Outdated ICANN Section Domains No Longer Associated with Respective Registries

[groundcat]

Moving the main discussion regarding the Unusual Registrations of Outdated ICANN Section Domains by China-Based Entity on the PSL topic here as a GitHub issue, rather than a single large PR. This way, we can break down the entries into smaller PRs for easier handling, while keeping central discussions here.

Given the number of domains affected and the fact that this issue spans multiple ccTLD registries/blocks, I plan to create individual PRs (similar to what we’ve done before) — maybe one PR per ccTLD block. That way, we can systematically assess and review the changes more clearly (https://github.com/publicsuffix/list/pull/2198#pullrequestreview-2350414872), and focus on reviewing specific entries to avoid mistakenly removing any (to review for any active usage of these domains as @wdhdev said https://github.com/publicsuffix/list/pull/2198#issuecomment-2395005877 )

---

It appears that an unknown entity, likely based in China, is registering outdated ICANN section domains from the Public Suffix List. These registrations are being handled by "Asia Domain Name Registration Company Limited" based in Macau, and they are using a China-based DNS hosting service dnspod.com.

It's quite questionable about the legitimacy of these registrations, especially given that these ccTLDs (country code top-level domains) should not typically be relying on a China-based DNS provider for their operations.

Impacted Suffixes with Available Records

1. Domain Name: presse.ci
   • Registrant Organization: Asia Domain Name Registration Company Limited
   • Admin Email: abuse@macau[.]net
   • DNS Servers: a.dnspod.com, b.dnspod.com, c.dnspod.com
   • Creation Date: 2020-04-15
   • Registry Expiry Date: 2025-04-15

• 2198

presse.ci WHOIS Data

```plaintext Domain Name: presse.ci Registry Domain ID: 114934-CoCCA Registry WHOIS Server: whois.nic.ci Updated Date: 2024-03-07T10:16:11.642Z Creation Date: 2020-04-15T22:32:58.96Z Registry Expiry Date: 2025-04-15T22:32:58.180Z Registrar Registration Expiration Date: 2025-04-15T22:32:58.180Z Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Registry Registrant ID: q1UJH-L7oJh Registrant Name: Redacted | Registry Policy Registrant Organization: Asia Domain Name Registration Company Limited Registrant Street: Edif. Industrial Man Kei Registrant City: Macau Registrant Postal Code: 999078 Registrant Country: MO Registrant Phone: Redacted | Registry Policy Registrant Email: Redacted | Registry Policy Registry Admin ID: WGpMZ-SlfKI Admin Name: Redacted | Registry Policy Admin Organization: Asia Domain Name Registration Company Limited Admin Street: Redacted | Registry Policy Admin City: Redacted | Registry Policy Admin Postal Code: Redacted | Registry Policy Admin Country: MO Admin Phone: Redacted | Registry Policy Admin Email: abuse@macau.net Registry Tech ID: XcXUa-G3o7X Tech Name: Redacted | Registry Policy Tech Organization: Asia Domain Name Registration Company Limited Tech Street: Redacted | Registry Policy Tech City: Redacted | Registry Policy Tech Postal Code: Redacted | Registry Policy Tech Country: MO Tech Phone: Redacted | Registry Policy Tech Email: abuse@macau.net Registry Billing ID: hvF9m-ydwnt Billing Name: Redacted | Registry Policy Billing Organization: Asia Domain Name Registration Company Limited Billing Street: Redacted | Registry Policy Billing City: Redacted | Registry Policy Billing Postal Code: Redacted | Registry Policy Billing Country: MO Billing Phone: Redacted | Registry Policy Billing Email: Redacted | Registry Policy Registrar: AFRIREGISTER Name Server: a.dnspod.com Name Server: b.dnspod.com Name Server: c.dnspod.com DNSSEC: unsigned >>> Last update of WHOIS database: 2024-10-05T08:00:08.64Z <<< For more information on EPP status codes, please visit https://icann.org/epp ```

2. Domain Name: md.ci
   • Admin Email: abuse@macau[.]net
   • DNS Servers: a.dnspod.com, b.dnspod.com, c.dnspod.com
   • Creation Date: 2023-06-26
   • Registry Expiry Date: 2025-06-26

• 2198

md.ci WHOIS Data

```plaintext Domain Name: md.ci Registry Domain ID: 153326-cinic Registry WHOIS Server: whois.nic.ci Updated Date: 2024-05-26T02:01:30.221Z Creation Date: 2023-06-26T10:02:14.447Z Registry Expiry Date: 2025-06-26T10:02:14.457Z Registrar Registration Expiration Date: 2025-06-26T10:02:14.457Z Domain Status: ok https://icann.org/epp#ok Registry Registrant ID: DUGjh-P0daG Registrant Name: Redacted | Registry Policy Registrant Street: Redacted | Registry Policy Registrant Street: Redacted | Registry Policy Registrant City: Redacted | Registry Policy Registrant Postal Code: Redacted | Registry Policy Registrant Country: MO Registrant Phone: Redacted | Registry Policy Registrant Email: Redacted | Registry Policy Registry Admin ID: ICblx-ZtAsy Admin Name: Redacted | Registry Policy Admin Street: Redacted | Registry Policy Admin Street: Redacted | Registry Policy Admin City: Redacted | Registry Policy Admin Postal Code: Redacted | Registry Policy Admin Country: MO Admin Phone: Redacted | Registry Policy Admin Email: abuse@macau.net Registry Tech ID: l9nQE-wiyhz Tech Name: Redacted | Registry Policy Tech Street: Redacted | Registry Policy Tech Street: Redacted | Registry Policy Tech City: Redacted | Registry Policy Tech Postal Code: Redacted | Registry Policy Tech Country: MO Tech Phone: Redacted | Registry Policy Tech Email: abuse@macau.net Registry Billing ID: wZykB-UJFoY Billing Name: Redacted | Registry Policy Billing Street: Redacted | Registry Policy Billing Street: Redacted | Registry Policy Billing City: Redacted | Registry Policy Billing Postal Code: Redacted | Registry Policy Billing Country: MO Billing Phone: Redacted | Registry Policy Billing Email: Redacted | Registry Policy Registrar: AFRIREGISTER Name Server: a.dnspod.com Name Server: b.dnspod.com Name Server: c.dnspod.com DNSSEC: unsigned >>> Last update of WHOIS database: 2024-10-05T08:00:08.64Z <<< ```

3. Domain Name: museum.mw
   • Registrant Organization: Asia Domain Name Registration Company Limited
   • e-mail: abuse@macau[.]net
   • DNS Servers: a.dnspod.com, b.dnspod.com, c.dnspod.com
   • Creation Date: 2024-03-19
   • Expiry Date: 2026-03-19

• 2203

museum.mw WHOIS Data

```plaintext domain: museum.mw registrant: CMW-RM5068 admin-c: CMW-RM5069 nsset: NETIM-MW-119 registrar: NETIM-REG registered: 19.03.2024 18:00:55 changed: 19.03.2024 18:10:54 expire: 19.03.2026 contact: CMW-RM5068 org: asia domain name registration company limited name: Macaunet REGISTRY address: edif. industrial man kei address: MACAU address: 999078 address: MO phone: +853.8612368 e-mail: abuse@macau.net registrar: NETIM-REG created: 16.03.2024 18:13:46 contact: CMW-RM5069 org: asia domain name registration company limited name: Macaunet REGISTRY address: edif. industrial man kei address: MACAU address: 999078 address: MO phone: +853.8612368 e-mail: abuse@macau.net registrar: NETIM-REG created: 16.03.2024 18:13:47 nsset: NETIM-MW-119 nserver: a.dnspod.com nserver: b.dnspod.com nserver: c.dnspod.com tech-c: CMW-NETIM registrar: NETIM-REG created: 19.03.2024 18:10:51 contact: CMW-NETIM org: NETIM name: VINCENT Bruno address: 264 avenue Arthur Notebart address: LILLE address: 59160 address: FR phone: +33.359350374 fax-no: +33.359350374 e-mail: tld@netim.com registrar: NETIM-REG created: 09.09.2016 18:17:48 changed: 25.09.2018 13:00:20 ```

Shared Traits:

• All these domains are registered by "Asia Domain Name Registration Company Limited" or have related redacted information.
• They all use the same DNS hosting provider, dnspod.com, which is based in China.
• They all use the same email address abuse@macau[.]net

4. ne.pw

• 2200

The domain ne.pw is being advertised and possibly sold on the website https://www.macau[.]net by "Asia Domain Name Registration Company Limited." However, they do not appear to be an authorized registrar for .pw domains, and the advertising on their website is somewhat misleading.

Other (Possibly) Impacted Suffixes Without Available WHOIS Records

For other domains:

• pro.na
• name.na
• mobi.na

I'm not able to retrieve WHOIS records for these domains, but still, the use of the same China-based DNS hosting provider, dnspod.com, is unusual for these ccTLDs, which are region-specific, to operate using a China-based DNS service, as it doesn't align with their expected geographic and technical infrastructure needs.

[dnsguru]

@groundcat I am friends with .NA and reached out by private email (sorry, won't share) but got the following response from them about the structure of "official" subdomains underneath .NA

Here is the list he provided me:

na alt.na co.na com.na gov.na net.na org.na

They actually asked if we would purge the balance of them - I will note this in #2198

[groundcat]

@groundcat I am friends with .NA and reached out by private email (sorry, won't share) but got the following response from them about the structure of "official" subdomains underneath .NA

Here is the list he provided me:

na alt.na co.na com.na gov.na net.na org.na

They actually asked if we would purge the balance of them - I will note this in #2198

Thank you @dnsguru ! I have created the PR #2204

[simon-friedberger]

I see two problems here:

1. How can we determine if the owners want these removed? @dnsguru What's the historical setup? I assume we never required DNS verification, correct? Where these added by looking at the websites referenced in the file and getting the list from there? Many of those are now gone.

2. Who are we serving by removing them? I agree that there is some fishy looking activity here but I am against trying to prevent that. It is too much of an effort to do it properly. And if we don't do it properly, we really want people who are (mis)using the list in such a way to stop doing that! In other words, if this is somehow gaming SEO scores by registering a lot of random looking domains that is something that the search engines need to solve elsewhere.