great. .io has been particularly bad;
The problem of allocating scarce resources is hardly unique to domain names. Here are some ways of doing it:
- Let the market set the price.
- Recurring fee for holding it to discourage unproductive speculation.
- An authority decides who deserves it and gives and takes according to their rules.
The 3rd option is particularly nasty. Usually, it's very hard and is what communists hope to do on a broader scale. It would certainly result in seizures whenever the authority decided somebody isn't fully utilizing their domain name. Maybe you spent too long setting up your business and right before launch, you get branded a squatter and your domain is taken after you've already used it in all your marketing material, registered a corresponding trademark, and everything. You might imagine the authority would be fair and not kick out a genuine owner like that, but it's unlikely to have the resources or incentive to investigate every case properly.
People who lawfully own a domain -- even if in a speculative fashion -- are not domain squatters.
If you had a hot new product called CyberTrk and someone ran and registered cybertrk.com, that is arguably squatting and can be legally enforced as such.
If you have what you think is a great new online notepad and notes.com is sitting registered but dormant, the inelegant but reasonable way to respond to your situation is "tough shit". Keep looking.
99% of the time that people rant about "squatting" they're talking about the latter case. Yet they are not entitled to a domain because of some imagined better use for it.
Sorry for the rant, but misclaims about "Squatting" lead to an iffy area where people have a profound misunderstanding about property rights. I have zero "parked" domains, but contemplating the issue long ago made me less outraged when I lazily searched for the most blatantly obvious domains.
Fascinating. The NameCheap CEO is in the replies, and seems to be saying that the registration was pulled at the registry level for some "perceived violation or legal request" -- I'm kind of curious regarding what protocol is for these kinds of situations, and how much they vary from TLD to TLD. I think about the once-popular .ly TLD becoming less popular after instability hit Libya, but I'm curious about what the other case history is here.
I work at a registrar and as far I know there are no protocols. We are an intermediary between the registry and registrant (in those TLDs which have a registry/registrar/registrant model), but the business relations involved are a bit more complex. The registrar's job is mostly set to only handle the technical and billing aspect, while the legal relationship is between the registry and registrant. Who owns a domain and which registrar handled the billing and technical aspects is a legal decision which is outside the control of the registrar.
The variation between TLD and TLD is massive. Practically all ccTLDs have their own home made rules and more often than not their own technical solutions to match. A big reason why the more exotic ccTLD's can cost a lot of money is the hoops that registrars need to jump through, both legal and technical, and the "workarounds" for both.
I had this happen to a .com domain I own, also at Namecheap.
In my case it was actually a trademark infringement legal action. My domain got listed as hosting a site that sold knock-off sunglasses[1] . The plaintiff in the case got a court order to transfer all the suspected domains to them, a list of about 1,000 domains. I got no notice, my domain just suddenly disappeared.
I had my lawyer contact the plaintiff, in which we apologized, told them we had no idea this had happened, and promised to up the security (in reality I just nuked the WP site.) About a week or so later they transferred the domain back. For me this was annoying and cost a few hundred bucks in legal fees, but not that big a deal. Obviously not the case for Susam.
[1] My (largely abandoned) self-promotion Wordpress site got hacked, and was used to host an e-commerce site. Weirdly the domain was ${my_real_name}.com, hardly an obvious choice for selling knock off sunglasses.
I actually think wordpress has contributed significantly to the decline of the web. It's not secure. It proliferates so it's easy to hack. It's easy to embed untested plugins in it that are also vectors. It's plagued by all the same problems as microsoft windows.
If someone steals your domain registration, they can then change the MX records and start receiving your email. In some scenarios, I think that could be a more serious consequence than the website being down or replaced.
Same reason that deliberately letting domain registration lapse for a domain that was used widely for email is a scary prospect.
This is a malware takedown. And must definitely have happened at international law enforcement level.
NIXI is regulated by Indian law and is the cctld registrar of .in . The domain records show a registry lock and the new owner being "The Verden Public Prosecutor's Office".
More or less in a lot of countries with fishy legal system you have zero protections with their .cctlds. Even then the courts might rule that the name is not property or whatever.
In a lot of countries you will lose the name if the well connected person there wants. They'll find a justification that doesn't pass any smell test but you're out of luck. Nothing, absolutely nothing can be done. So use them, but be prepared to lose your names. Everything is fine, until it isn't.
The same thing happened to my .cm domain with Namecheap a few weeks ago. They were eventually able to recover it. But there was no communication from them for quite a few days.
In order to reduce risk I really wouldn't recommend running any service that hosts any user content on the same domain and TLD you host your personal stuff.
I've sometimes wondered if it would be worth getting something like 4e4eee247a69fab841ec36eabc95eee9.com [1] and only using it for email hosting to host my contact emails and for my other services.
The idea is:
1. By having no other services on it that minimizes the chances that it could get hacked and used for nefarious purposes that might get it seized by law enforcement.
2. By using a meaningless name like 4e4eee247a69fab841ec36eabc95eee9 there is no chance someone will come along with a trademark claim or an accusation that I'm squatting on a name that they have a better claim to.
I just bought a .in domain for a side project and was a little worried about this sort of thing being possible based on my experiences with registration.
malware is my guess. New registrant is The Verden Public Prosecutor's Office which shows up on:
"Over the following years, the Luneberg police and the Verden Public Prosecutor’s Office, in combination with the BSI, FKIE, BFK, and numerous other law enforcement and industry partners, continued investigating the Avalanche network, discovering a massive operation responsible for controlling a large number of compromised computers across the world.
[+] [-] zenexer|6 years ago|reply
Commenters have speculated that the domain was seized by law enforcement due to participation in a malware campaign. The domain in question may have been used by malware that was phoning home, perhaps because the Linode server hosting it was compromised. This stems from the fact that the domain's new nameservers are Shadowserver's sinkholes:
Edit: When querying the domain in RiskIQ, one of the Linode IP addresses formerly associated is tagged with `emerging_threats` and `kaspersky`. Other domains/subdomains associated with the same IP address have similar tags.One such domain is MathB.in, which is a public pastebin. It's conceivable that malware was phoning home by creating pastes on that site.
Susam, I don't have much experience recovering domains in this state, but it's conceivable that Namecheap will be able to put you in contact with someone who can help resolve the matter. However, if there's something like a sealed court order involved, you may find that you're stonewalled at first. I don't know if there's any available recourse for this, especially since this appears to be an international effort.
[+] [-] hsivonen|6 years ago|reply
[+] [-] axaxs|6 years ago|reply
[+] [-] CaliforniaKarl|6 years ago|reply
[1]: https://twitter.com/namecheap/status/1200682593500483584?s=2...
[2]: https://twitter.com/namecheapceo/status/1200714718610153472?... (This is from Namecheap’s CEO)
[+] [-] propter_hoc|6 years ago|reply
* https://news.ycombinator.com/item?id=15293578
* https://www.theregister.co.uk/2019/05/27/io_domains_uk_un/
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] lopmotr|6 years ago|reply
- Let the market set the price.
- Recurring fee for holding it to discourage unproductive speculation.
- An authority decides who deserves it and gives and takes according to their rules.
The 3rd option is particularly nasty. Usually, it's very hard and is what communists hope to do on a broader scale. It would certainly result in seizures whenever the authority decided somebody isn't fully utilizing their domain name. Maybe you spent too long setting up your business and right before launch, you get branded a squatter and your domain is taken after you've already used it in all your marketing material, registered a corresponding trademark, and everything. You might imagine the authority would be fair and not kick out a genuine owner like that, but it's unlikely to have the resources or incentive to investigate every case properly.
[+] [-] endorphone|6 years ago|reply
If you had a hot new product called CyberTrk and someone ran and registered cybertrk.com, that is arguably squatting and can be legally enforced as such.
If you have what you think is a great new online notepad and notes.com is sitting registered but dormant, the inelegant but reasonable way to respond to your situation is "tough shit". Keep looking.
99% of the time that people rant about "squatting" they're talking about the latter case. Yet they are not entitled to a domain because of some imagined better use for it.
Sorry for the rant, but misclaims about "Squatting" lead to an iffy area where people have a profound misunderstanding about property rights. I have zero "parked" domains, but contemplating the issue long ago made me less outraged when I lazily searched for the most blatantly obvious domains.
[+] [-] yowlingcat|6 years ago|reply
[+] [-] belorn|6 years ago|reply
The variation between TLD and TLD is massive. Practically all ccTLDs have their own home made rules and more often than not their own technical solutions to match. A big reason why the more exotic ccTLD's can cost a lot of money is the hoops that registrars need to jump through, both legal and technical, and the "workarounds" for both.
[+] [-] dylz|6 years ago|reply
Registrar: NIXI Special Projects Registrar IANA ID: 700066
[+] [-] balls187|6 years ago|reply
[+] [-] FfejL|6 years ago|reply
In my case it was actually a trademark infringement legal action. My domain got listed as hosting a site that sold knock-off sunglasses[1] . The plaintiff in the case got a court order to transfer all the suspected domains to them, a list of about 1,000 domains. I got no notice, my domain just suddenly disappeared.
I had my lawyer contact the plaintiff, in which we apologized, told them we had no idea this had happened, and promised to up the security (in reality I just nuked the WP site.) About a week or so later they transferred the domain back. For me this was annoying and cost a few hundred bucks in legal fees, but not that big a deal. Obviously not the case for Susam.
[1] My (largely abandoned) self-promotion Wordpress site got hacked, and was used to host an e-commerce site. Weirdly the domain was ${my_real_name}.com, hardly an obvious choice for selling knock off sunglasses.
[+] [-] anon1m0us|6 years ago|reply
[+] [-] frou_dh|6 years ago|reply
Same reason that deliberately letting domain registration lapse for a domain that was used widely for email is a scary prospect.
[+] [-] sandGorgon|6 years ago|reply
NIXI is regulated by Indian law and is the cctld registrar of .in . The domain records show a registry lock and the new owner being "The Verden Public Prosecutor's Office".
This is not common in India.
[+] [-] onetimemanytime|6 years ago|reply
In a lot of countries you will lose the name if the well connected person there wants. They'll find a justification that doesn't pass any smell test but you're out of luck. Nothing, absolutely nothing can be done. So use them, but be prepared to lose your names. Everything is fine, until it isn't.
[+] [-] putlake|6 years ago|reply
[+] [-] susam|6 years ago|reply
[+] [-] Avamander|6 years ago|reply
[+] [-] tzs|6 years ago|reply
The idea is:
1. By having no other services on it that minimizes the chances that it could get hacked and used for nefarious purposes that might get it seized by law enforcement.
2. By using a meaningless name like 4e4eee247a69fab841ec36eabc95eee9 there is no chance someone will come along with a trademark claim or an accusation that I'm squatting on a name that they have a better claim to.
[1] dd if=/dev/urandom bs=1 count=16 | xxd -g 16
[+] [-] edoceo|6 years ago|reply
[+] [-] whalesalad|6 years ago|reply
[+] [-] nnain|6 years ago|reply
[+] [-] foob4r|6 years ago|reply
Which brings up the question, is this problem limited to ccTLDs or TLDs like com, net as well?
[+] [-] CydeWeys|6 years ago|reply
I've always wondered why so many people are using .io domains (and now .ai domains).
[+] [-] lazylizard|6 years ago|reply
[+] [-] instakill|6 years ago|reply
[+] [-] RKearney|6 years ago|reply
[+] [-] onetimemanytime|6 years ago|reply
"Over the following years, the Luneberg police and the Verden Public Prosecutor’s Office, in combination with the BSI, FKIE, BFK, and numerous other law enforcement and industry partners, continued investigating the Avalanche network, discovering a massive operation responsible for controlling a large number of compromised computers across the world.
https://www.symantec.com/connect/blogs/avalanche-malware-net...
[+] [-] block_dagger|6 years ago|reply
[+] [-] a3n|6 years ago|reply
Rented. They rented this domain for 12 years.
Not to excuse the appropriation. But no one owns their domain, except possibly govs and mega-corps by virtue of mass.
[+] [-] mr_toad|6 years ago|reply
[+] [-] gesman|6 years ago|reply
[+] [-] dooglius|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]