6fe.com Stolen from my GoDaddy account

[Matrix1976]

I will update later with the details as i have to get on the phone with godaddy again for the 3rd day in a row cause nothing is really progressing it seems.

Theft occurred around 12:30PM Nov. 12th.

 

[gina ferrano]

Wow hope you get this resolved. Keep us updated!

 

[biggie]

some others were stolen from a member @DNF and transferred to ename

seems yours are already @ ename:

Raw Registrar Data
Domain Name: 6fe.com
Registry Domain ID:
Registrar WHOIS Server: whois.ename.com
Registrar URL: http://www.ename.net
Updated Date: 2014-11-14 17:12:01
Creation Date: 2005-02-21 19:18:26
Registrar Registration Expiration Date: 2018-02-21 19:18:26
Registrar: eName Technology Co.,Ltd.
Registrar IANA ID: 1331
Registrar Abuse Contact Email:

@ename.com
Registrar Abuse Contact Phone: +86.4000044400
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: LiDongFeng
Registrant Organization: Li DongFeng
Registrant Street: Yi Wu Shi Huang Yuan Lu 54 Hao
Registrant City: jin hua shi
Registrant State/Province: zhe jiang
Registrant Postal Code: 322099
Registrant Country: CN
Registrant Phone: +86.057985229770
Registrant Phone Ext:
Registrant Fax: +86.057985229770
Registrant Fax Ext:
Registrant Email:

@lidongfeng.com
Registry Admin ID:
Admin Name: LiDongFeng
Admin Organization: Li DongFeng
Admin Street: Yi Wu Shi Huang Yuan Lu 54 Hao
Admin City: jin hua shi
Admin State/Province: zhe jiang
Admin Postal Code: 322099
Admin Country: CN
Admin Phone: +86.057985229770
Admin Phone Ext:
Admin Fax: +86.057985229770
Admin Fax Ext:
Admin Email:

@lidongfeng.com
Registry Tech ID:
Tech Name: LiDongFeng
Tech Organization: Li DongFeng
Tech Street: Yi Wu Shi Huang Yuan Lu 54 Hao
Tech City: jin hua shi
Tech State/Province: zhe jiang
Tech Postal Code: 322099
Tech Country: CN
Tech Phone: +86.057985229770
Tech Phone Ext:
Tech Fax: +86.057985229770
Tech Fax Ext:
Tech Email:

@lidongfeng.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2014-11-14 17:12:01 <<<

Information Updated: Fri, 14 Nov 2014 21:23:40 UTC


starting to look like "inside" job or very cunning back doe man

Hope you recover the name

 

[Matrix1976]

some others were stolen from a member @DNF and transferred to ename

seems yours are already @ ename:

I will supply the timeline by tonight if time allows, but yes the domain has been at ename since yesterday (and put on a 24h auction - sold at 1700Y earlier today). It was transferred out to ename AFTER i reported to godaddy that my domain was stolen and pushed to another godaddy account. The registrant email was changed 3 times in less than 48hours, which i was assured wasn't possible, but here we are. more later...

http://www.ename.com/auction/domain/37713790

 

[Matrix1976]

I've put up a 10 minute website to better illustrate what happened, i've got little info on there now, but i'll try to update asap, hopefully tomorrow. The link is in my signature. Regards, Jason

 

[Matrix1976]

Posting new whois info for public record (DNS's changed today - 15th):

6fe.com registry whois
Updated 1 second ago - Refresh
Domain Name: 6FE.COM
Registrar: ENAME TECHNOLOGY CO., LTD.
Whois Server: whois.ename.com
Referral URL: http://www.ename.net
Name Server: DNS1.IIDNS.COM
Name Server: DNS2.IIDNS.COM
Name Server: DNS3.IIDNS.COM
Name Server: DNS4.IIDNS.COM
Name Server: DNS5.IIDNS.COM
Name Server: DNS6.IIDNS.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Updated Date: 15-nov-2014
Creation Date: 21-feb-2005
Expiration Date: 21-feb-2018
6fe.com registrar whois
Updated 1 second ago
Domain Name: 6fe.com
Registry Domain ID:
Registrar WHOIS Server: whois.ename.com
Registrar URL: http://www.ename.net
Updated Date: 2014-11-14 17:12:01
Creation Date: 2005-02-21 19:18:26
Registrar Registration Expiration Date: 2018-02-21 19:18:26
Registrar: eName Technology Co.,Ltd.
Registrar IANA ID: 1331
Registrar Abuse Contact Email:

@ename.com
Registrar Abuse Contact Phone: +86.4000044400
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: LiDongFeng
Registrant Organization: Li DongFeng
Registrant Street: Yi Wu Shi Huang Yuan Lu 54 Hao
Registrant City: jin hua shi
Registrant State/Province: zhe jiang
Registrant Postal Code: 322099
Registrant Country: CN
Registrant Phone: +86.057985229770
Registrant Phone Ext:
Registrant Fax: +86.057985229770
Registrant Fax Ext:
Registrant Email:

@lidongfeng.com
Registry Admin ID:
Admin Name: LiDongFeng
Admin Organization: Li DongFeng
Admin Street: Yi Wu Shi Huang Yuan Lu 54 Hao
Admin City: jin hua shi
Admin State/Province: zhe jiang
Admin Postal Code: 322099
Admin Country: CN
Admin Phone: +86.057985229770
Admin Phone Ext:
Admin Fax: +86.057985229770
Admin Fax Ext:
Admin Email:

@lidongfeng.com
Registry Tech ID:
Tech Name: LiDongFeng
Tech Organization: Li DongFeng
Tech Street: Yi Wu Shi Huang Yuan Lu 54 Hao
Tech City: jin hua shi
Tech State/Province: zhe jiang
Tech Postal Code: 322099
Tech Country: CN
Tech Phone: +86.057985229770
Tech Phone Ext:
Tech Fax: +86.057985229770
Tech Fax Ext:
Tech Email:

@lidongfeng.com
Name Server: dns1.iidns.com
Name Server: dns2.iidns.com
Name Server: dns3.iidns.com
Name Server: dns4.iidns.com
Name Server: dns5.iidns.com
Name Server: dns6.iidns.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2014-11-14 17:12:01 <<<

 

[frostify]

I really hope you are able to recover the domain, that's a nice 3 character .com! Have you contacted any authorities yet? This is obviously very illegal to steal something and then resell it for profit. Hope they catch the person responsible!

 

[gina ferrano]

If you do a search on google: "domain name stolen", there are sadly too many examples of this occurring. Somehow the culprit made a fake transfer authorization communication to GD via your admin email. It's possible they have your password? A reminder to change our PW's to something hackers won't be able to crack. Since numbers are so popular with folks in China, it does seem numerical domains are the target as of late. So anyone with such domains, please take heed.

Once it changes hands several times it gets very complicated. I am so sorry this happened Matrix...I hope you're able to retrieve it.

A search shows info on the owner of lidongfeng.com on 12/13
Contact Email: [email protected]
Registrant Name: DongFeng Li
City: NanChangShi
State: JiangXiSheng
Postal Code: 330001

163.com https://www.facebook.com/pages/163com/295475408394

 

[Matrix1976]

I really hope you are able to recover the domain, that's a nice 3 character .com! Have you contacted any authorities yet? This is obviously very illegal to steal something and then resell it for profit. Hope they catch the person responsible!

Thanks for the encouragement. I haven't contacted the authorities, i don't think they could help in this matter unfortunately.

 

[Matrix1976]

If you do a search on google: "domain name stolen", there are sadly too many examples of this occurring. Somehow the culprit made a fake transfer authorization communication to GD via your admin email. It's possible they have your password? A reminder to change our PW's to something hackers won't be able to crack. Since numbers are so popular with folks in China, it does seem numerical domains are the target as of late. So anyone with such domains, please take heed.

Once it changes hands several times it gets very complicated. I am so sorry this happened Matrix...I hope you're able to retrieve it.

A search shows info on the owner of lidongfeng.com on 12/13
Contact Email: [email protected]
Registrant Name: DongFeng Li
City: NanChangShi
State: JiangXiSheng
Postal Code: 330001

163.com https://www.facebook.com/pages/163com/295475408394

Thanks for the facebook link, i had emailed him, but didn't have time to do much searching for more intel, so it's appreciated

It does appear like the thief had gotten access to my email password, which is odd because it wasn't an easy password and the letters were random (NNLLLLLL) and not one that was being used for other things.

I believe these guys are using brute force randomly till they get a hit (judging by the dozens of attempts from various countries in the hotmail logs). I have taking additional measures like a two tier authentication to be able to log into my email from now on (a code is sent to my phone or one of my other emails for me to be able to get in). In addition to updating my antispyware, antiviruses and other tools, I have also spent several hours looking through my computer files manually to make sure there was no key logger, which doesn't appear to be the case fortunately.

''Once it changes hands several times it gets very complicated''

Agreed, which is why i am stunned that the registrant email was changed 3 times in less than 48hours...more on this later....

Thanks for the encouragement Gina

 

[gina ferrano]

Since it changed hands three times in 48 hours, it may suggest a network of cyber thieves in cahoots with one another? Seems highly suspect. It's good you're taking extra precautions now!

 

[Matrix1976]

Since it changed hands three times in 48 hours, it may suggest a network of cyber thieves in cahoots with one another?

That's what i'm thinking too, maybe even a registrar implicated, i dunno...

 

[gina ferrano]

That's what i'm thinking too, maybe even a registrar implicated, i dunno...

I think the registrars are culpable in some way. If all registrars must follow the the Uniform Domain-Name Dispute-Resolution Policy, then some are all should be held accountable. There can't be this kind of lawlessness run amok.

 

[Kate]

The registrars often are not interested in helping in difficult cases like that.
If you are victim of theft it's like you are no longer their client.

Dealing with UDRPs, subpoenas, theft or all sorts of legal claims cannot be automated. It requires human intervention. Since domain registration is a low-margin, volume business the registrars want to avoid labor-intensive duties at all costs.

You never really know your friends and partners until you've been in times of hardship.

 

[Matrix1976]

Related article on domaingang : http://domaingang.com/domain-news/chinese-hackers-steal-domains-godaddy-account/


This link from the previous article is not reassuring for anyone :

http://domaingang.com/domain-news/a...w4f-com-stolen-moved-chinese-registrar-ename/

WTF....

 

[Matrix1976]

The domaingang article made me look at my hotmail signin logs again because there was something in there that had been bothering me.

There is no successful login of someone other than me in the email account on Nov. 12th or the days prior (which is why i was afraid of a key logger initially)...so if there is no email security breach, that could mean that despite me being very very cautious, a phishing attempt somehow got passed me...it's not a certainty, but it reinforces that possibility...

(or someone with little fingers used my off limits computer...) hmm...
Probably not, but i better add more security there too JIC..sigh

 

[Matrix1976]

I have updated the timeline up until the point i decided it was time to post on Namepros. No offense to Adam, i will post 'there' soon too.

 

[Matrix1976]

This is not looking good...i will update soon

 

[Matrix1976]

The hammer has fallen.

From Godaddy :

''We advised Ename that you, the registrant, had reported the transfer as unauthorized and that’s what our investigation confirmed. Regrettably they did not consent to returning the domain name based on those grounds.''

Details : domainersunited.com

 

[911waverly911]

I googled "chinese hackers steal domains" and found a posting on ycombinator.com news part. I came across resources.infosecinstitute.com/domain-theft-stolen-domain/ that could be helpful . I hope you can get the name back and that this frustration is only temporary.

After reading your post, I switched over to the two tier authentication system at godaddy.

 

[Matrix1976]

I googled "chinese hackers steal domains" and found a posting on ycombinator.com news part. I came across resources.infosecinstitute.com/domain-theft-stolen-domain/ that could be helpful . I hope you can get the name back and that this frustration is only temporary.

After reading your post, I switched over to the two tier authentication system at godaddy.

I am Glad to hear that, knowing what i know now (how vulnerable our domains really are), IMO, everyone should be on the two tier authentication by default. Unfortunately this REAL added security is only offered for Godaddy customers in the USA for the time being and can not be done with a normal land line or secondary email address, it can only be done using a smart phone (or flip phone that takes texts). (they told me about the country limitations AFTER i went out and bought a smart phone...sigh...i'm in Canada, right by the US border...)

I asked for them to do an exception so i can finally sleep well for the 1st time in 2 weeks knowing that i won't have lost 1000 domains by morning...I am waiting to hear back. If i can't get the 2 tier Auth, i have 3 choices for peace of mind ;

1. Add some special business privacy at 15$ PER domain per year (i would also lose all the sales i get through the whois...+/- 50%)

2. Move my Goddady domains to a safer registrar at an immediate cost of about 10,000$ + many many hours of work.

3. Liquidate my portfolio

Obviously none of these 3 options are interesting so i'm really hoping for a way around the 2 tier country limitations ASAP.

Thank you for the links, i will read them carefully.

 

[baseballworld]

WTF this is BS. Let a company cry that you have a word from there company in your domains name and man they get right on that crap and give it to them no issues. Let someone get robbed and it's like no one gives a crap. how much proof does someone need to see that things are fishy here. How can there not be any legal way to resolve this issue?

 

[Matrix1976]

Good news
It took 3 months, but as of Feb. 9th, the domain is back in my account.
I will update thread and website with details at a later date

 

[frostify]

Congrats, glad it all worked out for you!

 

[baseballworld]

Good news
It took 3 months, but as of Feb. 9th, the domain is back in my account.
I will update thread and website with details at a later date

About time looks like a win finally for someone. Glad you got your domain name back.