We were trying to renew one of the domain name owned by us and we couldn’t renew it. Registrar where this domain registered has identified the lock by registry on this domain name and made a proactive request to the registry technical team to identify the reason for lock. Its a nice gesture from the same registrar to proactively help us.
The name servers of the domain name have been updated too
Name Server:SC-A.SINKHOLE.SHADOWSERVER.ORG
Name Server:SC-B.SINKHOLE.SHADOWSERVER.ORG
Name Server:SC-C.SINKHOLE.SHADOWSERVER.ORG
Name Server:SC-D.SINKHOLE.SHADOWSERVER.ORG
Registar has followed-up with the technical support team to support us, we would like to thank the registar for all the support extended to us. The response received from registry technical support is quite shocking , please find the same below.
++++++++++++++++++++++++++++++++++
Greetings from .IN Technical Support.
Please be advised that action has been taken on this domain as per directions from Law Enforcement agencies and Government, since they were involved in malicious activity.
For further details regarding the malicious activity and operations of Law Enforcement see the following site:
https://www.europol.europa.eu/newsroom/news/%E2%80%98avalanche%E2%80%99-network-dismantled-in-international-cyber-operation
++++++++++++++++++++++++++++++++
Domain name in question was registered by us on 10th Jan 2016 and its locked by registry on 01-Dec-2016
Created On:10-Jan-2016 16:55:10 UTC
Last Updated On:01-Dec-2016 00:37:59 UTC
Expiration Date:10-Jan-2017 16:55:10 UTC
This domain was parked with Voodoo.com to measure the traffic ( which is a common practice by any techie) and the amount of traffic received is 27 unique visitors in 6 months time.
Questions unanswered to me are
a)Voodoo.com feed comes from google adsense , likely google adsense accepted wrong ad providers?
b)Assuming even wrong ad providers are listed the ads, but not a single user has clicked on this domain name ads ? so there is no scope for any malicious activity to occur here. Then why this domain name considered into the list of avalanche network?
c)Perhaps this domain name may had involved in the avalanche network much before the registration by the current registrant? If so , why to penalize current registrant ??
d)Why didnt this notified to registrant after locking the domain name? Isn’t required by IN registry technical support to notify the registrant that investigation is going on this domain name? At least they should notify the registrar of the domain name.
Lot more unanswered questions coming in our way, if you come across similar experience, kindly share the details by commenting on this blog post.
P.S: As the investigation is going on at moment by law enforcement team , we are not going to disclose the name until investigation is completed