NameSilo

Stolen Four Letter Names

Labeled as alert in Warnings and Alerts started by jberryhill, Mar 19, 2018.

Replies:
75
Views:
7,759

  1. jberryhill

    jberryhill Top Member John Berryhill, Ph.d., Esq. VIP ★★★★★★★★★★

    Posts:
    1,853
    Likes Received:
    2,114
    The following names were stolen from a GoDaddy customer:

    wumz.com
    fexz.com
    cclw.com
    yded.com
    clcy.com
    kdtx.com
    wohp.com
    ubve.com

    The names interactivebrain.com and cloneclothing.com appear also to have followed similar unauthorized transfer patterns.

    The same person attempted a theft of qauf.com, but the intended victim caught the transfer email in time to stop it.
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. BrandMart

    BrandMart DomainBugle.com VIP

    Posts:
    1,623
    Likes Received:
    1,481
    How can a stranger get access to GoDaddy accounts and steal domains? I wonder what's missing here :unsure:
     
  3. creataweb

    creataweb Top Member VIP ★★★★★★★★★★

    Posts:
    5,317
    Likes Received:
    6,102
    Hacking their account...
     
  4. BrandMart

    BrandMart DomainBugle.com VIP

    Posts:
    1,623
    Likes Received:
    1,481
    General idea. But don't they need access to the registered email id to get the password reset emails so the account can be accessed?
     
  5. Adamantium

    Adamantium Established Member

    Posts:
    42
    Likes Received:
    8
    Surely the original user can just get the domains back?
     
  6. jberryhill

    jberryhill Top Member John Berryhill, Ph.d., Esq. VIP ★★★★★★★★★★

    Posts:
    1,853
    Likes Received:
    2,114
    Yes. And things like infrequently-monitored email accounts or legacy accounts from providers like earthlink.net are prime pickings.

    Another attack vector is to hope to lose the transfer and account recovery emails in a wave of spam.
     
  7. dotbay

    dotbay BrandChimp.com VIP

    Posts:
    3,430
    Likes Received:
    2,347
  8. jberryhill

    jberryhill Top Member John Berryhill, Ph.d., Esq. VIP ★★★★★★★★★★

    Posts:
    1,853
    Likes Received:
    2,114
    That's often easier said that done. If someone compromises your email and gets access to your domain registrar account, then the next step is to move the domain names to another registrar, change the registrant, and then launder the domain names through such mechanisms as selling them cheaply to an unsuspecting purchaser.

    To unwind these things where there have been intervening registrar transfers requires a considerable amount of cooperation among the registrars through which stolen names have been transferred.
     
  9. BrandMart

    BrandMart DomainBugle.com VIP

    Posts:
    1,623
    Likes Received:
    1,481
    I am pretty amazed that owners of 4l.coms don't bother to have a regularly monitered and more secure email id and 2FA activated.
     
  10. DNWon

    DNWon eCommerce Branding Specialist VIP

    Posts:
    1,848
    Likes Received:
    6,338
    Everybody do yourself a favor and change your Whois associated email addresses password right now!

    Go ahead I'll wait!
     
  11. winst

    winst Established Member ★★★★★★★★★★

    Posts:
    238
    Likes Received:
    177
    Just saw a news report the other day that there has been an up-tick of email hacks. This time, the hackers are more sophisticated, they waited for the right moment to strike.

    The example on the news was a home buyer was send a fake change of bank wiring instruction during the closing. The deposit was wired to the hacker's account, the buyer lost $50,000.

    Here are some my suggestions:

    Do not re-use passwords. Ideally use different passwords for each website.
    Do not click on that suspicious link in email! Check it first
    Use Multi-Factor Authentication, such as Google Authenticator.
    Use different email address for your whois record from your account email.
     
  12. Bob Hawkes

    Bob Hawkes formerly MetBob NameTalent VIP

    Posts:
    2,081
    Likes Received:
    3,881
    I notice that the last of these is currently listed for sale at BrandBucket. I would have thought they would take it down until ownership clarified?
     
  13. MapleDots

    MapleDots Domain Properties 2010 - 2018 VIP

    Posts:
    3,821
    Likes Received:
    7,494
    My piece of advice is to use a business email address in for whois as in

    [email protected]

    This way the person doing the hacking does not know who your email carrier is.
    It's harder to hack a gmail account when you're using outlook :xf.laugh:

    Most business email will use a carrier like google apps etc but like I said.... make it as hard as possible.

    I use 2-factor with godaddy and 2-factor with my email and I monitor both every day for activity.
     
  14. lotk

    lotk Upgraded Member Blue Account VIP ★★★★★★★★★★

    Posts:
    777
    Likes Received:
    379
    I bought ubve.com and wohp.com back in December 2017 from @AlejandroGarcia and then flipped them.
    @AlejandroGarcia - where did you purchase ubve and wohp from?
     
  15. alcy

    alcy Active Member VIP

    Posts:
    14,980
    Likes Received:
    21,876
    i am far from an expert on internet networking and such, but each time I login to certain sites.. I think google email is particularly sensitive to this... and my internet modem has different ip address.. due to netowkr reset or my own poweroff.. google asks me for extra authorizations..

    why wouldn't registrars implement such a thing? of course it wouldn't be bulletproof, but in the very least when the ip address is different.. or in very least it does not correspond to account owners country/city/province, then this would trigger some alerts.. verifications.. again, this wouldn't be bulletproof.. but at this point, any extra triggers and info can be potentially life saving for the true owner of account
     
    Last edited: Mar 19, 2018
  16. Ace3coiner

    Ace3coiner DubaiLodge.com; neoprene.org; pruh.org; gazy.org; VIP

    Posts:
    1,665
    Likes Received:
    1,952
    Thanks for coming forward. Let’s help trace things back and hopefully we’ll get to the bottom of the hacks.
     
  17. jberryhill

    jberryhill Top Member John Berryhill, Ph.d., Esq. VIP ★★★★★★★★★★

    Posts:
    1,853
    Likes Received:
    2,114
    If you get answers to those questions, let me know.

    Uniregistry is also looking for some answers from him.
     
  18. wwwweb

    wwwweb Top Member VIP

    Posts:
    8,306
    Likes Received:
    6,430
    This is bad news for the people who get stuck holding these hot potatoes. Another CQD scenario.

    Those 4L's, look like they already had like 3-4 different owners. That is the life of low level 4L's, they just get whored from one domainer to another, hoping a little lipstick will attract the right buyer.
     
    Last edited: Mar 20, 2018
  19. StuntPope

    StuntPope New Member ★★★★★★★★★★

    Posts:
    7
    Likes Received:
    6
    I typically don't self-promote but this is a topic close to me, but at easyDNS not only can you enable 2FA, you can implement a variety of ACLs and even limit by country code, so you could say any logins from outside your home country would trigger additional 2FA. I'm not aware of any other registrar that offers this.
     
  20. marijuanadomain

    marijuanadomain Established Member

    Posts:
    42
    Likes Received:
    20
    My 4 L domains got stolen too from this gal in China and I am still in contact with her. She stole my Bullsh*tWebsites. com too and I told her go ahead and build the site . She later realized that I can traced her and have my people in her city on her.
    She later transferred the bullsh*twebsites.com to me but she is trying to blackmail me by giving her my gxnx.com and and she will transfer the rest.
    She knows that she can’t sell the stolen domains and she is stuck paying the renewal fees.

    ************************
    These are the email addresses she use
    <[email protected]>,
    <[email protected]>

    **************************************************************
    JKEB.COM–stolen
    JUJG.COM–stolen
    SKQK.COM–stolen
    WHUJ.COM–stolen
    ZKWI.COM –stolen
    ZVKV.COM–stolen
     
    Last edited: Mar 20, 2018
  21. marijuanadomain

    marijuanadomain Established Member

    Posts:
    42
    Likes Received:
    20
    [​IMG]
    Warning: Stolen domain.

    Bullsh*tWebsites.com, the domain of investor Chris Goh, has been stolen.

    The active domainer who often comments on blogs using the “BullS” moniker, contacted us about this unfortunate situation.

    “… found out that someone from China stole my Bullsh*tWebsites.com doman plus some of my 4l at hostgator account.

    Working with hostgator to get them back.”

    It appears that the Chinese domain thief targeted the LLLL .com domains in Chris Goh’s account.

    The web site Bullsh*tWebsites.com is active, but the WHOIS information was changed a week ago to the following:

    Registrant Name: YU shi bao
    Registrant Organization: None
    Registrant Street: 685 66th ch TJ
    Registrant City: tianjin
    Registrant State/Province: WA
    Registrant Postal Code: 100200
    Registrant Country: CN
    Registrant Phone: +86.18277136521
    Registrant Phone Ext:
    Registrant Fax:
    Registrant Fax Ext:
    Registrant Email: [email protected]

    The following domains from Chris’s account has also been stolen, although the thief has not changed the WHOIS info, according to Chris:

    ihyh.com
    jkeb.com
    jujg.com
    skqk.com
    vhvk.com
    vwuj.com
    whuj.com
    zdwg.com
    zkwi.com
    zkwi.com
    zvkv.com

    Copyright DomainGang.com: http://domaingang.com/domain-crime/alert-bullsh*twebsites-com-has-been-stolen/
     
  22. LucidDomains

    LucidDomains LucidDomains.com VIP

    Posts:
    2,932
    Likes Received:
    6,394
    Create a new thread unless you think it's the same thief.
     
  23. Vict0r

    Vict0r New Member

    Posts:
    1
    Likes Received:
    0
    Why all thief is the chinese man
     
  24. jberryhill

    jberryhill Top Member John Berryhill, Ph.d., Esq. VIP ★★★★★★★★★★

    Posts:
    1,853
    Likes Received:
    2,114
    In the case of this thread, the domain names appear to have been stolen by a person in Mexico.
     
  25. wwwweb

    wwwweb Top Member VIP

    Posts:
    8,306
    Likes Received:
    6,430
    Are you saying @AlejandroGarcia stole these domains, and then tried to sell them off as low as $20 on namepros, I have done business with him way back on that other forum, and namepros, always found him to be an honest person. He has been a member of namepros for over a decade, really seems out of line for him, those names aren't even that good for someone to burn their reputation over them. Maybe others can weigh in also. I think you need to dig deeper, on where he got them from.
     
    Last edited: Mar 20, 2018

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!

Share This Page

Lysted
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...