Can I hide.to?
I ran across this domain name (Tonic.to) when I was looking through one of the forums. I’m sure some of you have heard of this, but it was news to me. Not only does it do a good job of hiding your information, but it basically makes whois useless for people attempting to locate and stop spammers:
$ whois tonic.to
Tonic whoisd V1.0
tonic
$ whois hack.to
Tonic whoisd V1.0
hack ns.freewebtown.com 198.78.81.43 ns2.freewebtown.com 198.78.81.44
$ whois blah.to
Tonic whoisd V1.0
No match for blah
$ whois test.to
Tonic whoisd V1.0
test ns.soontech.co.kr 61.100.1.232 ns2.soontech.co.kr 61.100.1.236
$ whois hide.to
$ whois asdfasdfasdfasdf.to
$ whois viagra.to
$ whois tonic.to
$ whois hack.to
$
As you can see after just a few attempts it completely blocked my IP from doing more whois lookups. Spammers delight! I’d expect this TLD to get on everyone’s blacklist pretty quick, if it isn’t already. Thankfully you can do as many nslookups as you like as well as traceroutes to find the upstream to shut the whole thing down. Looks like another fun spammy TLD.
April 10th, 2007 at 3:28 pm
In their FAQ:
Tonic is very serious about keeping the .TO domain spam-free.
heh. I noticed no SSL on their site for changing DNS, etc. eww
Also, when you go to buy a domain, it says “Use our Secure server (If you prefer to send your credit card number encrypted.)” hahaha
April 10th, 2007 at 8:49 pm
This appears to be more flood control than a way for spammers to hide. If you throw enough queries at it fast enough, it will eventually stop responding. But give it a moment to catch its breath, and it will start responding again.
April 10th, 2007 at 8:53 pm
The registration server is in the Verio/NTT netblock, looks like San Francisco, assuming the server is not on the embassy grounds it would be subject to US law.
I suggest you address your complaints to Eric …
Administrative Contact:
Eric Gullichsen
Government of the Kingdom of Tonga
H.R.H. Crown Prince Tupouto’a
c/o Consulate of Tonga
360 Post Street
Suite 604
San Francisco, California 94108
United States
Email: egullich@colo.to
Voice: +1.415.462.3014
Fax: +6493583024
April 10th, 2007 at 9:36 pm
interesting stuff here…
August 6th, 2007 at 2:33 am
Sure, if you have no idea what a “whois” is actually (no sorry, was not made for uber-leet-cia-hacker-wannabe’s) made for, and that many of them actually have an IP based daily/hourly/etc quota…
Yeah, you might feel that you just have found the spammers el dorado! Kill em! Block em! Friggn ban them! That’s the best solution if someone has no brains.
omg… you guys are just not better than the many rest.
—
2 Funny things though..
1. I never got a spam mail from a .to domain (real source, not a faked header - dunno if you guys actually know that spammer faked email headers).
2. .to is not the only “whois-free” TLD.. how about a whitelist with com/net/org? - or maybe think of a better anti-spam strategy..
August 6th, 2007 at 11:45 am
You have some good points. The real question is how many legitimate .to domains do you visit on a daily basis? I can’t think of a single one, personally. To me this is clearly a domain squatter’s heaven. I was simply pointing that out since I hadn’t heard of the .to domain until that day. However, it wasn’t exactly like I was spamming it with requests - you saw yourself it was only a half dozen and it was blocked. Yes, I know there are others, which is why I said, “yet another spammy TLD”. I just hadn’t written this up before.
August 7th, 2007 at 6:06 am
You can not compare my daily internet consumption with someone else as I surf the net on a “wider range” * .. Therfor: yeah I have some .to sites I visit daily, that have nothing to do with spam.
A Domainspammer will be kicked there faster than he can send spam (which is even a very aggressive policy!), therefor top spammer domains ARE hk/cn/com/tr/etc.
Funny thing: I just saw, your domain is “protected” via “domainsbyproxy.com” (or something similar)..
- why not a .to domain?
- are u a spammer?
- why should your data be kept “safe” but others not? (e.g. they will be “titled” as spammer by you)
That your whois queries got blocked that fast seems a little unusual to me, too. But take into consideration, that you are most likely using a dynamic IP, and maybe their server just went down? It’s internet, many things can happen.. must not always be a bad (+ paranoid) sign..
* + I am an europeean.. we use more TLDs than americans, that seem to only know TLDs like .com/.net/.org - every other TLD they don’t know is their enemy
August 7th, 2007 at 8:50 am
If I were a spammer I wouldn’t be using my own domain. You must be kidding of course, as the whole point of this site it to show how web applications can be secured. Domain proxying is one way to obfuscate owner contacts so they can’t be used in other attacks. It has nothing to do with spam.
The rest of your points I agree with, although it definitely didn’t go down. I tried from a number of different IP addresses and it had the same effect. It’s not paranoia - it’s thorough testing.