Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unusual Registrations of Outdated ICANN Section Domains by China-Based Entity on the PSL #2198

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Unusual Registrations of Outdated ICANN Section Domains by China-Based Entity on the PSL #2198

wants to merge 1 commit into from
+0 −7

Conversation

groundcat
Copy link
Contributor

@groundcat groundcat commented Oct 5, 2024
edited
Loading

It appears that an unknown entity, likely based in China, is registering outdated ICANN section domains from the Public Suffix List. These registrations are being handled by "Asia Domain Name Registration Company Limited" based in Macau, and they are using a China-based DNS hosting service dnspod.com.

It's quite questionable about the legitimacy of these registrations, especially given that these ccTLDs (country code top-level domains) should not typically be relying on a China-based DNS provider for their operations.

Impacted Suffixes with Available Records

  1. Domain Name: presse.ci

    • Registrant Organization: Asia Domain Name Registration Company Limited
    • Admin Email: abuse@macau[.]net
    • DNS Servers: a.dnspod.com, b.dnspod.com, c.dnspod.com
    • Creation Date: 2020-04-15
    • Registry Expiry Date: 2025-04-15

  2. Domain Name: md.ci

    • Admin Email: abuse@macau[.]net
    • DNS Servers: a.dnspod.com, b.dnspod.com, c.dnspod.com
    • Creation Date: 2023-06-26
    • Registry Expiry Date: 2025-06-26

  3. Domain Name: museum.mw

    • Registrant Organization: Asia Domain Name Registration Company Limited
    • e-mail: abuse@macau[.]net
    • DNS Servers: a.dnspod.com, b.dnspod.com, c.dnspod.com
    • Creation Date: 2024-03-19
    • Expiry Date: 2026-03-19

Shared Traits:

  • All these domains are registered by "Asia Domain Name Registration Company Limited" or have related redacted information.
  • They all use the same DNS hosting provider, dnspod.com, which is based in China.
  • They all use the same email address abuse@macau[.]net

(Possibly) Impacted Suffixes Without Available Whois Records

For other domains:

  • pro.na
  • name.na
  • mobi.na
  • ne.pw

I'm not able to retrieve WHOIS records for these domains, but still, the use of the same China-based DNS hosting provider, dnspod.com, is unusual for these ccTLDs, which are region-specific, to operate using a China-based DNS service, as it doesn't align with their expected geographic and technical infrastructure needs.

ne.pw

The domain ne.pw is being advertised and possibly sold on the website https://www.macau[.]net by "Asia Domain Name Registration Company Limited." However, they do not appear to be an authorized registrar for .pw domains, and the advertising on their website is somewhat misleading.

image

@wdhdev
Copy link
Contributor

wdhdev commented Oct 5, 2024
edited
Loading

I have a few questions:

  1. Are these still declared as actual TLDs in the root system, or are they just debris?
  2. Is it possible they are still TLDs, but have just been delegated to some other company? Although, I do understand it is suspicious, especially for these ccTLDs.
  3. Are there any active domains under these TLDs? If so, wouldn't they be impacted?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@groundcat @wdhdev