brel.com and bnn.com hijacked/domain theft/stolen - namesecure.com to GoDaddy

[Jessica Kung]

Dear netizens

Sorry to trouble you but we really need some help from you. Our two domains brel.com and bnn.com was hijacked - stolen on 17 Jan 2021. We only found out on 18 Jan 2021 as our mails, web and application servers are down.

A brief history here
1. Our two domains brel.com and bnn.com were hijacked by GoDaddy on 17 Jan 2021.
2. Both domains were registered in 1995 with Network Solutions. We transferred to namesecure.com in 2015 and paid them for 9 years. namesecure.com claimed that the domain authorised user made the transfer on 17 Jan 2021 to GoDaddy. We told namesecure.com that we didn't authorise this. namesecure.com said that they cannot restore the domains for us.
3. GoDaddy chat claimed that namesecure.com is their affiliate and ignored our requests to return the domains.
4. We had submitted a complaint form to ICANN, received an email with case id but is not sure on how to proceed with them.

Finally, after our persistence on forum (29 Jan 2021) GoDaddy provided the steps for us to restore our domains.
1. namesecure.com to create a case to file a transfer dispute.
2. namesecure.com support team to review unauthorized access to your account and request to file that transfer dispute action.
3. Once namesecure.com finds the transfer was in error, or unauthorized, namesecure.com to contact GoDaddy for the return of these two domains.

(30 Jan 2021) namesecure.com finally answered "We are still working on resolving your issue and will provide you an update as soon as possible."

We have not heard from namesecure.com since then.

(30 Jan 2021) someone posted at the forum that our two domains are sale at domainholdings.com. How can we prevent this?

We posted on tweeter, GoDaddy community forum, web hosting forum for help and some kind souls had replied us to get us so far. We are really very grateful to them.

We will be very very appreciative and grateful for any help...
Many thanks and stay safe,
Jessica

 

[jberryhill]

I heard from Mark Daniel of Domain Holdings, who was alerted to this thread, but does not have an account at Namepros. Mark was recently approached by someone who claimed to be in the UK and is interested in selling BNN .com. During preliminary discussions and after seeing the questions and information posted here at Namepros, Mark asked this person about the apparent theft, and this person said they would provide Mark with proof of their acquisition of the domain name many years ago. Of course, the domain name was owned until recently by Brel Software, and Mark has not heard back from the purported seller.

Based on the information here and the lack of response from the apparently false identity used to contact Mark, Domain Holdings is not representing the seller of this domain name and has demanded that the purported owner not forward the domain name to Domain Holdings’ site.

 

[Chris Hydrick]

Any suggestion/alternatives/what to do next will be much appreciated? Thanks in advance!

At this point, and especially considering the value of the domains lost, it might just be best to pony up and hire an experienced domain lawyer such as @jberryhill.

... with respect.

 

[jberryhill]

@Joe Styler

Can you tell me why you are washing your hands of this? Unless my eyes are failing me, the alleged thief brought the names to his/her Godaddy account, as the name brel.com is currently in the possession of godaddy....same for bnn.com

hmmm...

....Basically, a car was alleged to have been stolen. And, now, it is parked in your garage.

The terminal registrar of a stolen name doesn't have access to any of the account information that is in the possession of the registrar where the theft took place. That's what can make these situations difficult.

Godaddy in general and @Joe Styler in particular don't have any evidence the name was stolen, other than someone saying so.

As Joe said, sometimes these things can be addressed among the registrars, but sometimes they can't. Quite often, the person who currently has the domain name simply purchased it from somewhere else. If they paid a substantial amount of money for it, they aren't simply going to throw up their hands and say, "Yah, sure, take the domain name away from me, I didn't really need the money I paid for it."

Using your car analogy... sure, someone drove into's Joe's parking lot with a car. The registration in the glove compartment matches the person who drove it into the parking lot. Now, someone else shows up and says it is their car, but the person who drove in with it says that they bought it. What do you expect the parking lot owner to do?

If Brel Software had used the name "Brel" as a mark for their services, then they can probably pursue a UDRP for that one if the registrars can't sort this one out among the appropriate personnel at the respective registrars.

 

[bhartzer]

Sorry to hear about those two domains. You should continue to work with NameSecure and escalate the issue with them if they will not respond. I would also contact Domain Holdings, as well.

You can also report the domain names stolen at DNProtect.com, as we have an alert system and a database of stolen domain names.

 

[Keith]

Careful all. Be very careful with your responses. We are watching...

 

[Chris Hydrick]

Hi @Jessica Kung -- sorry to hear about your troubles. I had looked at historical WHOIS provided by DomainIQ for domains: Brel.com and BNN.com, last August.

If you haven't discovered this already, you might want to be pointing NameSecure's ((ahh the irony of the registrars name, eh??)) security and fraud department into checking their site logs for activity in your account on or around 2018-01-18T01:11:18Z.

Both BNN.com and Brel.com had updated WHOIS dates matching up to the second, thus suggesting both domains were updated at the same time.

You might also want to share with them 2018-01-18T16:51:31Z as later other activity looks to have occurred on the same January 18th, 2018 date.

Best of luck with your journey to recovery!

Looking at historical WHOIS of domains of which WHOIS is currently connected to [email protected]...

Brel.com WHOIS email looks to have changed to [email protected] on or around
2018-01-18T01:11:18Z
Prior to changing to [email protected],
[email protected] looks to have been used for quite some time.

Current WHOIS for Brel.com shows: [email protected]
....

BNN.com WHOIS email looks to have changed to [email protected] on or around
2018-01-18T01:11:18Z
Prior to changing to [email protected],
[email protected] looks to have been used for quite some time.

 

[Joe Styler]

@Joe Styler

Can you tell me why you are washing your hands of this? Unless my eyes are failing me, the alleged thief brought the names to his/her Godaddy account, as the name brel.com is currently in the possession of godaddy....same for bnn.com

hmmm...

....Basically, a car was alleged to have been stolen. And, now, it is parked in your garage.

If your domains are stolen you need to work with your registrar, the one you paid to register the domains with not the current place that has the domains, then they contact the registrar it transferred to on your behalf. There are agreements in place with many registrars to unwind bad transfers and procedures for doing so. This is the typically the fastest, easiest, and least expensive route to recovering your domain name(s).
You can contact us directly via our legal tab and you would probably want an attorney to help you with things which is not a bad option especially if you have exhausted the first option but it is typically, longer, more complex, and more expensive to recover a domain that way. @jberryhill has already commented on the thread and he can speak to the specifics of using an attorney if he wishes.

My answer is an attempt to give the OP what I have seen in my experience to be the most expedient path forward in recovering stolen domains and to clear up any misunderstanding around the allegation that GoDaddy hijacked the domains or that we have any affiliation with the original registrar as a reseller.

 

[Acroplex]

Brel.com was compromised in order to access and steal BNN.com. It wasn't necessary to change the registrant name in order to steal the domain. In fact, most stolen domains don't have to sustain DNS or WHOIS changes; if you control the registrant account at the registrar, you control the domain.

The same thief who stole ASZ.com stole BNN.com. ASZ.com was bought by Lambo who refuses to disclose who he bought it from.

Follow the money: whoever sold ASZ.com to lambo also stole BNN.com and Brel.com.

 

[Jessica Kung]

Dear netizens
many thanks for your kind help and advice. Unfortunately, we don't have a 2nd layer of security for our account at namesecure.com. We are not related to asz.com. But namesecure.com emailed me (22 Jan 2021) that both domains were transferred to Snapnames in 2018, which they retracted that email soon after. I will contact dnprotect to follow up. We have not heard from both namesecure.com and GoDaddy today (2 Feb 2021). Stay safe, regards, Jessica

 

[Embrand]

Well, bnn.com is also for sale at DAN and NameSilo, and at Sedo the seller is listed as a new member from the United Arab Emirates.

 

[Acroplex]

So now we have 2 people here who bought valuable domains from the same thief:

• Lambo - ASZ.com
• Elyn56 - BNN.com (plus Brel.com)

But neither one is sharing who the seller was. Why is that?

Because those domains were stolen and were acquired for an amount far lower than their street value. No sale legitimizes the acquisition of a stolen asset.

 

[jberryhill]

@Elyn56

I found this in this tangled web. What significance do you see here?

domainnamewire.com/2019/09/17/man-who-paid-360k-for-81-com-says-its-stolen/

First off, the idea of a guy with a fake name and 15 posts swearing anything is true, is pretty funny.

Secondly, that case was a fraud by the plaintiff.

The whole docket is here:

https://www.courtlistener.com/docket/16206258/debizet-v-81com/

Let's take a look at the lies of Sami Debizet about 81.com.

The domain name had belonged to a Chinese registrant for a long time. The name was stolen, transferred to Sami Debizet at GoDaddy, and then the victim recovered the domain name.

Mr. Debizet then lied about having the name stolen from him (when the theft was reversed) and filed this lawsuit in Virginia.

Take a look at Mr. Debizet's ridiculous declaration, filed with the suit:

https://www.courtlistener.com/recap/gov.uscourts.vaed.453895/gov.uscourts.vaed.453895.1.1.pdf

"3. I obtained the domain name 81.com from GoDaddy on May 7, 2013 for $360,000. (See attachment 1)"

Not only was the domain name registered to someone in China for many years between 2013 and 2019 (when the suit was filed), but the attachment only shows a domain transfer order to GoDaddy for a few dollars.

Knowing that he was lying to a US court, Mr. Debizet included this ridiculous statement in his declaration:

"I declare under penalty of perjury under the laws of the Country of Dubai that the foregoing is true and correct."

What a stupid thing to put in a declaration filed with a complaint in a US court! Obviously, he knew he was lying, and thus put in a bogus verification statement pertaining to a jurisdiction other than the one in which the paper was submitted.

The surprise was on Mr. Debizet, however, since the rightful owner of the domain name showed up with top shelf litigation counsel (Morgan Lewis), and then Mr. Debizet put his tail between his legs, voluntarily dismissed the bogus lawsuit, and fled.

There is no question in my mind that Mr. Debizet is involved in the highjacking of these two names, just as he was involved in receiving the stolen 81.com domain name and then trying a cynical tactic to try to hang onto it when it was returned to the victim.

 

[jberryhill]

As a consequence of his inability to tell the truth after being caught with stolen domain names, Sami Debizet's registrar was eventually de-accredited:

https://www.icann.org/uploads/compliance_notice/attachment/1145/hedlund-to-nabil-6jan20.pdf

http://domainincite.com/24777-registrar-suspended-over-dodgy-transfers

Registrar suspended over dodgy transfers
Kevin Murphy, October 1, 2019, 12:07:44 (UTC), Domain Registrars
ICANN has suspended a Los Angeles-based registrar after failing to get answers to its questions about a bunch of domain transfer.

World Biz Domains won’t be able to sell any gTLD domains, or accept transfers, from October 16 until January 13 next year. It will also have to post ICANN’s suspension notice on its home page.

Its crime? Failing to provide ICANN with records proving that the change of registrant requests for 15 potentially valuable domain names were legitimate.

ICANN has been badgering World Biz for these records since April, but says it was given the runaround.

The domains in question — 28.net, 68.net, 88.org, changi.com, tay.net, goh.net, koh.net, kuantan.com, yeong.com, merlion.org, og.net, raffles.net, sentosa.org, sg.org and shenton.com — all appear to have been registered to a Singaporean investor using the registrar DomainDiscover until about a year ago.

----------------

Same pattern - thefts from a Singapore business - and same time frame.

Hey @Elyn56 , you wouldn't happen to know the lying thief Sami Debizet, would you?

Are you going to swear you never heard of him?

 

[NickB]

BNN.com is/was listed for sale via https://www.domainholdings.com and a $2.5 million dollar asking price.

Perhaps they can join us here for a little talk.

I sent them a message via their website saying their company has been accused of handling/dealing with a stolen domain and a link to this thread.....was a few hours ago

 

[Acroplex]

April 2018 - Shared that BNN.com was stolen and provided the connection to ASZ.com. Same thief.

 

[Acroplex]

As @Jessica Kung can attest, both domains are now in her possession and are no longer stolen.

 

[AK85]

Did you have any second layer of security? Like Google auth app? I hope it was not only a username & a password. Even sms texts can get hacked.

I hope that you get back your domains, there are very valuable indeed, at least now NP community know when we see them for sale that they are stolen.

 

[Acroplex]

Your domains were not stolen in 2021 but in 2018.

The thief was interested in BNN.com and hijacked Brel.com to get to it. Your company is also linked to ASZ.com correct?

Read this thread.

 

[AK85]

I haven't used NetSol in several years, but last I knew they didn't support 2fa. Has that changed?

As far as I know, nope. I only use them when I win a domain via namejet, to transfer them away, not a big fan.

 

[Joe Styler]

I am sorry that you had your domain names stolen. I hope you are able to get them back quickly. As stated above it is probably best to work with your registrar to help recover the domains. It looks to me like NameSecure.com is not related to GoDaddy but has a web.com relationship. I get that from the whois for the domain saying it is at web.com and the website about us page pointing to web.com and the fact that the website itself does not resemble a GoDaddy reseller. If I am mistaken and there is something I have overlooked please let me know so I can look into it.

 

[GTBAAA]

@Joe Styler

Can you tell me why you are washing your hands of this? Unless my eyes are failing me, the alleged thief brought the names to his/her Godaddy account, as the name brel.com is currently in the possession of godaddy....same for bnn.com

hmmm...

....Basically, a car was alleged to have been stolen. And, now, it is parked in your garage.

 

[GTBAAA]

@lambo.com

Really confused here. What do you have to do with this? Why do you has asz.com under your name?

Owner: Lam, Wei Ying
Company: Brel Software Pte Ltd
Geolocation: Singapore, Singapore, Singapore
Email: support at asz.com
Nameservers: ns1.xpertdns.com, ns2.xpertdns.com, ns3.xpertdns.com, ns4.xpertdns.com
Status: clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited

 

[GTBAAA]

» EMAIL support @ asz dot com


NUM DOMAIN NAME REGISTRAR CREATED UPDATED EXPIRY

1 brel dot com NameSecure L.L.C. 13 Jun 1995 18 Jan 2018 12 Jun 2025

2 bnn dot com NameSecure L.L.C. 12 Jun 1995 18 Jan 2018 11 Jun 2024

3 asz dot com GoDaddy, LLC 14 Oct 1998 24 Dec 2013 13 May 2023


@lambo - what gives with the association?

 

[lambo.com]

» EMAIL support @ asz dot com


NUM DOMAIN NAME REGISTRAR CREATED UPDATED EXPIRY

1 brel dot com NameSecure L.L.C. 13 Jun 1995 18 Jan 2018 12 Jun 2025

2 bnn dot com NameSecure L.L.C. 12 Jun 1995 18 Jan 2018 11 Jun 2024

3 asz dot com GoDaddy, LLC 14 Oct 1998 24 Dec 2013 13 May 2023


@lambo - what gives with the association?

As I already told you, I'm not offering support services and the email is bogus.

Beyond that, I don't have any knowledge on the aforementioned.