alert Stolen Names

[jberryhill]

The following names have been stolen from Name.com and moved to Namecheap:

AAO .com PL .com W3 .com LAS. com TKM .com HKE .com HHT .com WBN .com KVL .com IJA .com LVL .com

 

[alcy]

makes one wonder what well known domainer does on 2nd rate registrar name.com

 

[bhartzer]

John, can you share the name of this hosting company? NP members may also have accounts with that company, so the information is important... to change passwords etc. at least...

Just take one of the names in that list and look up the DNS history (I like to use DNS Trails for that). You'll easily be able to see where they were hosted, and what DNS changes occurred when.

 

[tonyk2000]

Just take one of the names in that list and look up the DNS history (I like to use DNS Trails for that). You'll easily be able to see where they were hosted, and what DNS changes occurred when.

Yeah. Posting the name in clear text may not be good idea, as there is no definite proof. Maybe somehow еnc\r/ypting it to avoid search engines... I see one (large and known) hosting company. I also see that the domain Gregg used for public whois email (and possibly for general contacts), which is not in the list of stolen domains but is also namechep-regged at this time, - it used another, lets say, e-mail service. Not from the hosting company where stolen 3L coms were hosted. And that last finding is, actually, alarming - I do not like what I found...

 

[Bob Hawkes]

Thanks for the heads-up @jberryhill, and all of the useful information @jberryhill and @bhartzer. I learned a number of useful tips from this thread.

So I checked a few from the list on Namecheap Whois and they are showing the DNS at Name nameservers but name registered at Namecheap. They have Client Hold, which I take it means that they can't be used or moved until the situation is resolved, so hopefully the ending will be happy on this one.

Is there an automated list that goes to the marketplaces when claims are made that a name has been stolen so that any for sale listings can be put on hold?

I see at least one of the names goes to a Chinese lander, but with message it does not have the appropriate Chinese authorization certificate.

-Bob

 

[jberryhill]

Is there an automated list that goes to the marketplaces when claims are made that a name has been stolen so that any for sale listings can be put on hold?

Wouldn't that be great. I did put the word out with some of the folks I know in the Chinese domain name investment community to spread the word there.

 

[bhartzer]

Is there an automated list that goes to the marketplaces when claims are made that a name has been stolen so that any for sale listings can be put on hold?

That was one of the things I was working on (keeping a list of stolen domains) through DNProtect.
It seems as though it would be something that is useful, and although the marketplaces would need to express interest in getting that list.

The other 'problem' is that on the majority of stolen domain cases that I've worked on, the owner of the domain does NOT want anyone to know that their domain name was stolen, even though I recovered the domain name for them. So there is a potential liability issue (and domain owners don't want people to know their domain was stolen).

So while publicizing such a list (of stolen domain names) sounds like a good idea, I think it's actually rare that a domain owner wants people to know that their domains or domain name was stolen.

 

[Bob Hawkes]

So while publicizing such a list (of stolen domain names) sounds like a good idea, I think it's actually rare that a domain owner wants people to know that their domains or domain name was stolen.

Good points. Thank you.

I wonder if there would be a less public way that might work even better. Would it be possible to have a registrar place a TXT code on a domain name that had been claimed to be stolen – not something obvious. The marketplaces could then daily check their names looking for this TXT code. If found the name could be put into a holding pattern, and periodically check again. Someone buying a name privately could similarly check. Of course would only work if registrars agreed, or were told by ICANN, to implement it, and if all marketplaces checked their stock daily.

I realize the Hold status sort of achieves the same thing, so perhaps nothing new is needed (except all marketplaces checking).

-Bob

 

[bhartzer]

Good points. Thank you.

I wonder if there would be a less public way that might work even better. Would it be possible to have a registrar place a TXT code on a domain name that had been claimed to be stolen – not something obvious. The marketplaces could then daily check their names looking for this TXT code. If found the name could be put into a holding pattern, and periodically check again. Someone buying a name privately could similarly check. Of course would only work if registrars agreed, or were told by ICANN, to implement it, and if all marketplaces checked their stock daily.

I realize the Hold status sort of achieves the same thing, so perhaps nothing new is needed (except all marketplaces checking).

-Bob

I get where you're going with this, but anyone who has access to the domain can just edit the DNS and remove that TXT record. So probably wouldn't work.
Keep in mind that a lot of domains that are stolen actually end up staying at the same registrar. For example, a domain owner gives their 'web designer' access to their registrar account, and the web designer moves the domain to their account at the registrar, stealing the domain. A lot of stolen domains are issues that the registrar should deal with.

 

[Tatiana_B]

By the way, in 2014, the name.com did the same as this year. Then people who had documents issued on the Crimean peninsula in Ukraine were injured. which was squeezed out by Russia. I think clearly how safe they are.

is it possible to somehow return my domains or compensation?

I am a citizen of Ukraine and my house was occupied but I left Mariupol and am in the Dnipropetrovsk region

 

[Bob Hawkes]

Thanks for reply @bhartzer

I get where you're going with this, but anyone who has access to the domain can just edit the DNS and remove that TXT record. So probably wouldn't work.

I guess I had assumed, perhaps erroneously, that when they get a report that a domain name is alleged to be stolen the registrar locks it against transfer or changes, including TXT file or DNS changes, but I guess that is not the case with most registrars? If true not locked against TXT changes, I agree it would not work.
-Bob

 

[Mytz.com]

all good name

 

[jberryhill]

After an investigation by Namecheap and Name.com, all of the domain names have been successfully recovered and returned to the registrant.